diff --git a/i18n/ar/404.md b/i18n/ar/404.md index 5cdf22013..89c966b1c 100644 --- a/i18n/ar/404.md +++ b/i18n/ar/404.md @@ -1,17 +1,19 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- -# 404 - Not Found +# 404 - غير متوفر -We couldn't find the page you were looking for! Maybe you were looking for one of these? +لم نتمكن من العثور على الصفحة التي تبحث عنها! ربما كنت تبحث عن واحد من هؤلاء؟ -- [Introduction to Threat Modeling](basics/threat-modeling.md) -- [Recommended DNS Providers](dns.md) -- [Best Desktop Web Browsers](desktop-browsers.md) +- [مقدمة إلى نمذجة التهديدات](basics/threat-modeling.md) +- [خوادِم DNS الموصى بها](dns.md) +- [أفضل متصفحات الويب للكمبيوتر](desktop-browsers.md) - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/criteria.md b/i18n/ar/about/criteria.md index 64f2e0217..3084230bd 100644 --- a/i18n/ar/about/criteria.md +++ b/i18n/ar/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/donate.md b/i18n/ar/about/donate.md index f6dc68bdf..a1deb3e0a 100644 --- a/i18n/ar/about/donate.md +++ b/i18n/ar/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/index.md b/i18n/ar/about/index.md index cee6eb998..619406fee 100644 --- a/i18n/ar/about/index.md +++ b/i18n/ar/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/notices.md b/i18n/ar/about/notices.md index 4b5b75269..bb32edd50 100644 --- a/i18n/ar/about/notices.md +++ b/i18n/ar/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/privacy-policy.md b/i18n/ar/about/privacy-policy.md index 131bed6b3..26c668d1a 100644 --- a/i18n/ar/about/privacy-policy.md +++ b/i18n/ar/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/privacytools.md b/i18n/ar/about/privacytools.md index 8f230029e..515c21f59 100644 --- a/i18n/ar/about/privacytools.md +++ b/i18n/ar/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/services.md b/i18n/ar/about/services.md index 837c1fa4d..71f2c95b7 100644 --- a/i18n/ar/about/services.md +++ b/i18n/ar/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/statistics.md b/i18n/ar/about/statistics.md index 07e29af84..8f17240c3 100644 --- a/i18n/ar/about/statistics.md +++ b/i18n/ar/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/advanced/communication-network-types.md b/i18n/ar/advanced/communication-network-types.md index 33accb6ec..1f07a2c4c 100644 --- a/i18n/ar/advanced/communication-network-types.md +++ b/i18n/ar/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/advanced/dns-overview.md b/i18n/ar/advanced/dns-overview.md index 909de2acb..b47af2809 100644 --- a/i18n/ar/advanced/dns-overview.md +++ b/i18n/ar/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/advanced/payments.md b/i18n/ar/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/ar/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/ar/advanced/tor-overview.md b/i18n/ar/advanced/tor-overview.md index 508d5e6a6..dd9d2a951 100644 --- a/i18n/ar/advanced/tor-overview.md +++ b/i18n/ar/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.ar.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/ar/android.md b/i18n/ar/android.md index 6ddd08015..3da86daae 100644 --- a/i18n/ar/android.md +++ b/i18n/ar/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/account-creation.md b/i18n/ar/basics/account-creation.md index b9428b858..afa5d429f 100644 --- a/i18n/ar/basics/account-creation.md +++ b/i18n/ar/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/account-deletion.md b/i18n/ar/basics/account-deletion.md index 05f04ceb1..2498d6045 100644 --- a/i18n/ar/basics/account-deletion.md +++ b/i18n/ar/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/common-misconceptions.md b/i18n/ar/basics/common-misconceptions.md index b79b03fae..41997417f 100644 --- a/i18n/ar/basics/common-misconceptions.md +++ b/i18n/ar/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.ar.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/ar/basics/common-threats.md b/i18n/ar/basics/common-threats.md index 752bccffb..e278c0cbf 100644 --- a/i18n/ar/basics/common-threats.md +++ b/i18n/ar/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.ar.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/ar/basics/email-security.md b/i18n/ar/basics/email-security.md index 6ec5133a8..f0c2fb579 100644 --- a/i18n/ar/basics/email-security.md +++ b/i18n/ar/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/multi-factor-authentication.md b/i18n/ar/basics/multi-factor-authentication.md index 8073f0d42..ae57848d5 100644 --- a/i18n/ar/basics/multi-factor-authentication.md +++ b/i18n/ar/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/passwords-overview.md b/i18n/ar/basics/passwords-overview.md index 528f55c8d..6858d8b5b 100644 --- a/i18n/ar/basics/passwords-overview.md +++ b/i18n/ar/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/threat-modeling.md b/i18n/ar/basics/threat-modeling.md index ac365515c..5dcd87aa8 100644 --- a/i18n/ar/basics/threat-modeling.md +++ b/i18n/ar/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "تصميم التهديات" icon: 'المادة/الحساب-المستهدف' +description: موازنة الأمان، الخصوصية، وقابلية الاستخدام تعد واحدة من أول وأصعب المهام التي ستواجهها في رحلة الخصوصية. --- موازنة الأمان، الخصوصية، وقابلية الاستخدام تعد واحدة من أول وأصعب المهام التي ستواجهها في رحلة الخصوصية. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/vpn-overview.md b/i18n/ar/basics/vpn-overview.md index ad6aaf23f..a1a007f52 100644 --- a/i18n/ar/basics/vpn-overview.md +++ b/i18n/ar/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/calendar.md b/i18n/ar/calendar.md index f612bd8fc..bbcb033ad 100644 --- a/i18n/ar/calendar.md +++ b/i18n/ar/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/cloud.md b/i18n/ar/cloud.md index 72ae0a3fb..2bcc2596f 100644 --- a/i18n/ar/cloud.md +++ b/i18n/ar/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/cryptocurrency.md b/i18n/ar/cryptocurrency.md new file mode 100644 index 000000000..ba06ba1ea --- /dev/null +++ b/i18n/ar/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/ar/data-redaction.md b/i18n/ar/data-redaction.md index 1cd1fc0c5..961594a8d 100644 --- a/i18n/ar/data-redaction.md +++ b/i18n/ar/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/desktop-browsers.md b/i18n/ar/desktop-browsers.md index 739a2e9f1..1c21c296f 100644 --- a/i18n/ar/desktop-browsers.md +++ b/i18n/ar/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.ar.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/ar/desktop.md b/i18n/ar/desktop.md index f97c1166e..2db4d1191 100644 --- a/i18n/ar/desktop.md +++ b/i18n/ar/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/dns.md b/i18n/ar/dns.md index 109f8b073..a8cc21dac 100644 --- a/i18n/ar/dns.md +++ b/i18n/ar/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.ar.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/ar/email-clients.md b/i18n/ar/email-clients.md index ba6792886..eec0e2923 100644 --- a/i18n/ar/email-clients.md +++ b/i18n/ar/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/email.md b/i18n/ar/email.md index 08cd55fb6..7ab4c31d5 100644 --- a/i18n/ar/email.md +++ b/i18n/ar/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/encryption.md b/i18n/ar/encryption.md index 92179831d..ded8533b1 100644 --- a/i18n/ar/encryption.md +++ b/i18n/ar/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/file-sharing.md b/i18n/ar/file-sharing.md index 73c7f8637..3e79d791f 100644 --- a/i18n/ar/file-sharing.md +++ b/i18n/ar/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/financial-services.md b/i18n/ar/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/ar/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/ar/frontends.md b/i18n/ar/frontends.md index ece20287c..7f245f412 100644 --- a/i18n/ar/frontends.md +++ b/i18n/ar/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/index.md b/i18n/ar/index.md index b8eee47bc..c87697e43 100644 --- a/i18n/ar/index.md +++ b/i18n/ar/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/kb-archive.md b/i18n/ar/kb-archive.md index 501543e6d..92daee33b 100644 --- a/i18n/ar/kb-archive.md +++ b/i18n/ar/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/meta/brand.md b/i18n/ar/meta/brand.md index 290942563..53cb9ac42 100644 --- a/i18n/ar/meta/brand.md +++ b/i18n/ar/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/meta/git-recommendations.md b/i18n/ar/meta/git-recommendations.md index 7a740f1f3..f59b5f81f 100644 --- a/i18n/ar/meta/git-recommendations.md +++ b/i18n/ar/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/meta/uploading-images.md b/i18n/ar/meta/uploading-images.md index e6f60e702..55f136f8a 100644 --- a/i18n/ar/meta/uploading-images.md +++ b/i18n/ar/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/meta/writing-style.md b/i18n/ar/meta/writing-style.md index 1b725ee2d..b9e47a716 100644 --- a/i18n/ar/meta/writing-style.md +++ b/i18n/ar/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/mobile-browsers.md b/i18n/ar/mobile-browsers.md index f0ff4cd22..d7adee8f3 100644 --- a/i18n/ar/mobile-browsers.md +++ b/i18n/ar/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/multi-factor-authentication.md b/i18n/ar/multi-factor-authentication.md index 62a364d84..41030fe3b 100644 --- a/i18n/ar/multi-factor-authentication.md +++ b/i18n/ar/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/news-aggregators.md b/i18n/ar/news-aggregators.md index 84a93fae0..2dad5ac09 100644 --- a/i18n/ar/news-aggregators.md +++ b/i18n/ar/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/notebooks.md b/i18n/ar/notebooks.md index 1f40aaa02..0739f6680 100644 --- a/i18n/ar/notebooks.md +++ b/i18n/ar/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/os/android-overview.md b/i18n/ar/os/android-overview.md index d1e74d51c..a78631a2a 100644 --- a/i18n/ar/os/android-overview.md +++ b/i18n/ar/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/os/linux-overview.md b/i18n/ar/os/linux-overview.md index 937ae0213..8ec2c9e78 100644 --- a/i18n/ar/os/linux-overview.md +++ b/i18n/ar/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/os/qubes-overview.md b/i18n/ar/os/qubes-overview.md index 294fa7afd..17b286b9f 100644 --- a/i18n/ar/os/qubes-overview.md +++ b/i18n/ar/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/passwords.md b/i18n/ar/passwords.md index dcfdf1853..e81f1186e 100644 --- a/i18n/ar/passwords.md +++ b/i18n/ar/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/productivity.md b/i18n/ar/productivity.md index 45a24c212..4490325da 100644 --- a/i18n/ar/productivity.md +++ b/i18n/ar/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/real-time-communication.md b/i18n/ar/real-time-communication.md index 571441340..68f9d767b 100644 --- a/i18n/ar/real-time-communication.md +++ b/i18n/ar/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/router.md b/i18n/ar/router.md index 59839379f..a494c017d 100644 --- a/i18n/ar/router.md +++ b/i18n/ar/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/search-engines.md b/i18n/ar/search-engines.md index 99df76a91..911525d7d 100644 --- a/i18n/ar/search-engines.md +++ b/i18n/ar/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/tools.md b/i18n/ar/tools.md index a2c26648c..ef945a945 100644 --- a/i18n/ar/tools.md +++ b/i18n/ar/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/tor.md b/i18n/ar/tor.md index d4df42fc7..ce93c961d 100644 --- a/i18n/ar/tor.md +++ b/i18n/ar/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/video-streaming.md b/i18n/ar/video-streaming.md index 52db5be02..8f8ebd0b8 100644 --- a/i18n/ar/video-streaming.md +++ b/i18n/ar/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/vpn.md b/i18n/ar/vpn.md index 3aae14929..6bba25466 100644 --- a/i18n/ar/vpn.md +++ b/i18n/ar/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/bn/404.md b/i18n/bn/404.md index 5e69100cf..25c1c7805 100644 --- a/i18n/bn/404.md +++ b/i18n/bn/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/criteria.md b/i18n/bn/about/criteria.md index fd7753d16..3084230bd 100644 --- a/i18n/bn/about/criteria.md +++ b/i18n/bn/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/donate.md b/i18n/bn/about/donate.md index 10975cbd3..8accd67a1 100644 --- a/i18n/bn/about/donate.md +++ b/i18n/bn/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/index.md b/i18n/bn/about/index.md index 0fdd7d653..619406fee 100644 --- a/i18n/bn/about/index.md +++ b/i18n/bn/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/notices.md b/i18n/bn/about/notices.md index bd487e69f..bb32edd50 100644 --- a/i18n/bn/about/notices.md +++ b/i18n/bn/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/privacy-policy.md b/i18n/bn/about/privacy-policy.md index 2cb20d13c..26c668d1a 100644 --- a/i18n/bn/about/privacy-policy.md +++ b/i18n/bn/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/privacytools.md b/i18n/bn/about/privacytools.md index c5bab16ef..515c21f59 100644 --- a/i18n/bn/about/privacytools.md +++ b/i18n/bn/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/services.md b/i18n/bn/about/services.md index a6f2c070f..71f2c95b7 100644 --- a/i18n/bn/about/services.md +++ b/i18n/bn/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/statistics.md b/i18n/bn/about/statistics.md index b5923edfc..8f17240c3 100644 --- a/i18n/bn/about/statistics.md +++ b/i18n/bn/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/advanced/communication-network-types.md b/i18n/bn/advanced/communication-network-types.md index d451376a0..1f07a2c4c 100644 --- a/i18n/bn/advanced/communication-network-types.md +++ b/i18n/bn/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/advanced/dns-overview.md b/i18n/bn/advanced/dns-overview.md index 55454a864..b47af2809 100644 --- a/i18n/bn/advanced/dns-overview.md +++ b/i18n/bn/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/advanced/payments.md b/i18n/bn/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/bn/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/bn/advanced/tor-overview.md b/i18n/bn/advanced/tor-overview.md index 89d7f76ed..dd9d2a951 100644 --- a/i18n/bn/advanced/tor-overview.md +++ b/i18n/bn/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.bn.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/bn/android.md b/i18n/bn/android.md index 336d59d43..445af4546 100644 --- a/i18n/bn/android.md +++ b/i18n/bn/android.md @@ -1,6 +1,7 @@ --- title: "অ্যান্ড্রয়েড" icon: 'ফন্টঅ্যাওসাম/ ব্র্যান্ড / অ্যান্ড্রয়েড' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. রেকমেন্ডেশন -- [সাধারণ অ্যান্ড্রয়েড ওভারভিউ এবং সুপারিশ :hero-arrow-circle-right-fill:](os/android-overview.md) -- [আমরা কেন GrapheneOS এর বদলে CalyxOS এর সুপারিশ করি :hero-arrow-circle-right-fill:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP এর ডেরিভেটিভস্ @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/account-creation.md b/i18n/bn/basics/account-creation.md index dfba24166..afa5d429f 100644 --- a/i18n/bn/basics/account-creation.md +++ b/i18n/bn/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/account-deletion.md b/i18n/bn/basics/account-deletion.md index 1c83935cc..2498d6045 100644 --- a/i18n/bn/basics/account-deletion.md +++ b/i18n/bn/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/common-misconceptions.md b/i18n/bn/basics/common-misconceptions.md index 2dc2b6f0f..41997417f 100644 --- a/i18n/bn/basics/common-misconceptions.md +++ b/i18n/bn/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.bn.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/bn/basics/common-threats.md b/i18n/bn/basics/common-threats.md index dd0c39891..e278c0cbf 100644 --- a/i18n/bn/basics/common-threats.md +++ b/i18n/bn/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.bn.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/bn/basics/email-security.md b/i18n/bn/basics/email-security.md index 253a3157b..f0c2fb579 100644 --- a/i18n/bn/basics/email-security.md +++ b/i18n/bn/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/multi-factor-authentication.md b/i18n/bn/basics/multi-factor-authentication.md index 86e96cadd..78659d106 100644 --- a/i18n/bn/basics/multi-factor-authentication.md +++ b/i18n/bn/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/passwords-overview.md b/i18n/bn/basics/passwords-overview.md index 08871e37b..6858d8b5b 100644 --- a/i18n/bn/basics/passwords-overview.md +++ b/i18n/bn/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/threat-modeling.md b/i18n/bn/basics/threat-modeling.md index b169f729c..72d640447 100644 --- a/i18n/bn/basics/threat-modeling.md +++ b/i18n/bn/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: প্রাইভেসি সিকিউরিটি, এবং ব্যবহারযোগ্যতা এর মধ্যে ভারসাম্য রক্ষা করা আপনার প্রাইভেসি যাত্রার সবথেকে কঠিন কাজ। --- প্রাইভেসি সিকিউরিটি, এবং ব্যবহারযোগ্যতা এর মধ্যে ভারসাম্য রক্ষা করা আপনার প্রাইভেসি যাত্রার সবথেকে কঠিন কাজ। Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/vpn-overview.md b/i18n/bn/basics/vpn-overview.md index 26a8eeac6..a1a007f52 100644 --- a/i18n/bn/basics/vpn-overview.md +++ b/i18n/bn/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/calendar.md b/i18n/bn/calendar.md index a50c72aca..bbcb033ad 100644 --- a/i18n/bn/calendar.md +++ b/i18n/bn/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/cloud.md b/i18n/bn/cloud.md index d01a476f7..2bcc2596f 100644 --- a/i18n/bn/cloud.md +++ b/i18n/bn/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/cryptocurrency.md b/i18n/bn/cryptocurrency.md new file mode 100644 index 000000000..ba06ba1ea --- /dev/null +++ b/i18n/bn/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/bn/data-redaction.md b/i18n/bn/data-redaction.md index e8eed0b50..961594a8d 100644 --- a/i18n/bn/data-redaction.md +++ b/i18n/bn/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/desktop-browsers.md b/i18n/bn/desktop-browsers.md index f7928a495..1c21c296f 100644 --- a/i18n/bn/desktop-browsers.md +++ b/i18n/bn/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.bn.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/bn/desktop.md b/i18n/bn/desktop.md index 95b7f77f7..2db4d1191 100644 --- a/i18n/bn/desktop.md +++ b/i18n/bn/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/dns.md b/i18n/bn/dns.md index 551bd52fa..7d24c2170 100644 --- a/i18n/bn/dns.md +++ b/i18n/bn/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.bn.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/bn/email-clients.md b/i18n/bn/email-clients.md index e83a7eaa3..eec0e2923 100644 --- a/i18n/bn/email-clients.md +++ b/i18n/bn/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/email.md b/i18n/bn/email.md index 808077f47..7ab4c31d5 100644 --- a/i18n/bn/email.md +++ b/i18n/bn/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/encryption.md b/i18n/bn/encryption.md index 47227a7bd..ded8533b1 100644 --- a/i18n/bn/encryption.md +++ b/i18n/bn/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/file-sharing.md b/i18n/bn/file-sharing.md index a13590e71..3e79d791f 100644 --- a/i18n/bn/file-sharing.md +++ b/i18n/bn/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/financial-services.md b/i18n/bn/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/bn/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/bn/frontends.md b/i18n/bn/frontends.md index 056d952a9..7f245f412 100644 --- a/i18n/bn/frontends.md +++ b/i18n/bn/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/index.md b/i18n/bn/index.md index 6c2023598..a78b9f63e 100644 --- a/i18n/bn/index.md +++ b/i18n/bn/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/kb-archive.md b/i18n/bn/kb-archive.md index 9151eb10c..92daee33b 100644 --- a/i18n/bn/kb-archive.md +++ b/i18n/bn/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/meta/brand.md b/i18n/bn/meta/brand.md index e2f6cc5f2..53cb9ac42 100644 --- a/i18n/bn/meta/brand.md +++ b/i18n/bn/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/meta/git-recommendations.md b/i18n/bn/meta/git-recommendations.md index 2a3f81e16..f59b5f81f 100644 --- a/i18n/bn/meta/git-recommendations.md +++ b/i18n/bn/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/meta/uploading-images.md b/i18n/bn/meta/uploading-images.md index 75d599fb2..55f136f8a 100644 --- a/i18n/bn/meta/uploading-images.md +++ b/i18n/bn/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/meta/writing-style.md b/i18n/bn/meta/writing-style.md index 50ac01821..b9e47a716 100644 --- a/i18n/bn/meta/writing-style.md +++ b/i18n/bn/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/mobile-browsers.md b/i18n/bn/mobile-browsers.md index f014aca52..768bcd15b 100644 --- a/i18n/bn/mobile-browsers.md +++ b/i18n/bn/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/multi-factor-authentication.md b/i18n/bn/multi-factor-authentication.md index 5e1c1e302..41030fe3b 100644 --- a/i18n/bn/multi-factor-authentication.md +++ b/i18n/bn/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/news-aggregators.md b/i18n/bn/news-aggregators.md index dc5f154d9..2dad5ac09 100644 --- a/i18n/bn/news-aggregators.md +++ b/i18n/bn/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/notebooks.md b/i18n/bn/notebooks.md index 1d5c6d157..0739f6680 100644 --- a/i18n/bn/notebooks.md +++ b/i18n/bn/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/os/android-overview.md b/i18n/bn/os/android-overview.md index 4cd3f7b28..4eefe3446 100644 --- a/i18n/bn/os/android-overview.md +++ b/i18n/bn/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: ফন্টঅ্যাওসাম/ ব্র্যান্ড / অ্যান্ড্রয়েড +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/os/linux-overview.md b/i18n/bn/os/linux-overview.md index 13489c528..8ec2c9e78 100644 --- a/i18n/bn/os/linux-overview.md +++ b/i18n/bn/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/os/qubes-overview.md b/i18n/bn/os/qubes-overview.md index 1ced5418d..17b286b9f 100644 --- a/i18n/bn/os/qubes-overview.md +++ b/i18n/bn/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/passwords.md b/i18n/bn/passwords.md index 8ce00e78a..e81f1186e 100644 --- a/i18n/bn/passwords.md +++ b/i18n/bn/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/productivity.md b/i18n/bn/productivity.md index 8000471af..4490325da 100644 --- a/i18n/bn/productivity.md +++ b/i18n/bn/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/real-time-communication.md b/i18n/bn/real-time-communication.md index 9c8b56d32..68f9d767b 100644 --- a/i18n/bn/real-time-communication.md +++ b/i18n/bn/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/router.md b/i18n/bn/router.md index 6b9b1b3b2..a494c017d 100644 --- a/i18n/bn/router.md +++ b/i18n/bn/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/search-engines.md b/i18n/bn/search-engines.md index cf9a37746..911525d7d 100644 --- a/i18n/bn/search-engines.md +++ b/i18n/bn/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/tools.md b/i18n/bn/tools.md index 9f6147119..ef945a945 100644 --- a/i18n/bn/tools.md +++ b/i18n/bn/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/tor.md b/i18n/bn/tor.md index e26da1758..ce93c961d 100644 --- a/i18n/bn/tor.md +++ b/i18n/bn/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/video-streaming.md b/i18n/bn/video-streaming.md index 993ccc678..8f8ebd0b8 100644 --- a/i18n/bn/video-streaming.md +++ b/i18n/bn/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/vpn.md b/i18n/bn/vpn.md index b5d2a6a17..6bba25466 100644 --- a/i18n/bn/vpn.md +++ b/i18n/bn/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/de/404.md b/i18n/de/404.md index cf586962c..a09b11b8a 100644 --- a/i18n/de/404.md +++ b/i18n/de/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Seite nicht gefunden @@ -13,5 +17,3 @@ Wir konnten die Seite, nach der du gesucht hast, nicht finden! Vielleicht hast d - [Beste VPN-Anbieter](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Unser Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/CODE_OF_CONDUCT.md b/i18n/de/CODE_OF_CONDUCT.md index 88a0e9100..c6f9e57f1 100644 --- a/i18n/de/CODE_OF_CONDUCT.md +++ b/i18n/de/CODE_OF_CONDUCT.md @@ -1,22 +1,22 @@ -# Community Code of Conduct +# Verhaltenskodex der Gemeinschaft -**We pledge** to make our community a harassment-free experience for everyone. +**Wir verpflichten uns**, unsere Gemeinschaft zu einer belästigungsfreien Erfahrung für alle zu machen. -**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others. +**Wir bemühen uns,**, ein positives Umfeld zu schaffen, indem wir eine einladende und integrative Sprache verwenden und die Standpunkte anderer respektieren. -**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment. +**Wir verbieten** unangemessenes oder anderweitig inakzeptables Verhalten, wie z. B. sexualisierte Sprache, Trolling und beleidigende Kommentare oder anderweitige Förderung von Intoleranz oder Belästigung. -## Community Standards +## Gemeinschaftsstandards -What we expect from members of our communities: +Was wir von den Mitgliedern unserer Gemeinschaften erwarten: -1. **Don't spread misinformation** +1. **Keine Fehlinformationen verbreiten** - We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. + Wir schaffen eine evidenzbasierte Bildungsgemeinschaft rund um Datenschutz und Informationssicherheit, keine Heimat für Verschwörungserzählungen. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. 1. **Don't abuse our willingness to help** - Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). + Unsere Community-Mitglieder sind kein kostenloser technischer Support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). 1. **Behave in a positive and constructive manner** @@ -38,16 +38,16 @@ The following behaviors are considered harassment and are unacceptable within ou - Publishing others' private information, such as a physical or email address, without their explicit permission - Other conduct which could reasonably be considered inappropriate in a professional setting -## Scope +## Geltungsbereich -Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities. +Unser Verhaltenskodex gilt für alle Projektbereiche und auch dann, wenn eine Person das Privacy Guides Projekt in anderen Gemeinschaften vertritt. We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion. -### Contact +### Kontakt If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system. If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`. -All community leaders are obligated to respect the privacy and security of the reporter of any incident. +Alle Verantwortlichen der Community sind verpflichtet, die Privatsphäre und die Sicherheit der Person, die einen Vorfall meldet, zu respektieren. diff --git a/i18n/de/about/criteria.md b/i18n/de/about/criteria.md index f27f1e2b8..c331aa56e 100644 --- a/i18n/de/about/criteria.md +++ b/i18n/de/about/criteria.md @@ -38,5 +38,3 @@ Wir haben diese Anforderungen an Entwickler, die eigene Projekt oder Software zu - Must state what the exact threat model is with their project. - Den potenziellen Nutzern sollte klar sein, was das Projekt bieten kann und was nicht. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/donate.md b/i18n/de/about/donate.md index 462e3730b..563b0d5a1 100644 --- a/i18n/de/about/donate.md +++ b/i18n/de/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/index.md b/i18n/de/about/index.md index 7b21da87a..07ffc87a4 100644 --- a/i18n/de/about/index.md +++ b/i18n/de/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "Über Privacy Guides" +description: Privacy Guides ist eine sozial motivierte Website, die Informationen zum Schutz der eigenen Datensicherheit und Privatsphäre bereitstellt. --- -**Privacy Guides** ist ein sozial motivierte Website, die Informationen zum Schutz deiner Datensicherheit und Privatsphäre bereitstellt. Wir sind ein gemeinnütziges Kollektiv, welches ausschließlich von freiwilligen [Teammitgliedern](https://discuss.privacyguides.net/g/team) und Mitwirkenden betrieben wird. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Unterstütze das Projekts](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** ist eine sozial motivierte Website, die [Informationen](/kb) zum Schutz der eigenen Datensicherheit und Privatsphäre bereitstellt. Wir sind ein gemeinnütziges Kollektiv, welches ausschließlich von freiwilligen [Teammitgliedern](https://discuss.privacyguides.net/g/team) und Mitwirkenden betrieben wird. Unsere Website ist frei von Werbung und steht in keiner Verbindung zu den aufgeführten Anbieter*innen. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> Um [datenschutzfreundliche alternative] Apps zu finden, besuchen Sie Websites wie Good Reports und **Privacy Guides**, die datenschutzfreundliche Apps in einer Vielzahl von Kategorien auflisten, darunter auch E-Mail-Anbieter (in der Regel mit kostenpflichtigen Tarifen), die nicht von den großen Technologieunternehmen betrieben werden. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Unser Team @@ -48,16 +76,14 @@ title: "Über Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Darüber hinaus haben [viele Menschen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) Beiträge zu dem Projekt geleistet. Du kannst das auch, wir sind Open Source auf GitHub! +Darüber hinaus haben [viele Menschen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) Beiträge zu dem Projekt geleistet. Und du kannst auch, wir sind Open Source auf GitHub und nehmen Übersetzungsvorschläge auf [Crowdin](https://crowdin.com/project/privacyguides) an. -Unsere Teammitglieder überprüfen alle Änderungen, die an der Website vorgenommen werden, und kümmern sich um administrative Aufgaben wie Webhosting und Finanzen, allerdings profitieren sie nicht persönlich von den Beiträgen, die zu dieser Website geleistet werden. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Unsere Teammitglieder überprüfen alle Änderungen, die an der Website vorgenommen werden, und kümmern sich um administrative Aufgaben wie Webhosting und Finanzen, allerdings profitieren sie nicht persönlich von den Beiträgen, die zu dieser Website geleistet werden. Unsere Finanzdaten werden von der Open Collective Foundation 501(c)(3) unter [opencollective.com/privacyguides](https://opencollective.com/privacyguides)transparent veröffentlicht. Spenden an Privacy Guides sind in den Vereinigten Staaten generell von der Steuer absetzbar. -## Site License +## Website-Lizenz -*The following is a human-readable summary of (and not a substitute for) the [license](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):* +*Das Folgende ist eine menschenlesbare Zusammenfassung (und kein Ersatz für) der [Lizenz](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):* -:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. +:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Sofern nicht anders angegeben, werden die Originalinhalte auf dieser Website unter der [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE)zur Verfügung gestellt. Das bedeutet, dass es allen freisteht, das Material in jedem Medium oder Format für jeden Zweck, auch kommerziell, zu kopieren und weiterzugeben, solange `Privacy Guides (www.privacyguides.org)` in angemessener Anerkannt und ein Link zur Lizenz angeben wird. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/notices.md b/i18n/de/about/notices.md index 6b626371f..bb32edd50 100644 --- a/i18n/de/about/notices.md +++ b/i18n/de/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/privacy-policy.md b/i18n/de/about/privacy-policy.md index 27f28742a..68fcdf5f5 100644 --- a/i18n/de/about/privacy-policy.md +++ b/i18n/de/about/privacy-policy.md @@ -1,31 +1,31 @@ --- -title: "Privacy Policy" +title: "Datenschutzerklärung" --- -Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). +Privacy Guides ist ein Gemeinschaftsprojekt, das von einer Reihe aktiver freiwilliger Mitarbeiter*innen betrieben wird. Die öffentliche Liste der Teammitglieder [kann auf GitHub](https://github.com/orgs/privacyguides/people)eingesehen werden. -## Data We Collect From Visitors +## Daten, die wir von Besuchenden sammeln -The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website: +Die Privatsphäre unserer Website-Besuchenden ist uns wichtig, daher tracken wir keine Einzel Personen. Als Besuchende unserer Website: -- No personal information is collected -- No information such as cookies are stored in the browser -- No information is shared with, sent to or sold to third-parties -- No information is shared with advertising companies -- No information is mined and harvested for personal and behavioral trends -- No information is monetized +- Werden keine persönlichen Informationen gesammelt +- Werden keine Informationen wie Cookies im Browser gespeichert +- Werden keine Informationen an Dritte weitergegeben, gesendet oder verkauft +- Werden keine Informationen an Werbefirmen weitergegeben +- Werden keine Informationen über persönliche und verhaltensbezogene Trends gesammelt oder ausgewertet +- Werden keine Informationen monetarisiert -You can view the data we collect on our [statistics](statistics.md) page. +Die von uns gesammelten Daten können auf unserer [Statistikseite](statistics.md) einsehen werden. -We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected. +Wir betreiben eine selbst gehostete Installation von [Plausible Analytics](https://plausible.io), um einige anonyme Nutzungsdaten zu statistischen Zwecken zu sammeln. Das Ziel ist es, allgemeine Trends in unserem Website-Verkehr zu verfolgen, nicht aber, einzelne Besuchende zu verfolgen. Alle Daten sind nur in aggregierter Form vorhanden. Keine persönlichen Daten werden erfasst. -Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy). +Zu den erfassten Daten gehören Verweisquellen, Top-Seiten, Besuchsdauer, Informationen über das während des Besuchs verwendete Gerät (Gerätetyp, Betriebssystem, Land und Browser) und mehr. Mehr über die Funktionsweise von Plausible und die datenschutzkonforme Erfassung von Informationen sind [hier](https://plausible.io/data-policy) zu erfahren. -## Data We Collect From Account Holders +## Daten, die wir von Kontoinhabenden sammeln -On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform. +Auf einigen Websites und Diensten, die wir anbieten, kann für viele Funktionen ein Konto erforderlich sein. So kann beispielsweise ein Konto erforderlich sein, um auf einer Forenplattform Themen zu veröffentlichen und zu beantworten. -To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site. +Um sich für die meisten Konten anzumelden, benötigen wir einen Namen, einen Benutzernamen, eine E-Mail-Adresse und ein Passwort. Falls eine Website mehr Informationen als nur diese Daten benötigt, wird dies deutlich gekennzeichnet und in einer separaten Datenschutzerklärung pro Website vermerkt. We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services. @@ -42,7 +42,7 @@ We will store your account data as long as your account remains open. After clos ## Contacting Us -The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to: +Das Team von Privacy Guides hat im Allgemeinen keinen Zugang zu personenbezogenen Daten, abgesehen von dem begrenzten Zugang, der über einige Moderationspanels gewährt wird. Inquiries regarding your personal information should be sent directly to: ```text Jonah Aragon @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/privacytools.md b/i18n/de/about/privacytools.md index 6161b3efd..515c21f59 100644 --- a/i18n/de/about/privacytools.md +++ b/i18n/de/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/services.md b/i18n/de/about/services.md index 2eeca9fea..71f2c95b7 100644 --- a/i18n/de/about/services.md +++ b/i18n/de/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/statistics.md b/i18n/de/about/statistics.md index c0ca4f918..8f17240c3 100644 --- a/i18n/de/about/statistics.md +++ b/i18n/de/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/advanced/communication-network-types.md b/i18n/de/advanced/communication-network-types.md index bdac295f8..b65ff69ff 100644 --- a/i18n/de/advanced/communication-network-types.md +++ b/i18n/de/advanced/communication-network-types.md @@ -1,11 +1,12 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. -[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} +[Empfohlene Instant Messenger](../real-time-communication.md ""){.md-button} ## Centralized Networks @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/advanced/dns-overview.md b/i18n/de/advanced/dns-overview.md index 8b85b70fc..b47af2809 100644 --- a/i18n/de/advanced/dns-overview.md +++ b/i18n/de/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/advanced/payments.md b/i18n/de/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/de/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/de/advanced/tor-overview.md b/i18n/de/advanced/tor-overview.md index cf1311b10..dd9d2a951 100644 --- a/i18n/de/advanced/tor-overview.md +++ b/i18n/de/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.de.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/de/android.md b/i18n/de/android.md index dd54ed063..3da86daae 100644 --- a/i18n/de/android.md +++ b/i18n/de/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/account-creation.md b/i18n/de/basics/account-creation.md index 7d3533473..ee329f9c6 100644 --- a/i18n/de/basics/account-creation.md +++ b/i18n/de/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Benutzerkontenerstellung" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Oft melden sich Menschen für Dienste an, ohne nachzudenken. Vielleicht ist es ein Streaming-Dienst, mit dem du die neue Serie, über die alle reden, sehen kannst, oder ein Konto, mit dem du einen Rabatt für dein Lieblingsrestaurant bekommst. In jedem Fall solltest du die Auswirkungen auf Ihre Daten jetzt und in Zukunft beachten. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/account-deletion.md b/i18n/de/basics/account-deletion.md index d8f7cca28..2498d6045 100644 --- a/i18n/de/basics/account-deletion.md +++ b/i18n/de/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/common-misconceptions.md b/i18n/de/basics/common-misconceptions.md index e7a13f6aa..41997417f 100644 --- a/i18n/de/basics/common-misconceptions.md +++ b/i18n/de/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.de.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/de/basics/common-threats.md b/i18n/de/basics/common-threats.md index 44b5add0d..e278c0cbf 100644 --- a/i18n/de/basics/common-threats.md +++ b/i18n/de/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.de.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/de/basics/email-security.md b/i18n/de/basics/email-security.md index c35848181..f0c2fb579 100644 --- a/i18n/de/basics/email-security.md +++ b/i18n/de/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/multi-factor-authentication.md b/i18n/de/basics/multi-factor-authentication.md index 5dc67b88f..ce8f95300 100644 --- a/i18n/de/basics/multi-factor-authentication.md +++ b/i18n/de/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- -title: "Multi-Factor Authentication" +title: "Multi-Faktor-Authentifizierung" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/passwords-overview.md b/i18n/de/basics/passwords-overview.md index b65268038..08574123a 100644 --- a/i18n/de/basics/passwords-overview.md +++ b/i18n/de/basics/passwords-overview.md @@ -1,19 +1,20 @@ --- -title: "Introduction to Passwords" +title: "Einführung in Passwörter" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- -Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. +Passwörter sind ein wesentlicher Bestandteil unseres täglichen digitalen Lebens. Wir nutzen sie, um unsere Konten, unsere Geräte und unsere Geheimnisse zu schützen. Obwohl sie oft das Einzige sind, was zwischen uns und Angreifenden steht, die es auf unsere privaten Daten abgesehen haben, wird nicht viel über sie nachgedacht, was oft dazu führt, dass Passwörter verwendet werden, die leicht zu erraten oder mit roher Gewalt heraus findbar sind. -## Best Practices +## Bewährte Praktiken -### Use unique passwords for every service +### Verwendung einzigartiger Kennwörter Imagine this; you sign up for an account with the same e-mail and password on multiple online services. If one of those service providers is malicious, or their service has a data breach that exposes your password in an unencrypted format, all a bad actor would have to do is try that e-mail and password combination across multiple popular services until they get a hit. It doesn't matter how strong that one password is, because they already have it. This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing), and it is one of the most common ways that your accounts can be compromised by bad actors. To avoid this, make sure that you never re-use your passwords. -### Use randomly generated passwords +### Verwendung zufällig generierter Passwörter ==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices. @@ -87,9 +88,9 @@ We recommend using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/e To sum it up, diceware passphrases are your best option when you need something that is both easy to remember *and* exceptionally strong. -## Storing Passwords +## Passwörter speichern -### Password Managers +### Passwortverwaltung The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/threat-modeling.md b/i18n/de/basics/threat-modeling.md index 0d7ff8cf1..fc1b3b411 100644 --- a/i18n/de/basics/threat-modeling.md +++ b/i18n/de/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/vpn-overview.md b/i18n/de/basics/vpn-overview.md index c4f9bce1d..a1a007f52 100644 --- a/i18n/de/basics/vpn-overview.md +++ b/i18n/de/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/calendar.md b/i18n/de/calendar.md index f050b6a0e..bbcb033ad 100644 --- a/i18n/de/calendar.md +++ b/i18n/de/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/cloud.md b/i18n/de/cloud.md index 69137bdd4..2bcc2596f 100644 --- a/i18n/de/cloud.md +++ b/i18n/de/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/cryptocurrency.md b/i18n/de/cryptocurrency.md new file mode 100644 index 000000000..ba06ba1ea --- /dev/null +++ b/i18n/de/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/de/data-redaction.md b/i18n/de/data-redaction.md index fc71e3be5..961594a8d 100644 --- a/i18n/de/data-redaction.md +++ b/i18n/de/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/desktop-browsers.md b/i18n/de/desktop-browsers.md index 7b992e5a2..1c21c296f 100644 --- a/i18n/de/desktop-browsers.md +++ b/i18n/de/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.de.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/de/desktop.md b/i18n/de/desktop.md index f32584a23..2db4d1191 100644 --- a/i18n/de/desktop.md +++ b/i18n/de/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/dns.md b/i18n/de/dns.md index 2704f0ba4..867d1fd1e 100644 --- a/i18n/de/dns.md +++ b/i18n/de/dns.md @@ -1,61 +1,60 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Verschlüsseltes DNS hilft dir nicht dabei, deine Browsing-Aktivitäten zu verbergen. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} -## Recommended Providers +## Empfohlene DNS-Anbieter -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| DNS-Anbieter | Datenschutzerklärung | Protokolle | Logging | ECS | Filter | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------ | ------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Klartext
DoH/3
DoT
DNSCrypt | Some[^1] | Nein | Nach Server Wahl. Die verwendete Filterliste findest du hier. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Klartext
DoH/3
DoT | Some[^2] | Nein | Nach Server Wahl. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Klartext
DoH/3
DoT
DoQ | Optional[^3] | Nein | Nach Server Wahl. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | Nein[^4] | Nein | Nach Server Wahl. Die verwendete Filterliste findest du hier. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Klartext
DoH/3
DoT | Optional[^5] | Optional | Nach Server Wahl. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Klartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Nach Server Wahl, Schadware wird standardmäßig blockiert. | -## Criteria +## Kriterien -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Bitte beachte, dass wir mit keinem der Projekte, die wir empfehlen, verbunden sind.** Zusätzlich zu unseren [Standardkriterien](about/criteria.md) haben wir eine Reihe klarer Anforderungen entwickelt, die es uns ermöglichen, objektive Empfehlungen zu geben. Wir empfehlen, sich mit dieser Liste vertraut zu machen, bevor sich für ein Projekt entschieden wird und eigenen Nachforschungen anzustellen, um sicherzustellen, dass es die richtige Wahl ist. !!! example "This section is new" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Wir arbeiten daran, definierte Kriterien für jeden Bereich unserer Website festzulegen, daher kann dies sich noch ändern. Bei Fragen zu unseren Kriterien, können diese [in unserem Forum] (https://discuss.privacyguides.net/latest) gestellt werden. Und gehen Sie nicht davon aus, dass wir etwas bei unseren Empfehlungen nicht berücksichtigt haben, wenn es hier nicht aufgeführt ist. Es gibt viele Faktoren, die berücksichtigt und besprochen werden, wenn wir ein Projekt empfehlen, und die Dokumentation jedes einzelnen Faktors ist ein laufender Prozess. -- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). -- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. -- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. +- Muss [DNSSEC](advanced/dns-overview.md#what-is-dnssec) unterstützen. +- [QNAME Minimierung](advanced/dns-overview.md#what-is-qname-minimization). +- Erlaubt es [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) zu deaktivieren. +- Bevorzugt [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) Unterstützung oder Geo-Steering-Unterstützung. -## Native Operating System Support +## Unterstützung durch Betriebssysteme von Haus aus ### Android -Android 9 and above support DNS over TLS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**. +Android 9 und höher unterstützen DNS über TLS. Die Einstellungen sind zu finden unter: **Einstellungen** → **Netzwerk & Internet** → **Privates DNS**. -### Apple Devices +### Apple-Geräte -The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings). +Die neuesten Versionen von iOS, iPadOS, tvOS und macOS unterstützen sowohl DoT als auch DoH. Beide Protokolle werden nativ über [Konfigurationsprofile](https://support.apple.com/de-de/guide/security/secf6fb9f053/web) oder über die [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings)unterstützt. -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +Nach der Installation eines Konfigurationsprofils oder einer Anwendung, die die DNS-Einstellungs-API verwendet, kann die DNS-Konfiguration ausgewählt werden. Wenn ein VPN aktiv ist, verwendet die DNS Auflösung innerhalb des VPN-Tunnels die DNS-Einstellungen des VPN und nicht deine systemweiten Einstellungen. -#### Signed Profiles +#### Signierte Profile -Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). +Apple bietet keine native Schnittstelle zur Erstellung von Profilen mit verschlüsseltem DNS. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) ist ein inoffizielles Tool zur Erstellung eigener Profile mit verschlüsseltem DNS, diese sind jedoch nicht signiert. Signierte Profile sind zu bevorzugen; das Signieren bestätigt die Herkunft eines Profils und trägt dazu bei, die Integrität der Profile zu gewährleisten. Signierte Konfigurationsprofile erhalten ein grünes "Verifiziert"-Label. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). !!! info - `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + `systemd-resolved`, das viele Linux-Distributionen für ihre DNS Abfragen verwenden, unterstützt noch nicht [DoH](https://github.com/systemd/systemd/issues/8639). Wenn trotzdem DoH verwendent werden soll, muss ein Proxy wie [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) installiert und [konfiguriert](https://wiki.archlinux.org/title/Dnscrypt-proxy) werden, um alle DNS-Anfragen vom System-Resolver entgegenzunehmen und sie über HTTPS weiterzuleiten. -## Encrypted DNS Proxies +## Verschlüsseltes DNS-Proxy -Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). +Verschlüsseltes DNS-Proxy-Software bietet einen lokalen Proxy, an den der [unverschlüsselte DNS](advanced/dns-overview.md#unencrypted-dns) weitergeleitet wird. Normalerweise wird es auf Plattformen verwendet, die [verschlüsseltes DNS](advanced/dns-overview.md#what-is-encrypted-dns) nicht unterstützen. ### RethinkDNS @@ -64,7 +63,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } - **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. + **RethinkDNS** ist ein Open-Source Android-Client, der [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) und DNS-Proxy unterstützt, DNS-Antworten zwischenspeichert, DNS-Anfragen lokal protokolliert und auch als Firewall verwendet werden kann. [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } @@ -97,9 +96,9 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) -## Self-hosted Solutions +## Selbstgehostete Lösungen -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. +Eine selbst gehostete DNS-Lösung ist nützlich für die Filterung auf kontrollierten Plattformen wie Smart-TVs und anderen IoT-Geräten, da keine clientseitige Software erforderlich ist. ### AdGuard Home @@ -107,9 +106,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } - **AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **AdGuard Home** ist ein Open-Source [DNS-Sinkhole](https://de.wikipedia.org/wiki/DNS-Sinkhole), das [DNS-Filterung](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) verwendet, um unerwünschte Webinhalte wie Werbung zu blockieren. - AdGuard Home features a polished web interface to view insights and manage blocked content. + AdGuard Home bietet eine ausgefeilte Weboberfläche, über die Einblicke erhalten und blockierte Inhalte verwalten werden können. [:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } @@ -122,9 +121,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } - **Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **Pi-hole** ist ein Open-Source [DNS-Sinkhole](https://de.wikipedia.org/wiki/DNS-Sinkhole), das [DNS-Filterung](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) verwendet, um unerwünschte Webinhalte wie Werbung zu blockieren. - Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. + Pi-hole ist für den Betrieb auf einem Raspberry Pi konzipiert, ist aber nicht auf diese Hardware beschränkt. The software features a friendly web interface to view insights and manage blocked content. [:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary } [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" } @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.de.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/de/email-clients.md b/i18n/de/email-clients.md index 4fe1374c9..eec0e2923 100644 --- a/i18n/de/email-clients.md +++ b/i18n/de/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/email.md b/i18n/de/email.md index 123f70a1e..7dc5562b7 100644 --- a/i18n/de/email.md +++ b/i18n/de/email.md @@ -1,23 +1,36 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- -Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. +E-Mail ist praktisch eine Notwendigkeit für die Nutzung aller Online-Dienste, wir empfehlen sie jedoch nicht für Gespräche von Mensch zu Mensch. Anstatt E-Mails für die Kontaktaufnahme mit anderen Personen zu verwenden, sollte ein Instant Messenger benutzt werden, der vorwärts gerichtete Geheimhaltung(forward secrecy) unterstützt. -[Recommended Instant Messengers](real-time-communication.md ""){.md-button} +[Empfohlene Instant Messenger](real-time-communication.md ""){.md-button} -For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +Für alles andere empfehlen wir eine Reihe von E-Mail-Anbietern, die auf nachhaltigen Geschäftsmodellen basieren und integrierten Sicherheits- und Datenschutzfunktionen bieten. -## OpenPGP Compatible Services +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +## OpenPGP-kompatible Dienste + +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Zum Beispiel können Proton Mail-Benutzende eine E2EE-Nachricht an Mailbox.org-Benutzende senden, oder sie können OpenPGP-verschlüsselte Benachrichtigungen von Internetdiensten erhalten, die dies unterstützen. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning - When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). + Bei der Verwendung von E2EE-Technologien wie OpenPGP enthalten E-Mails immer noch einige Metadaten in der Kopfzeile der E-Mail die nicht verschlüsselt sind. Mehr über [E-Mail Medadaten](basics/email-security.md#email-metadata-overview). - OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP unterstützt auch keine vorwärts gerichtete Geheimhaltung, d.h. wenn entweder der eigene private Schlüssel oder der der Empfangenden gestohlen wird, sind alle vorher damit verschlüsselten Nachrichten offengelegt. [Wie schütze ich meine privaten Schlüssel?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail @@ -25,7 +38,7 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } - **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + **Proton Mail** ist ein E-Mail-Dienst mit dem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. Sie sind seit **2013** in Betrieb. Die Proton AG hat ihren Sitz in Genève, Schweiz. Konten im kostenlosen Tarif beginnen mit 500 MB Speicherplatz. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -43,47 +56,47 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +Kostenlose Konten haben einige Einschränkungen, wie z. B. die fehlende Möglichkeit, Text zu durchsuchen, und keinen Zugang zu [Proton Mail Bridge](https://proton.me/mail/bridge), die für die Verwendung eines [empfohlenen Desktop-E-Mail-Programms](email-clients.md) (z. B. Thunderbird) erforderlich ist. Bezahlte Konten umfassen Funktionen wie Proton Mail Bridge, zusätzlichen Speicher und das Verwenden eigener Domains. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -376,11 +403,11 @@ For a more manual approach we've picked out these two articles: **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. -### Technology +### Technologie We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Encrypts email account data at rest with zero-access encryption. - Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. @@ -398,11 +425,11 @@ We regard these features as important in order to provide a safe and optimal ser - Catch-all or alias functionality for those who own their own domains. - Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. -### Privacy +### Datenschutz -We prefer our recommended providers to collect as little data as possible. +Wir ziehen es vor, dass die von uns empfohlenen Anbieter*innen so wenig Daten wie möglich sammeln. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Protect sender's IP address. Filter it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. @@ -411,13 +438,13 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) -### Security +### Sicherheit Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Protection of webmail with 2FA, such as TOTP. - Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,13 +470,13 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) -### Trust +### Vertrauen You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Public-facing leadership or ownership. @@ -462,7 +489,7 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t With the email providers we recommend we like to see responsible marketing. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. @@ -478,8 +505,6 @@ Must not have any marketing which is irresponsible: - Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. -### Additional Functionality +### Zusätzliche Funktionalitäten While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/encryption.md b/i18n/de/encryption.md index 03e5431c1..ded8533b1 100644 --- a/i18n/de/encryption.md +++ b/i18n/de/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/file-sharing.md b/i18n/de/file-sharing.md index bed93f5f3..3e79d791f 100644 --- a/i18n/de/file-sharing.md +++ b/i18n/de/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/financial-services.md b/i18n/de/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/de/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/de/frontends.md b/i18n/de/frontends.md index 9e68622bc..7f245f412 100644 --- a/i18n/de/frontends.md +++ b/i18n/de/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/index.md b/i18n/de/index.md index 1ca23af14..570c06fc2 100644 --- a/i18n/de/index.md +++ b/i18n/de/index.md @@ -7,38 +7,36 @@ hide: --- -## Why should I care? +## Warum sollte mich das interessieren? -##### “I have nothing to hide. Why should I care about my privacy?” +##### "Ich habe nichts zu verbergen. Warum sollte ich mir Sorgen um meine Privatsphäre machen?" -Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination). +Ähnlich wie das Recht auf gemischtrassige Ehen, das Frauenwahlrecht, das Recht auf freie Meinungsäußerung und viele andere wurde unser Recht auf Privatsphäre nicht immer gewährt. In einigen Diktaturen ist das immer noch der Fall. Generationen vor uns haben für unser Recht auf Privatsphäre gekämpft. ==Privatsphäre ist ein Menschenrecht, das uns allen innewohnt,== auf das wir (ohne Diskriminierung) Anspruch haben. -You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human. +Privatsphäre sollte nicht mit Geheimhaltung verwechselt werden. Wir wissen, was auf der Toilette passiert, aber machen trotzdem die Tür zu. Das liegt daran, dass wir Privatsphäre wollen, keine Geheimhaltung. **Alle** haben etwas zu schützen. Privatsphäre ist etwas, das uns menschlich macht. -[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary} +[:material-target-account: Häufige Internetbedrohungen](basics/common-threats.md ""){.md-button.md-button--primary} -## What should I do? +## Was kann ich tun? -##### First, you need to make a plan +##### Zunächst muss ein Plan erstellt werden -Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them. +Der Versuch, alle unsere Daten ständig vor allen zu schützen, ist unpraktisch, teuer und anstrengend. Aber keine Sorge! Sicherheit ist ein Prozess, und durch vorausschauendes denken, kannst du einen Plan erstellen, der für dich geeignet ist. Bei Sicherheit geht es nicht nur um die Tools, die du verwendest, oder die Software, die du herunterlädst. Vielmehr geht es darum, die einzigartigen Bedrohungen zu verstehen, mit denen du konfrontiert bist, und herauszufinden, wie diese entschärft werden können. -==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan. +== Dieser Prozess der Identifizierung von Bedrohungen und der Festlegung von Gegenmaßnahmen wird als **Bedrohungsanalyse** bezeichnet== und bildet die Grundlage für jeden guten Sicherheits- und Datenschutzplan. -[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary} +[:material-book-outline: Mehr über die Bedrohungsanalyse erfahren](basics/threat-modeling.md ""){.md-button.md-button--primary} --- -## We need you! Here's how to get involved: +## Wir brauchen dich! Hier ist, wie man sich beteiligt: -[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" } -[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" } -[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" } -[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" } -[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" } -[:material-information-outline:](about/index.md){ title="Learn more about us" } -[:material-hand-coin-outline:](about/donate.md){ title="Support the project" } +[:simple-discourse:](https://discuss.privacyguides.net/){ title="Trete unserem Forum bei" } +[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Folge uns auf Mastodon" } +[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Trage zu dieser Website bei" } +[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Hilf diese Website zu Übersetze" } +[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chatte mit uns auf Matrix" } +[:material-information-outline:](about/index.md){ title="Erfahre mehr über uns" } +[:material-hand-coin-outline:](about/donate.md){ title="Unterstütze das Projekt" } -It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.de.txt" +Es ist wichtig, dass eine Website wie Privacy Guides immer auf dem neuesten Stand bleibt. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. Es ist schwer, mit der Schnelllebigkeit des Internets Schritt zu halten, aber wir versuchen unser Bestes. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. diff --git a/i18n/de/kb-archive.md b/i18n/de/kb-archive.md index f05d9780c..92daee33b 100644 --- a/i18n/de/kb-archive.md +++ b/i18n/de/kb-archive.md @@ -1,11 +1,12 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog -Einige Seiten, die früher in unserer Wissensdatenbank waren, sind jetzt in unserem Blog zu finden: +Some pages that used to be in our knowledge base can now be found on our blog: - [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) - [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) @@ -14,5 +15,3 @@ Einige Seiten, die früher in unserer Wissensdatenbank waren, sind jetzt in unse - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/meta/brand.md b/i18n/de/meta/brand.md index 48e849002..25bb50359 100644 --- a/i18n/de/meta/brand.md +++ b/i18n/de/meta/brand.md @@ -2,7 +2,7 @@ title: Branding Guidelines --- -The name of the website is **Privacy Guides** and should **not** be changed to: +Der Name der Website lautet **Privacy Guides** und sollte **nicht** geändert werden zu:
- PrivacyGuides @@ -11,14 +11,12 @@ The name of the website is **Privacy Guides** and should **not** be changed to: - PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. +Der Name des Subreddits lautet **r/PrivacyGuides** oder **the Privacy Guides Subreddit**. -Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) +Weitere Branding-Richtlinien können unter [github.com/privacyguides/brand](https://github.com/privacyguides/brand) gefunden werden -## Trademark +## Markenzeichen -"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. +"Privacy Guides" und das Schild-Logo sind Markenzeichen von Jonah Aragon, die uneingeschränkte Nutzung wird dem Privacy Guides Projekt gewährt. -Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.de.txt" +Ohne auf seine Rechte zu verzichten, berät Privacy Guides andere nicht über den Umfang seiner geistigen Eigentumsrechte. Privacy Guides erlaubt oder genehmigt keine Verwendung seiner Markenzeichen in einer Art und Weise, die zu Verwechslungen führen kann, indem sie eine Verbindung mit oder ein Sponsoring durch Privacy Guides impliziert. Wenn Sie Kenntnis von einer solchen Nutzung haben, wenden Sie sich bitte an Jonah Aragon unter jonah@privacyguides.org. Wenden Sie sich an Ihren Rechtsbeistand, wenn Sie Fragen haben. diff --git a/i18n/de/meta/git-recommendations.md b/i18n/de/meta/git-recommendations.md index 0837d5548..b154211bd 100644 --- a/i18n/de/meta/git-recommendations.md +++ b/i18n/de/meta/git-recommendations.md @@ -1,10 +1,10 @@ --- -title: Git Recommendations +title: Git Empfehlungen --- If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. -## Enable SSH Key Commit Signing +## SSH-Schlüssel Commit-Signierung aktivieren You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/meta/uploading-images.md b/i18n/de/meta/uploading-images.md index c9edf2123..47fa880ad 100644 --- a/i18n/de/meta/uploading-images.md +++ b/i18n/de/meta/uploading-images.md @@ -1,23 +1,23 @@ --- -title: Uploading Images +title: Bilder hochladen --- -Here are a couple of general rules for contributing to Privacy Guides: +Hier sind einige allgemeine Regeln um zu Privacy Guides beizutragen: -## Images +## Bilder -- We **prefer** SVG images, but if those do not exist we can use PNG images +- Wir **bevorzugen** SVG-Bilder, aber wenn diese nicht vorhanden sind, können wir PNG-Bilder verwenden -Company logos have canvas size of: +Firmenlogos haben eine Leinwandgröße von: - 128x128px - 384x128px -## Optimization +## Optimierung ### PNG -Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image: +Verwende [OptiPNG](https://sourceforge.net/projects/optipng/) um das PNG-Bild zu optimieren: ```bash optipng -o7 file.png @@ -27,51 +27,51 @@ optipng -o7 file.png #### Inkscape -[Scour](https://github.com/scour-project/scour) all SVG images. +[Scour](https://github.com/scour-project/scour) alle SVG-Bilder. In Inkscape: -1. File Save As.. -2. Set type to Optimized SVG (*.svg) +1. Speichern unter... +2. Dateityp auf "Optimiertes SVG (*.svg)" setzen -In the **Options** tab: +In der **Optionen** Registerkarte: -- **Number of significant digits for coordinates** > **5** -- [x] Turn on **Shorten color values** -- [x] Turn on **Convert CSS attributes to XML attributes** -- [x] Turn on **Collapse groups** -- [x] Turn on **Create groups for similar attributes** -- [ ] Turn off **Keep editor data** -- [ ] Turn off **Keep unreferenced definitions** -- [x] Turn on **Work around renderer bugs** +- **Anzahl der signifikaten Stellen für Koordinaten** > **5** +- [x] Einschalten **Farbwerte kürzen** +- [x] Einschalten **CSS-Attribute in XML-Attribute umwandeln** +- [x] Einschalten **Gruppen zusammenklappen** +- [x] Einschalten **Gruppen für ähnliche Attribute erstellen** +- [ ] Ausschalten **Editor-Daten erhalten** +- [ ] Ausschalten **Unreferenzierte Definitionen erhalten** +- [x] Einschalten **Renderer-Fehler umgehen** -In the **SVG Output** tab under **Document options**: +In der **SVG-Ausgabe** Registerkarte unter **Dokumenteinstellungen**: -- [ ] Turn off **Remove the XML declaration** -- [x] Turn on **Remove metadata** -- [x] Turn on **Remove comments** -- [x] Turn on **Embeded raster images** -- [x] Turn on **Enable viewboxing** +- [ ] Ausschalten **XML-Deklaration entfernen** +- [x] Einschalten **Metadaten entfernen** +- [x] Einschalten **Kommentare entfernen** +- [x] Einschalten **Rasterbilder einbetten** +- [x] Einschalten **Viewbox aktivieren** -In the **SVG Output** under **Pretty-printing**: +In der **SVG-Ausgabe** Registerkarte unter **Formatierung**: -- [ ] Turn off **Format output with line-breaks and indentation** -- **Indentation characters** > Select **Space** -- **Depth of indentation** > **1** -- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element** +- [ ] Ausschalten **Ausgabe mit Zeilenumbrüchen und Einrückungen formatieren** +- **Zeichen für Einrückungen** > Wähle **Leerzeichen** +- **Einrücktiefe** > **1** +- [ ] Ausschalten **"xml:space"-Attribut vom SVG-Wurzelelement entfernen** -In the **IDs** tab: +In der **IDs** Registerkarte: -- [x] Turn on **Remove unused IDs** -- [ ] Turn off **Shorten IDs** -- **Prefix shortened IDs with** > `leave blank` -- [x] Turn on **Preserve manually created IDs not ending with digits** -- **Preserve the following IDs** > `leave blank` -- **Preserve IDs starting with** > `leave blank` +- [x] Einschalten **Unbenutzte IDs entfernen** +- [ ] Ausschalten **IDs kürzen** +- **Präfix für gekürzte IDs** > `leer lassen` +- [x] Einschalten **Manuell erstellte IDs, die nicht mit Ziffern enden, erhalten** +- **Folgende IDs erhalten** > `leer lassen` +- **IDs mit folgendem Präfix erhalten** > `leer lassen` #### CLI -The same can be achieved with the [Scour](https://github.com/scour-project/scour) command: +Das Gleiche kann mit dem [Scour](https://github.com/scour-project/scour) Befehl erreicht werden: ```bash scour --set-precision=5 \ @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/meta/writing-style.md b/i18n/de/meta/writing-style.md index 6e3870357..e422d4a69 100644 --- a/i18n/de/meta/writing-style.md +++ b/i18n/de/meta/writing-style.md @@ -8,68 +8,68 @@ In general the [United States federal plain language guidelines](https://www.pla ## Writing for our audience -Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. +Das [Zielpublikum](https://www.plainlanguage.gov/guidelines/audience/) von Privacy Guides besteht hauptsächlich aus durchschnittlichen, Techniknutzenden Erwachsenen. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. ### Address only what people want to know -People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details. +Menschen brauchen keine übermäßig komplexen Artikel mit geringer Relevanz für sie. Figure out what you want people to accomplish when writing an article, and only include those details. > Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.” -### Address people directly +### Personen direkt ansprechen -We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly. +Wir schreiben *für* für eine Vielzahl von Menschen, aber wir schreiben *an* die Person, die es tatsächlich liest. Use "you" to address the reader directly. > More than any other single technique, using “you” pulls users into the information and makes it relevant to them. > > When you use “you” to address users, they are more likely to understand what their responsibility is. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) +Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) ### Avoid "users" Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for. -## Organizing content +## Organisieren von Inhalten -Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. +Organisieren ist der Schlüssel. Inhalte sollten von den wichtigsten zu den am wenigsten wichtigen Informationen fließen und Kopfzeilen so oft wie nötig verwendet werden, um verschiedene Ideen logisch zu trennen. -- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages. +- Limit the document to around five or six sections. Lange Dokumente sollten wahrscheinlich in einzelne Seiten aufgeteilt werden. - Mark important ideas with **bold** or *italics*. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) +Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) ### Begin with a topic sentence -> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details. +> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Überschriften sind hilfreich, reichen aber nicht aus. Establish a context for your audience before you provide them with the details. > -> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. +> Wir schreiben oft so, wie wir denken, indem wir zuerst unsere Prämissen und dann unsere Schlussfolgerung formulieren. Es mag die natürliche Art sein, Gedanken zu entwickeln, aber wir enden mit dem Themensatz am Ende des Absatzes. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) +Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) ## Choose your words carefully -> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. +> Worte sind von Bedeutung. Sie sind die grundlegenden Bausteine der schriftlichen und mündlichen Kommunikation. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. -We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly. +Wir sollten versuchen, Abkürzungen so weit wie möglich zu vermeiden, aber Technologie ist voll von Abkürzungen. Im Allgemeinen sollte die Abkürzung/das Akronym ausgeschrieben werden, wenn sie/es zum ersten Mal auf einer Seite verwendet wird, und die Abkürzung in die Glossar-Datei für Abkürzungen aufgenommen werden, wenn sie wiederholt verwendet wird. > Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: > > > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends. > -> And the original, using stronger, simpler words: +> Und das Original, mit stärkeren, einfacheren Worten: > -> > More night jobs would keep youths off the streets. +> > Mehr Nachtjobs würden die Jugendlichen von der Straße fernhalten. -## Be concise +## Prägnant sein -> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective. +> Unnecessary words waste your audience’s time. Gutes Schreiben ist wie ein Gespräch. Omit information that the audience doesn’t need to know. Als Fachexperte kann dies schwierig sein, daher ist es wichtig, dass jemand die Informationen aus der Perspektive des Publikums betrachtet. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) +Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) ## Keep text conversational -> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting. +> Verben sind der Treibstoff des Schreibens. Sie geben Sätzen Kraft und Richtung. They enliven your writing and make it more interesting. > > Verbs tell your audience what to do. Make sure it’s clear who does what. @@ -79,11 +79,9 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) -### Use "must" for requirements +### Verwendung von "muss" für Anforderungen -> - “must” for an obligation -> - “must not” for a prohibition -> - “may” for a discretionary action -> - “should” for a recommendation - ---8<-- "includes/abbreviations.de.txt" +> - "musst" für eine Verpflichtung +> - "darf nicht" für ein Verbot +> - "kann" für eine Ermessensentscheidung +> - "sollte" für eine Empfehlung diff --git a/i18n/de/mobile-browsers.md b/i18n/de/mobile-browsers.md index 5e891156d..d7adee8f3 100644 --- a/i18n/de/mobile-browsers.md +++ b/i18n/de/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/multi-factor-authentication.md b/i18n/de/multi-factor-authentication.md index 1a0e3c6fc..41030fe3b 100644 --- a/i18n/de/multi-factor-authentication.md +++ b/i18n/de/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/news-aggregators.md b/i18n/de/news-aggregators.md index 0f608abb9..2dad5ac09 100644 --- a/i18n/de/news-aggregators.md +++ b/i18n/de/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/notebooks.md b/i18n/de/notebooks.md index 4cab1dc1a..0739f6680 100644 --- a/i18n/de/notebooks.md +++ b/i18n/de/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/os/android-overview.md b/i18n/de/os/android-overview.md index 36c303d36..a78631a2a 100644 --- a/i18n/de/os/android-overview.md +++ b/i18n/de/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/os/linux-overview.md b/i18n/de/os/linux-overview.md index 8a7d874d0..8ec2c9e78 100644 --- a/i18n/de/os/linux-overview.md +++ b/i18n/de/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/os/qubes-overview.md b/i18n/de/os/qubes-overview.md index c731f8a3f..17b286b9f 100644 --- a/i18n/de/os/qubes-overview.md +++ b/i18n/de/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/passwords.md b/i18n/de/passwords.md index c927cdb0a..e81f1186e 100644 --- a/i18n/de/passwords.md +++ b/i18n/de/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/productivity.md b/i18n/de/productivity.md index bce9403ae..4490325da 100644 --- a/i18n/de/productivity.md +++ b/i18n/de/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/real-time-communication.md b/i18n/de/real-time-communication.md index 196ef5abc..68f9d767b 100644 --- a/i18n/de/real-time-communication.md +++ b/i18n/de/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/router.md b/i18n/de/router.md index b14af0c76..64521da33 100644 --- a/i18n/de/router.md +++ b/i18n/de/router.md @@ -1,6 +1,7 @@ --- title: "Router-Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Nachstehend sind ein paar alternative Betriebssysteme gelistet, die auf Routern, WLAN-Zugangspunkten usw. eingesetzt werden können. @@ -47,5 +48,3 @@ OPNsense wurde ursprünglich als Fork von [pfSense](https://en.wikipedia.org/wik - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/search-engines.md b/i18n/de/search-engines.md index ff48997d9..911525d7d 100644 --- a/i18n/de/search-engines.md +++ b/i18n/de/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/tools.md b/i18n/de/tools.md index 46ddd66b3..bc52a698c 100644 --- a/i18n/de/tools.md +++ b/i18n/de/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/tor.md b/i18n/de/tor.md index 8352feb5d..3d10ffb99 100644 --- a/i18n/de/tor.md +++ b/i18n/de/tor.md @@ -1,11 +1,12 @@ --- -title: "Tor Network" +title: "Tor-Netzwerk" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } -The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. +Das **Tor** Netzwerk besteht aus von freiwillig betriebenen Servern, die es ermöglichen, kostenlos die eigene Privatsphäre und Sicherheit im Internet zu verbessern. Einzelpersonen und Organisationen können auch Informationen über das Tor-Netzwerk mit ".onion versteckten Diensten" austauschen, ohne ihre Privatsphäre zu gefährden. Da der Tor-Verkehr schwer zu blockieren und zurückzuverfolgen ist, ist Tor ein effektives Werkzeug zur Zensur Umgehung. [:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage } [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } @@ -13,17 +14,11 @@ The **Tor** network is a group of volunteer-operated servers that allows you to [:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" } [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } -Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. +Tor funktioniert, indem es deinen Internetverkehr über diese von Freiwilligen betriebenen Server leitet, anstatt eine direkte Verbindung zu der Website herzustellen, die du besuchen willst. Dadurch wird verschleiert, woher der Datenverkehr kommt, und kein Server im Verbindungspfad ist in der Lage, den vollständigen Pfad zu sehen, woher der Datenverkehr kommt und wohin er geht, was bedeutet, dass selbst die Server, die du für die Verbindung verwendest, deiner Anonymität nichts anhaben können. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
+[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) - -## Connecting to Tor +## Verbinden mit Tor There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser. @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/video-streaming.md b/i18n/de/video-streaming.md index e42141dc0..e62ce3dac 100644 --- a/i18n/de/video-streaming.md +++ b/i18n/de/video-streaming.md @@ -1,9 +1,10 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- -The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. +Die primäre Bedrohung bei der Nutzung einer Videostreaming-Plattform besteht darin, dass deine Streaming-Gewohnheiten und Abonnementlisten dazu verwendet werden könnten, um ein Profil von dir zu erstellen. Du solltest diese Tools zusammen mit einem [VPN](vpn.md) oder [Tor](https://www.torproject.org/) verwenden, damit nicht so leicht ein Nutzungsprofil von dir erstellt werden kann. ## LBRY @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/vpn.md b/i18n/de/vpn.md index b1576bdae..b7f606877 100644 --- a/i18n/de/vpn.md +++ b/i18n/de/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs bieten keine Anonymität" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -13,82 +22,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. - [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } + [Tor herunterladen](https://www.torproject.org/){ .md-button .md-button--primary } [Tor-Mythen & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +## Empfohlene Anbieter -## Recommended Providers - -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Die von uns empfohlenen Anbieter verwenden Verschlüsselung, akzeptieren Monero, unterstützen WireGuard & OpenVPN und haben eine No-Logging-Richtlinie. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -96,12 +36,12 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar. + **IVPN** ist ein weiterer Premium-VPN-Anbieter und ist seit 2009 aktiv. IVPN hat den Sitz in Gibraltar. [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Datenschutzrichtlinie" } + [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Quellcode" } ??? downloads @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel. +{ .annotate } -1. Last checked: 2022-09-16 +1. Stand: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN unterstützt das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN-Clients unterstützen Zwei-Faktor-Authentifizierung (die Clients von Mullvad nicht). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -155,13 +96,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } - **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial. + **Mullvad** ist ein schnelles und preiswertes VPN mit einem ernsthaften Fokus auf Transparenz und Sicherheit. Mullvad ist seit **2009** in Betrieb. Mullvad ist in Schweden ansässig und bietet keine kostenlose Testversion an. [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } - [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Dienst" } + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Datenschutzrichtlinie" } + [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Quellcode" } ??? downloads @@ -172,102 +113,167 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel. +{ .annotate } + +1. Stand: 2023-01-19 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Sie akzeptieren auch Swish- und Banküberweisungen. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad unterstützt das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2023-01-19 - -??? success "Independently Audited" - - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + **Proton VPN** ist ein starker Anwärter im VPN-Bereich und ist seit 2016 in Betrieb. Die Proton AG hat ihren Sitz in der Schweiz und bietet sowohl eine begrenzte kostenlose als auch eine umfangreichere Premium-Option an. - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Datenschutzrichtlinie" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Quellcode" } - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + ??? downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Stand: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Im Januar 2020 hat sich Proton VPN einem unabhängigen Audit durch SEC Consult unterzogen. SEC Consult fand einige Sicherheitslücken mit mittlerem und niedrigem Risiko in den Windows-, Android- und iOS-Anwendungen von Proton VPN, die alle von Proton VPN vor der Veröffentlichung der Berichte "ordnungsgemäß behoben" wurden. Keines der festgestellten Probleme hätte angreifenden Fernzugriff auf dein Gerät oder deinen Datenverkehr ermöglicht. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN unterstützt hauptsächlich das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding -## Criteria +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN Clients unterstützen Zwei-Faktor-Authentifizierung auf allen Plattformen außer Linux. Proton VPN hat eigene Server und Rechenzentren in der Schweiz, Island und Schweden. Sie bieten mit ihrem DNS-Dienst die Möglichkeit, Werbung und Schadware zu blockieren. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Wenn du diese Funktion benötigst und einen Mac mit Intel-Chipsatz verwendest, solltest du einen anderen VPN-Dienst nutzen. + +## Kriterien !!! danger - It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. + It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. Ein VPN ist kein Werkzeug für illegale Aktivitäten. Verlasse dich nicht auf "no Log" Richtlienen. -**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. +**Bitte beachte, dass wir mit keinem der Projekte, die wir empfehlen, verbunden sind. Dies ermöglicht es uns, völlig objektive Empfehlungen zu geben.** Zusätzlich zu unseren [Standardkriterien](about/criteria.md) haben wir eine Reihe klarer Anforderungen für alle VPN-Anbieter*innen entwickelt, die empfohlen werden wollen, darunter starke Verschlüsselung, unabhängige Sicherheitsprüfungen, moderne Technologie und mehr. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. -### Technology +### Technologie We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** -- Support for strong protocols such as WireGuard & OpenVPN. -- Killswitch built in to clients. -- Multihop support. Multihopping is important to keep data private in case of a single node compromise. -- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- Unterstützung von starken Protokollen wie WireGuard & OpenVPN. +- Notaus ist in den Clients integriert. +- Multihop-Unterstützung. Multihopping ist wichtig, um Daten im Falle einer Kompromittierung eines einzelnen Knotens geheim zu halten. +- Wenn VPN-Clients zur Verfügung gestellt werden, sollten sie [Open Source](https://de.wikipedia.org/wiki/Open_Source)sein, wie die VPN-Software, die in der Regel in sie integriert ist. Wir sind der Meinung, dass [Quellcode](https://de.wikipedia.org/wiki/Quelltext) mehr Transparenz darüber bietet, was dein Gerät tatsächlich tut. **Best Case:** -- WireGuard and OpenVPN support. -- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) -- Easy-to-use VPN clients -- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. +- Unterstützung von WireGuard und OpenVPN. +- Notaus mit hochgradig konfigurierbaren Optionen (Aktivierung/Deaktivierung in bestimmten Netzen, beim Booten usw.) +- Einfach zu bedienende VPN-Clients +- Unterstützt [IPv6](https://de.wikipedia.org/wiki/IPv6). Wir erwarten, dass die Server eingehende Verbindungen über IPv6 zulassen und dir den Zugang zu Diensten ermöglichen, die auf IPv6-Adressen gehostet werden. - Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). -### Privacy +### Datenschutz -We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required. +Wir ziehen es vor, dass die von uns empfohlenen Anbieter*innen so wenig Daten wie möglich sammeln. Der Verzicht auf die Erhebung personenbezogener Daten bei der Anmeldung und die Annahme anonymer Zahlungsformen sind erforderlich. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** -- Monero or cash payment option. -- No personal information required to register: Only username, password, and email at most. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. +- Für die Registrierung sind keine persönlichen Daten erforderlich: Höchstens Benutzername, Passwort und E-Mail. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). -### Security +### Sicherheit A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. - Perfect Forward Secrecy (PFS). @@ -280,11 +286,11 @@ A VPN is pointless if it can't even provide adequate security. We require all ou - Comprehensive published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. -### Trust +### Vertrauen You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Public-facing leadership or ownership. @@ -297,7 +303,7 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t With the VPN providers we recommend we like to see responsible marketing. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out. @@ -316,8 +322,6 @@ Responsible marketing that is both educational and useful to the consumer could - An accurate comparison to when [Tor](tor.md) should be used instead. - Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion) -### Additional Functionality +### Zusätzliche Funktionalitäten While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/el/404.md b/i18n/el/404.md index c25b06d10..868dd7b6a 100644 --- a/i18n/el/404.md +++ b/i18n/el/404.md @@ -1,11 +1,15 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Δε βρέθηκε -Δεν μπορέσαμε να βρούμε τη σελίδα που ψάχνατε! Ίσως ψάχνατε για ένα από αυτά; +We couldn't find the page you were looking for! Maybe you were looking for one of these? - [Εισαγωγή στα Μοντέλα Απειλών](basics/threat-modeling.md) - [Προτεινόμενοι Πάροχοι DNS](dns.md) @@ -13,5 +17,3 @@ hide: - [Οι καλύτεροι πάροχοι VPN](vpn.md) - [Φόρουμ Οδηγών Απορρήτου](https://discuss.privacyguides.net) - [Το Blog μας](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/criteria.md b/i18n/el/about/criteria.md index 2f6e0138c..3084230bd 100644 --- a/i18n/el/about/criteria.md +++ b/i18n/el/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/donate.md b/i18n/el/about/donate.md index ce55e01ca..8accd67a1 100644 --- a/i18n/el/about/donate.md +++ b/i18n/el/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/index.md b/i18n/el/about/index.md index 2ba94952d..619406fee 100644 --- a/i18n/el/about/index.md +++ b/i18n/el/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/notices.md b/i18n/el/about/notices.md index 0d4aca096..bb32edd50 100644 --- a/i18n/el/about/notices.md +++ b/i18n/el/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/privacy-policy.md b/i18n/el/about/privacy-policy.md index 5e6c805f5..26c668d1a 100644 --- a/i18n/el/about/privacy-policy.md +++ b/i18n/el/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/privacytools.md b/i18n/el/about/privacytools.md index c8e9878a1..515c21f59 100644 --- a/i18n/el/about/privacytools.md +++ b/i18n/el/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/services.md b/i18n/el/about/services.md index 7a8088afa..71f2c95b7 100644 --- a/i18n/el/about/services.md +++ b/i18n/el/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/statistics.md b/i18n/el/about/statistics.md index e00eda7ca..8f17240c3 100644 --- a/i18n/el/about/statistics.md +++ b/i18n/el/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/advanced/communication-network-types.md b/i18n/el/advanced/communication-network-types.md index 9e6d87cc7..1f07a2c4c 100644 --- a/i18n/el/advanced/communication-network-types.md +++ b/i18n/el/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/advanced/dns-overview.md b/i18n/el/advanced/dns-overview.md index a76c682fc..b47af2809 100644 --- a/i18n/el/advanced/dns-overview.md +++ b/i18n/el/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/advanced/payments.md b/i18n/el/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/el/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/el/advanced/tor-overview.md b/i18n/el/advanced/tor-overview.md index 1a7f7c417..dd9d2a951 100644 --- a/i18n/el/advanced/tor-overview.md +++ b/i18n/el/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.el.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/el/android.md b/i18n/el/android.md index 24c1c3d8c..3da86daae 100644 --- a/i18n/el/android.md +++ b/i18n/el/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/account-creation.md b/i18n/el/basics/account-creation.md index cd9942b29..afa5d429f 100644 --- a/i18n/el/basics/account-creation.md +++ b/i18n/el/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/account-deletion.md b/i18n/el/basics/account-deletion.md index f0a0f0994..2498d6045 100644 --- a/i18n/el/basics/account-deletion.md +++ b/i18n/el/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/common-misconceptions.md b/i18n/el/basics/common-misconceptions.md index 8bdda952a..41997417f 100644 --- a/i18n/el/basics/common-misconceptions.md +++ b/i18n/el/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.el.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/el/basics/common-threats.md b/i18n/el/basics/common-threats.md index 93c32a777..e278c0cbf 100644 --- a/i18n/el/basics/common-threats.md +++ b/i18n/el/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.el.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/el/basics/email-security.md b/i18n/el/basics/email-security.md index 76839778c..f0c2fb579 100644 --- a/i18n/el/basics/email-security.md +++ b/i18n/el/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/multi-factor-authentication.md b/i18n/el/basics/multi-factor-authentication.md index 851c87914..ae57848d5 100644 --- a/i18n/el/basics/multi-factor-authentication.md +++ b/i18n/el/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/passwords-overview.md b/i18n/el/basics/passwords-overview.md index f60aaf5a0..6858d8b5b 100644 --- a/i18n/el/basics/passwords-overview.md +++ b/i18n/el/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/threat-modeling.md b/i18n/el/basics/threat-modeling.md index 3be5e402c..fc1b3b411 100644 --- a/i18n/el/basics/threat-modeling.md +++ b/i18n/el/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/vpn-overview.md b/i18n/el/basics/vpn-overview.md index 7ac0e668b..a1a007f52 100644 --- a/i18n/el/basics/vpn-overview.md +++ b/i18n/el/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/calendar.md b/i18n/el/calendar.md index 8f1795cad..bbcb033ad 100644 --- a/i18n/el/calendar.md +++ b/i18n/el/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/cloud.md b/i18n/el/cloud.md index 7c4c524ac..2bcc2596f 100644 --- a/i18n/el/cloud.md +++ b/i18n/el/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/cryptocurrency.md b/i18n/el/cryptocurrency.md new file mode 100644 index 000000000..ba06ba1ea --- /dev/null +++ b/i18n/el/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/el/data-redaction.md b/i18n/el/data-redaction.md index ebb667706..961594a8d 100644 --- a/i18n/el/data-redaction.md +++ b/i18n/el/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/desktop-browsers.md b/i18n/el/desktop-browsers.md index a29e6ffa5..1c21c296f 100644 --- a/i18n/el/desktop-browsers.md +++ b/i18n/el/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.el.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/el/desktop.md b/i18n/el/desktop.md index 492ef3a1b..2db4d1191 100644 --- a/i18n/el/desktop.md +++ b/i18n/el/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/dns.md b/i18n/el/dns.md index abb7c79a3..a8cc21dac 100644 --- a/i18n/el/dns.md +++ b/i18n/el/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.el.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/el/email-clients.md b/i18n/el/email-clients.md index 676e252b2..eec0e2923 100644 --- a/i18n/el/email-clients.md +++ b/i18n/el/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/email.md b/i18n/el/email.md index d039b722f..7ab4c31d5 100644 --- a/i18n/el/email.md +++ b/i18n/el/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/encryption.md b/i18n/el/encryption.md index f680e0ad1..ded8533b1 100644 --- a/i18n/el/encryption.md +++ b/i18n/el/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/file-sharing.md b/i18n/el/file-sharing.md index f499954b7..3e79d791f 100644 --- a/i18n/el/file-sharing.md +++ b/i18n/el/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/financial-services.md b/i18n/el/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/el/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/el/frontends.md b/i18n/el/frontends.md index c1c227615..7f245f412 100644 --- a/i18n/el/frontends.md +++ b/i18n/el/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/index.md b/i18n/el/index.md index 476ba4a06..a07da0cf0 100644 --- a/i18n/el/index.md +++ b/i18n/el/index.md @@ -40,5 +40,3 @@ hide: [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/kb-archive.md b/i18n/el/kb-archive.md index b5680249c..92daee33b 100644 --- a/i18n/el/kb-archive.md +++ b/i18n/el/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/meta/brand.md b/i18n/el/meta/brand.md index 69575141a..53cb9ac42 100644 --- a/i18n/el/meta/brand.md +++ b/i18n/el/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/meta/git-recommendations.md b/i18n/el/meta/git-recommendations.md index e9b9a7191..f59b5f81f 100644 --- a/i18n/el/meta/git-recommendations.md +++ b/i18n/el/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/meta/uploading-images.md b/i18n/el/meta/uploading-images.md index 69102f6de..55f136f8a 100644 --- a/i18n/el/meta/uploading-images.md +++ b/i18n/el/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/meta/writing-style.md b/i18n/el/meta/writing-style.md index 9a1019ea2..b9e47a716 100644 --- a/i18n/el/meta/writing-style.md +++ b/i18n/el/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/mobile-browsers.md b/i18n/el/mobile-browsers.md index d13bfb6af..d7adee8f3 100644 --- a/i18n/el/mobile-browsers.md +++ b/i18n/el/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/multi-factor-authentication.md b/i18n/el/multi-factor-authentication.md index 045a019b9..41030fe3b 100644 --- a/i18n/el/multi-factor-authentication.md +++ b/i18n/el/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/news-aggregators.md b/i18n/el/news-aggregators.md index e6ca3a16e..2dad5ac09 100644 --- a/i18n/el/news-aggregators.md +++ b/i18n/el/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/notebooks.md b/i18n/el/notebooks.md index 70b84743d..0739f6680 100644 --- a/i18n/el/notebooks.md +++ b/i18n/el/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/os/android-overview.md b/i18n/el/os/android-overview.md index 30ae41da7..a78631a2a 100644 --- a/i18n/el/os/android-overview.md +++ b/i18n/el/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/os/linux-overview.md b/i18n/el/os/linux-overview.md index 1c2376e62..8ec2c9e78 100644 --- a/i18n/el/os/linux-overview.md +++ b/i18n/el/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/os/qubes-overview.md b/i18n/el/os/qubes-overview.md index 590c26391..17b286b9f 100644 --- a/i18n/el/os/qubes-overview.md +++ b/i18n/el/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/passwords.md b/i18n/el/passwords.md index ee998008d..e81f1186e 100644 --- a/i18n/el/passwords.md +++ b/i18n/el/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/productivity.md b/i18n/el/productivity.md index c53e341c3..4490325da 100644 --- a/i18n/el/productivity.md +++ b/i18n/el/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/real-time-communication.md b/i18n/el/real-time-communication.md index 424b6c62c..68f9d767b 100644 --- a/i18n/el/real-time-communication.md +++ b/i18n/el/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/router.md b/i18n/el/router.md index 19734e7bf..2d6ecba5e 100644 --- a/i18n/el/router.md +++ b/i18n/el/router.md @@ -1,6 +1,7 @@ --- title: "Υλικολογισμικό Δρομολογητή" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Παρακάτω είναι μερικά εναλλακτικά λειτουργικά συστήματα τα οποία μπορούν να χρησιμοποιηθούν σε δρομολογητές, σημεία πρόσβασης Wi-Fi, κλπ. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/search-engines.md b/i18n/el/search-engines.md index 5f03536a6..911525d7d 100644 --- a/i18n/el/search-engines.md +++ b/i18n/el/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/tools.md b/i18n/el/tools.md index 3816fef52..6693ced33 100644 --- a/i18n/el/tools.md +++ b/i18n/el/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/tor.md b/i18n/el/tor.md index 8129b3190..ce93c961d 100644 --- a/i18n/el/tor.md +++ b/i18n/el/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/video-streaming.md b/i18n/el/video-streaming.md index 3d579fc29..8f8ebd0b8 100644 --- a/i18n/el/video-streaming.md +++ b/i18n/el/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/vpn.md b/i18n/el/vpn.md index 625d3623c..d1ea79e96 100644 --- a/i18n/el/vpn.md +++ b/i18n/el/vpn.md @@ -1,11 +1,20 @@ --- -title: "Υπηρεσίες VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Βρείτε έναν πάροχο VPN χωρίς καταγραφή που δεν έχει σκοπό να πουλήσει ή να διαβάσει την κυκλοφορία σας στο διαδίκτυο. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? κίνδυνος "Τα VPN δεν παρέχουν ανωνυμία" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! κίνδυνος "Τα VPN δεν παρέχουν ανωνυμία" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ icon: material/vpn [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ icon: material/vpn - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ icon: material/vpn - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/eo/404.md b/i18n/eo/404.md index 846e41b29..25c1c7805 100644 --- a/i18n/eo/404.md +++ b/i18n/eo/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/criteria.md b/i18n/eo/about/criteria.md index edd3f3d97..3084230bd 100644 --- a/i18n/eo/about/criteria.md +++ b/i18n/eo/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/donate.md b/i18n/eo/about/donate.md index 2f51128c7..8accd67a1 100644 --- a/i18n/eo/about/donate.md +++ b/i18n/eo/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/index.md b/i18n/eo/about/index.md index f8c7ce84b..619406fee 100644 --- a/i18n/eo/about/index.md +++ b/i18n/eo/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/notices.md b/i18n/eo/about/notices.md index 7f22b4b28..bb32edd50 100644 --- a/i18n/eo/about/notices.md +++ b/i18n/eo/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/privacy-policy.md b/i18n/eo/about/privacy-policy.md index 8c2e3dc72..26c668d1a 100644 --- a/i18n/eo/about/privacy-policy.md +++ b/i18n/eo/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/privacytools.md b/i18n/eo/about/privacytools.md index 7f1de5984..515c21f59 100644 --- a/i18n/eo/about/privacytools.md +++ b/i18n/eo/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/services.md b/i18n/eo/about/services.md index aa4c6f2ef..71f2c95b7 100644 --- a/i18n/eo/about/services.md +++ b/i18n/eo/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/statistics.md b/i18n/eo/about/statistics.md index 2636d7b93..8f17240c3 100644 --- a/i18n/eo/about/statistics.md +++ b/i18n/eo/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/advanced/communication-network-types.md b/i18n/eo/advanced/communication-network-types.md index f46da32dd..1f07a2c4c 100644 --- a/i18n/eo/advanced/communication-network-types.md +++ b/i18n/eo/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/advanced/dns-overview.md b/i18n/eo/advanced/dns-overview.md index ab70aabd5..b47af2809 100644 --- a/i18n/eo/advanced/dns-overview.md +++ b/i18n/eo/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/advanced/payments.md b/i18n/eo/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/eo/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/eo/advanced/tor-overview.md b/i18n/eo/advanced/tor-overview.md index c78d220b8..dd9d2a951 100644 --- a/i18n/eo/advanced/tor-overview.md +++ b/i18n/eo/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.eo.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/eo/android.md b/i18n/eo/android.md index 11fc0ea19..3da86daae 100644 --- a/i18n/eo/android.md +++ b/i18n/eo/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/account-creation.md b/i18n/eo/basics/account-creation.md index 3c8b01ee1..afa5d429f 100644 --- a/i18n/eo/basics/account-creation.md +++ b/i18n/eo/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/account-deletion.md b/i18n/eo/basics/account-deletion.md index bd6c07fb3..2498d6045 100644 --- a/i18n/eo/basics/account-deletion.md +++ b/i18n/eo/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/common-misconceptions.md b/i18n/eo/basics/common-misconceptions.md index db6ea35db..41997417f 100644 --- a/i18n/eo/basics/common-misconceptions.md +++ b/i18n/eo/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.eo.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/eo/basics/common-threats.md b/i18n/eo/basics/common-threats.md index b325bdcb9..e278c0cbf 100644 --- a/i18n/eo/basics/common-threats.md +++ b/i18n/eo/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.eo.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/eo/basics/email-security.md b/i18n/eo/basics/email-security.md index c9391a1ac..f0c2fb579 100644 --- a/i18n/eo/basics/email-security.md +++ b/i18n/eo/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/multi-factor-authentication.md b/i18n/eo/basics/multi-factor-authentication.md index 11db51597..ae57848d5 100644 --- a/i18n/eo/basics/multi-factor-authentication.md +++ b/i18n/eo/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/passwords-overview.md b/i18n/eo/basics/passwords-overview.md index f464ddac8..6858d8b5b 100644 --- a/i18n/eo/basics/passwords-overview.md +++ b/i18n/eo/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/threat-modeling.md b/i18n/eo/basics/threat-modeling.md index 4cee1776c..fc1b3b411 100644 --- a/i18n/eo/basics/threat-modeling.md +++ b/i18n/eo/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/vpn-overview.md b/i18n/eo/basics/vpn-overview.md index a0727def6..a1a007f52 100644 --- a/i18n/eo/basics/vpn-overview.md +++ b/i18n/eo/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/calendar.md b/i18n/eo/calendar.md index 451b4ca56..bbcb033ad 100644 --- a/i18n/eo/calendar.md +++ b/i18n/eo/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/cloud.md b/i18n/eo/cloud.md index 53133b8b0..2bcc2596f 100644 --- a/i18n/eo/cloud.md +++ b/i18n/eo/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/cryptocurrency.md b/i18n/eo/cryptocurrency.md new file mode 100644 index 000000000..ba06ba1ea --- /dev/null +++ b/i18n/eo/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/eo/data-redaction.md b/i18n/eo/data-redaction.md index 16afe85de..961594a8d 100644 --- a/i18n/eo/data-redaction.md +++ b/i18n/eo/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/desktop-browsers.md b/i18n/eo/desktop-browsers.md index 210429edc..1c21c296f 100644 --- a/i18n/eo/desktop-browsers.md +++ b/i18n/eo/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.eo.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/eo/desktop.md b/i18n/eo/desktop.md index d938506d9..2db4d1191 100644 --- a/i18n/eo/desktop.md +++ b/i18n/eo/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/dns.md b/i18n/eo/dns.md index fdc950027..a8cc21dac 100644 --- a/i18n/eo/dns.md +++ b/i18n/eo/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.eo.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/eo/email-clients.md b/i18n/eo/email-clients.md index 9239238df..eec0e2923 100644 --- a/i18n/eo/email-clients.md +++ b/i18n/eo/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/email.md b/i18n/eo/email.md index 3a6847ca6..7ab4c31d5 100644 --- a/i18n/eo/email.md +++ b/i18n/eo/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/encryption.md b/i18n/eo/encryption.md index 3268a8a51..ded8533b1 100644 --- a/i18n/eo/encryption.md +++ b/i18n/eo/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/file-sharing.md b/i18n/eo/file-sharing.md index 7039a9861..3e79d791f 100644 --- a/i18n/eo/file-sharing.md +++ b/i18n/eo/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/financial-services.md b/i18n/eo/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/eo/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/eo/frontends.md b/i18n/eo/frontends.md index 12162dc91..7f245f412 100644 --- a/i18n/eo/frontends.md +++ b/i18n/eo/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/index.md b/i18n/eo/index.md index 4cb105105..b24c23bda 100644 --- a/i18n/eo/index.md +++ b/i18n/eo/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/kb-archive.md b/i18n/eo/kb-archive.md index 514697e3a..92daee33b 100644 --- a/i18n/eo/kb-archive.md +++ b/i18n/eo/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/meta/brand.md b/i18n/eo/meta/brand.md index bb7788417..53cb9ac42 100644 --- a/i18n/eo/meta/brand.md +++ b/i18n/eo/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/meta/git-recommendations.md b/i18n/eo/meta/git-recommendations.md index 6159e50d8..f59b5f81f 100644 --- a/i18n/eo/meta/git-recommendations.md +++ b/i18n/eo/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/meta/uploading-images.md b/i18n/eo/meta/uploading-images.md index 20b8a71fd..55f136f8a 100644 --- a/i18n/eo/meta/uploading-images.md +++ b/i18n/eo/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/meta/writing-style.md b/i18n/eo/meta/writing-style.md index 43c8df7f5..b9e47a716 100644 --- a/i18n/eo/meta/writing-style.md +++ b/i18n/eo/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/mobile-browsers.md b/i18n/eo/mobile-browsers.md index c427f0112..d7adee8f3 100644 --- a/i18n/eo/mobile-browsers.md +++ b/i18n/eo/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/multi-factor-authentication.md b/i18n/eo/multi-factor-authentication.md index f30f3a361..41030fe3b 100644 --- a/i18n/eo/multi-factor-authentication.md +++ b/i18n/eo/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/news-aggregators.md b/i18n/eo/news-aggregators.md index 4c609d2e9..2dad5ac09 100644 --- a/i18n/eo/news-aggregators.md +++ b/i18n/eo/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/notebooks.md b/i18n/eo/notebooks.md index c17eb1687..0739f6680 100644 --- a/i18n/eo/notebooks.md +++ b/i18n/eo/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/os/android-overview.md b/i18n/eo/os/android-overview.md index a7eb6b064..a78631a2a 100644 --- a/i18n/eo/os/android-overview.md +++ b/i18n/eo/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/os/linux-overview.md b/i18n/eo/os/linux-overview.md index 0ba653e0e..8ec2c9e78 100644 --- a/i18n/eo/os/linux-overview.md +++ b/i18n/eo/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/os/qubes-overview.md b/i18n/eo/os/qubes-overview.md index e706713d5..17b286b9f 100644 --- a/i18n/eo/os/qubes-overview.md +++ b/i18n/eo/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/passwords.md b/i18n/eo/passwords.md index 9b09e8487..e81f1186e 100644 --- a/i18n/eo/passwords.md +++ b/i18n/eo/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/productivity.md b/i18n/eo/productivity.md index cb5d4e323..4490325da 100644 --- a/i18n/eo/productivity.md +++ b/i18n/eo/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/real-time-communication.md b/i18n/eo/real-time-communication.md index f2bcd2fcb..68f9d767b 100644 --- a/i18n/eo/real-time-communication.md +++ b/i18n/eo/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/router.md b/i18n/eo/router.md index 600269394..a494c017d 100644 --- a/i18n/eo/router.md +++ b/i18n/eo/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/search-engines.md b/i18n/eo/search-engines.md index 8a0ed19af..911525d7d 100644 --- a/i18n/eo/search-engines.md +++ b/i18n/eo/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/tools.md b/i18n/eo/tools.md index d523143ce..ef945a945 100644 --- a/i18n/eo/tools.md +++ b/i18n/eo/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/tor.md b/i18n/eo/tor.md index d7df32e97..ce93c961d 100644 --- a/i18n/eo/tor.md +++ b/i18n/eo/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/video-streaming.md b/i18n/eo/video-streaming.md index b2bcf05b6..8f8ebd0b8 100644 --- a/i18n/eo/video-streaming.md +++ b/i18n/eo/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/vpn.md b/i18n/eo/vpn.md index 598bef037..6bba25466 100644 --- a/i18n/eo/vpn.md +++ b/i18n/eo/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/es/404.md b/i18n/es/404.md index 673e55b0a..66506efc0 100644 --- a/i18n/es/404.md +++ b/i18n/es/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - No encontrado @@ -13,5 +17,3 @@ hide: - [Mejores proveedores de VPN](vpn.md) - [Foro de Privacy Guides](https://discuss.privacyguides.net) - [Nuestro blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/criteria.md b/i18n/es/about/criteria.md index c5acf096c..e41e8fa81 100644 --- a/i18n/es/about/criteria.md +++ b/i18n/es/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/donate.md b/i18n/es/about/donate.md index d56cd8f6d..d94cbcf7e 100644 --- a/i18n/es/about/donate.md +++ b/i18n/es/about/donate.md @@ -48,5 +48,3 @@ Alojamos [servicios de internet](https://privacyguides.net) para probar y mostra Ocasionalmente compramos productos y servicios con el fin de probar nuestras [herramientas recomendadas](../tools.md). Seguimos trabajando con nuestro anfitrión fiscal (la Open Collective Foundation) para recibir donaciones de criptomonedas, por el momento la contabilidad es inviable para muchas transacciones más pequeñas, pero esto debería cambiar en el futuro. Mientras tanto, si desea hacer una donación considerable (> 100 dólares) en criptomoneda, por favor, póngase en contacto con [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/index.md b/i18n/es/about/index.md index 322ca826a..2c3ba9d48 100644 --- a/i18n/es/about/index.md +++ b/i18n/es/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. Usted **no puede** utilizar la marca de Privacy Guides en su propio proyecto sin la aprobación expresa de este proyecto. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/notices.md b/i18n/es/about/notices.md index 3c02db335..32471c94d 100644 --- a/i18n/es/about/notices.md +++ b/i18n/es/about/notices.md @@ -41,5 +41,3 @@ No debe llevar a cabo ninguna actividad de recopilación de datos sistemática o * Scraping * Minería de Datos * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/privacy-policy.md b/i18n/es/about/privacy-policy.md index fb78970a3..d7e26c9d4 100644 --- a/i18n/es/about/privacy-policy.md +++ b/i18n/es/about/privacy-policy.md @@ -58,6 +58,4 @@ Puede presentar reclamaciones acerca del RGPD ante sus autoridades locales de su Publicaremos cualquier versión nueva de esta declaración [aquí](privacy-policy.md). Es posible que cambiemos la forma de anunciar los cambios en futuras versiones de este documento. Mientras tanto, podemos actualizar nuestra información de contacto en cualquier momento sin anunciar ningún cambio. Consulte la [Política de privacidad](privacy-policy.md) para obtener la última información de contacto. -A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.es.txt" +En GitHub puede consultarse el [historial](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) completo de revisiones de esta página. diff --git a/i18n/es/about/privacytools.md b/i18n/es/about/privacytools.md index e5e84ecbc..6bf4a801f 100644 --- a/i18n/es/about/privacytools.md +++ b/i18n/es/about/privacytools.md @@ -103,7 +103,7 @@ Por lo tanto, los fondos de OpenCollective pertenecen a Privacy Guides, fueron e > Si algún patrocinador no está de acuerdo o se siente engañado por estos recientes acontecimientos y quiere solicitar un reembolso dadas estas circunstancias tan inusuales, por favor póngase en contacto con nuestro administrador del proyecto enviando un correo electrónico a jonah@triplebit.net. -## Further Reading +## Lecturas Adicionales Este tema se ha debatido ampliamente en nuestras comunidades en varios lugares, y parece probable que la mayoría de las personas que lean esta página ya estén familiarizadas con los acontecimientos que condujeron al cambio a Privacy Guides. Algunas de nuestras publicaciones anteriores sobre el tema pueden tener detalles adicionales que omitimos aquí por razones de brevedad. Se han enlazado a continuación para completarlo. @@ -116,5 +116,3 @@ Este tema se ha debatido ampliamente en nuestras comunidades en varios lugares, - [2 de abril de 2022: respuesta de u/dng99 a la publicación acusatoria en el blog de PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [16 de mayo de 2022: respuesta de @TommyTran732 en Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [3 de septiembre de 2022: post en el foro de Techlore por @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/services.md b/i18n/es/about/services.md index bf426bf81..2adba1f1c 100644 --- a/i18n/es/about/services.md +++ b/i18n/es/about/services.md @@ -36,5 +36,3 @@ Ejecutamos una serie de servicios web para probar las características y promove - Disponibilidad: Semipública Alojamos Indivious principalmente para servir videos de YouTube incrustados en nuestra página. Esta instancia no está destinada al público general y puede ser limitada en cualquier momento. - Código fuente: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/statistics.md b/i18n/es/about/statistics.md index d528e3338..9d1d17658 100644 --- a/i18n/es/about/statistics.md +++ b/i18n/es/about/statistics.md @@ -59,5 +59,3 @@ title: Estadísticas de tráfico }) }) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/advanced/communication-network-types.md b/i18n/es/advanced/communication-network-types.md index f5cb21a02..05ff28efc 100644 --- a/i18n/es/advanced/communication-network-types.md +++ b/i18n/es/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Tipos de redes de comunicación" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- Existen varias arquitecturas de red utilizadas habitualmente para transmitir mensajes entre personas. Estas redes pueden ofrecer diferentes garantías de privacidad, por lo que conviene tener en cuenta tu [modelo de amenaza](../basics/threat-modeling.md) a la hora de decidir qué aplicación utilizar. @@ -100,5 +101,3 @@ El autoalojamiento de un nodo en una red de enrutamiento anónimo no proporciona - Menos fiable si los nodos se seleccionan mediante enrutamiento aleatorio, algunos nodos pueden estar muy lejos del emisor y del receptor, añadiendo latencia o incluso dejando de transmitir mensajes si uno de los nodos se desconecta. - Más complejo para empezar, ya que se requiere la creación y el respaldo seguro de una clave privada criptográfica. - Al igual que en otras plataformas descentralizadas, añadir funciones es más complejo para los desarrolladores que en una plataforma centralizada. Por lo tanto, pueden faltar funciones o estar implementadas de forma incompleta, como la retransmisión de mensajes fuera de línea o la eliminación de mensajes. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/advanced/dns-overview.md b/i18n/es/advanced/dns-overview.md index 35097c1fc..7d3ed729a 100644 --- a/i18n/es/advanced/dns-overview.md +++ b/i18n/es/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Resumen DNS" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- El [Sistema de Nombres de Dominio](https://es.wikipedia.org/wiki/Sistema_de_nombres_de_dominio) es el 'directorio telefónico del Internet'. El DNS traduce los nombres de dominio a direcciones IP para que los navegadores y otros servicios puedan cargar los recursos de Internet, a través de una red descentralizada de servidores. @@ -303,5 +304,3 @@ La [Subred de Cliente EDNS](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) es Su objetivo es "acelerar" la entrega de datos dando al cliente una respuesta que pertenece a un servidor que está cerca de él, como una [red de distribución de contenidos](https://es.wikipedia.org/wiki/Red_de_distribuci%C3%B3n_de_contenidos), que se utilizan a menudo en la transmisión de vídeo y el servicio de aplicaciones web de JavaScript. Esta característica tiene un coste de privacidad, ya que indica al servidor DNS cierta información sobre la ubicación del cliente. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/advanced/payments.md b/i18n/es/advanced/payments.md new file mode 100644 index 000000000..6751ae469 --- /dev/null +++ b/i18n/es/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! peligro + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/es/advanced/tor-overview.md b/i18n/es/advanced/tor-overview.md index f54692182..df66019b0 100644 --- a/i18n/es/advanced/tor-overview.md +++ b/i18n/es/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Resumen de Tor" icon: 'simple/torproject' +description: Tor es una red descentralizada y gratuita diseñada para utilizar Internet con la mayor privacidad posible. --- Tor es una red descentralizada y gratuita diseñada para utilizar Internet con la mayor privacidad posible. Si se utiliza correctamente, la red permite la navegación y las comunicaciones privadas y anónimas. @@ -74,8 +75,6 @@ Si deseas utilizar Tor para navegar por la web, sólo recomendamos el navegador - [¿Cómo funciona Tor? - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Servicios Onion de Tor - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.es.txt" - [^1]: El primer repetidor en tu circuito se llama "guardia de entrada" o "guardia". Es un repetidor rápido y estable que se mantiene como el primero en tu circuito durante 2-3 meses para protegerse de un ataque conocido de ruptura del anonimato. El resto de tu circuito cambia con cada nuevo sitio web que visitas, y todos juntos estos repetidores proporcionan las protecciones de privacidad completas de Tor. Para obtener más información sobre el funcionamiento de los repetidores de protección, consulta esta [entrada del blog](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) y el [documento](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) sobre los guardias de entrada. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Bandera de repetidor: una (des)calificación de los repetidores para las posiciones de los circuitos (por ejemplo, "Guardia", "Salida", "MalaSalida"), las propiedades de los circuitos (por ejemplo, "Rápido", "Estable"), o los roles (por ejemplo, "Autoridad", "HSDir"), tal y como los asignan las autoridades de los directorios y se definen con más detalle en la especificación del protocolo del directorio. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/es/android.md b/i18n/es/android.md index 85d51ee58..74816f4d9 100644 --- a/i18n/es/android.md +++ b/i18n/es/android.md @@ -1,20 +1,22 @@ --- title: "Android" icon: 'fontawesome/brands/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } El **proyecto de código abierto de Android** es un sistema operativo móvil de código abierto liderado por Google, que está detrás de la mayor parte de los dispositivos móviles del mundo. La mayor parte de los teléfono vendidos con Android son modificados para incluir integraciones y aplicaciones invasivas como los servicios de Google Play, así que puedes mejorar la privacidad de tu dispositivo móvil de manera significativa al reemplazar la instalación predeterminada de tu teléfono con una versión de Android sin esas características invasivas. -[:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage } -[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} -[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Source Code" } +[:octicons-home-16:](https://source.android.com/){ .card-link title=Inicio } +[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentación} +[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Código fuente" } En particular, GrapheneOS admite [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play). Los Servicios de Google Play se pueden ejecutar completamente de manera aislada como una aplicación de usuario normal y se pueden incluir en un [perfil de trabajo o un perfil de usuario](#android-security-privacy) de su elección. -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Por qué recomendamos GrapheneOS sobre CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Derivados de AOSP @@ -33,15 +35,15 @@ We recommend installing one of these custom Android operating systems on your de Los dispositivos de "soporte extendido" de GrapheneOS no tienen correcciones de seguridad completos (actualizaciones de firmware) debido a que el fabricante de equipos originales (OEM) suspende el soporte. - Estos dispositivos no pueden considerarse completamente seguros. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported. + Estos dispositivos no pueden considerarse completamente seguros. Dispone de un [asignador de memoria reforzado](https://github.com/GrapheneOS/hardened_malloc), permisos de red y de sensores, y otras [características de seguridad](https://grapheneos.org/features). GrapheneOS también incluye actualizaciones completas de firmware y compilaciones firmadas, por lo que el arranque verificado es totalmente compatible. - [:octicons-home-16: Homepage](https://grapheneos.org/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} - [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } - [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://grapheneos.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Política de privacidad" } + [:octicons-info-16:](https://grapheneos.org/faq/){ .card-link title=Documentación} + [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://grapheneos.org/donate/){ .card-link title=Contribuir } -Para complacer a los usuarios que necesitan Google Play Services, CalyxOS incluye de manera opcional [MicroG](https://microg.org/). Con MicroG, CalyxOS también se incluye en los servicios de localización de [Mozilla](https://location.services.mozilla.com/) y [DejaVu](https://github.com/n76/DejaVu). +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). @@ -54,26 +56,26 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw **CalyxOS** es una alternativa aceptable a GrapheneOS. Tiene algunas funciones de privacidad además de AOSP, que incluyen [Datura firewall](https://calyxos.org/docs/tech/datura-details), [Signal](https://signal.org) integración en la aplicación de marcación y un botón de pánico incorporado. CalyxOS también viene con actualizaciones de firmware y compilaciones firmadas, así que [el arranque verificado](https://source.android.com/security/verifiedboot) es completamente compatible. - [:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary } - [:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" } - [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://divestos.org){ .md-button .md-button--primary } + [:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Servicio Onion" } + [:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribuir } -DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. recommendation DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS ha automatizado el [parchamiento vulnerabilidad del kernel](https://gitlab.com/divested-mobile/cve_checker) ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), menos blobs propietarios, un archivo personalizado de [hosts](https://divested.dev/index.php?page=dnsbl), y [F-Droid](https://www.f-droid.org) como tienda de aplicaciones. Incluye [UnifiedNlp](https://github.com/microg/UnifiedNlp) para la localización de la red. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS también incluye parches de GrapheneOS para el kernel y habilita todas las características de seguridad del kernel disponibles a través de [endurecimiento defconfig](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Todos los kernels más recientes que la versión 3.4 incluyen [saneamiento](https://lwn.net/Articles/334747/) página completa y todos los ~22 kernels compilados por Clang tienen [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) habilitado. However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning - DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. + La actualización del firmware de DivestOS [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) y el control de calidad varían según los dispositivos que soporta. Seguimos recomendando GrapheneOS en función de la compatibilidad de tu dispositivo. Para otros dispositivos, DivestOS es una buena alternativa. - Not all of the supported devices have verified boot, and some perform it better than others. + No todos los dispositivos compatibles tienen arranque verificado y algunos lo realizan mejor que otros. -## Android Devices +## Dispositivos Android When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -114,7 +116,7 @@ A few more tips for purchasing a Google Pixel: - Look at online community bargain sites in your country. These can alert you to good sales. - Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. -## General Apps +## Aplicaciones generales We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. @@ -122,40 +124,40 @@ We recommend a wide variety of Android apps throughout this site. The apps liste !!! recomendación - ![Shelter logo](assets/img/android/shelter.svg){ align=right } + ![Logotipo de Shelter](assets/img/android/shelter.svg){ align=right } - **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device. + **Shelter** es una aplicación que te ayuda a aprovechar la funcionalidad perfil de trabajo de Android para aislar o duplicar aplicaciones en tu dispositivo. - Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)). + Shelter permite bloquear la búsqueda de contactos entre perfiles y compartir archivos entre perfiles a través del gestor de archivos predeterminado ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)). - [:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary } - [:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=Contribute } + [:octicons-repo-16: Repositorio](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter) !!! warning - Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). + Se recomienda Shelter en lugar de [Insular](https://secure-system.gitlab.io/Insular/) e [Island](https://github.com/oasisfeng/island), ya que admite [bloqueo de búsqueda de contactos](https://secure-system.gitlab.io/Insular/faq.html). - When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile. + Al usar Shelter, está depositando toda su confianza en su desarrollador, ya que Shelter actúa como [Administrador de dispositivos](https://developer.android.com/guide/topics/admin/device-admin) para crear el perfil de trabajo, y tiene un amplio acceso a los datos almacenados en él. ### Perfil de trabajo !!! recomendación - ![Auditor logo](assets/img/android/auditor.svg#only-light){ align=right } - ![Auditor logo](assets/img/android/auditor-dark.svg#only-dark){ align=right } + ![Logo Auditor](assets/img/android/auditor.svg#only-light){ align=right } + ![Logo Auditor ](assets/img/android/auditor-dark.svg#only-dark){ align=right } - **Auditor** is an app which leverages hardware security features to provide device integrity monitoring for [supported devices](https://attestation.app/about#device-support). Currently, it only works with GrapheneOS and the device's stock operating system. + **Auditor** es una aplicación que aprovecha las funciones de seguridad del hardware para supervisar la integridad de los dispositivos [compatibles](https://attestation.app/about#device-support). Actualmente, sólo funciona con GrapheneOS y con el sistema operativo original del dispositivo. - [:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary } - [:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation} - [:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" } - [:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://attestation.app){ .md-button .md-button--primary } + [:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentación} + [:octicons-code-16:](https://attestation.app/source){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribuir } ??? downloads @@ -179,17 +181,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co !!! recomendación - ![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right } - ![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right } + ![Logo de Secure Camera](assets/img/android/secure_camera.svg#only-light){ align=right } + ![Logo de Secure camera](assets/img/android/secure_camera-dark.svg#only-dark){ align=right } - **Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices. + **Secure Camera** es una aplicación de cámara centrada en la privacidad y la seguridad que puede capturar imágenes, vídeos y códigos QR. Las extensiones de proveedor de CameraX (Retrato, HDR, Visión nocturna, Retoque facial y Auto) también son compatibles con los dispositivos disponibles. - [:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary } - [:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" } - [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + [:octicons-repo-16: Repositorio](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary } + [:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play) - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) @@ -203,34 +205,34 @@ Main privacy features include: !!! note - Metadata is not currently deleted from video files but that is planned. + Actualmente no se eliminan los metadatos de los archivos de vídeo, pero está previsto hacerlo. - The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser). + Los metadatos de orientación de la imagen no se borran. Si habilitas la ubicación (en la cámara segura), * * tampoco se eliminará * *. Si quieres borrarlo más tarde tendrás que utilizar una aplicación externa como [ExifEraser](data-redaction.md#exiferaser). -### Secure PDF Viewer +### Visor seguro de PDF !!! recomendación ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right } ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right } - **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files. + **Secure PDF Viewer** es un visor de PDF basado en [pdf.js](https://en.wikipedia.org/wiki/PDF.js) que no requiere permisos. El PDF se introduce en un [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(desarrollo_software)) [webview](https://developer.android.com/guide/webapps/webview). Esto significa que no necesita permiso para acceder directamente a contenidos o archivos. - [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content. + [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) se utiliza para garantizar que las propiedades de JavaScript y de estilo dentro de WebView sean enteramente de contenido estático. - [:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary } - [:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" } - [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + [:octicons-repo-16: Repositorio](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play) - [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) -## Obtaining Applications +## Obteniendo Aplicaciones -### Interruptores globales +### Tienda de aplicaciones GrapheneOS GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. @@ -240,14 +242,14 @@ The Google Play Store requires a Google account to login which is not great for !!! recomendación - ![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right } + ![Logo Aurora Store](assets/img/android/aurora-store. ebp){ align=right } - **Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps. + **Aurora Store** es un cliente de Google Play Store que no requiere de una cuenta de Google, Servicios Google Play, o microG para descargar aplicaciones. - [:octicons-home-16: Homepage](https://auroraoss.com/){ .md-button .md-button--primary } - [:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" } + [:octicons-home-16: Página del proyecto](https://auroraoss.com/){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Código fuente" } - ??? downloads + ??? Descarga - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) @@ -271,15 +273,15 @@ On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` -#### Verifying APK Fingerprints +#### Comprobando Firmas de las APK If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). -1. Install [Java JDK](https://www.oracle.com/java/technologies/downloads/). +1. Instala [Java JDK](https://www.oracle.com/java/technologies/downloads/). -2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools). +2. Descarga las [herramientas de línea de comandos de Android Studio](https://developer.android.com/studio#command-tools). -3. Extract the downloaded archive: +3. Extrae el archivo descargado: ```bash unzip commandlinetools-*.zip @@ -287,13 +289,13 @@ If you download APK files to install manually, you can verify their signature wi ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3" ``` -4. Run the signature verification command: +4. Ejecuta el comando de verificación de firmas: ```bash ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk ``` -5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk/) on their website. +5. Los hashes resultantes pueden compararse con otra fuente. Algunos desarrolladores como Signal [muestran las firmas](https://signal.org/android/apk/) en su sitio web. ```bash Signer #1 certificate DN: CN=GrapheneOS @@ -316,17 +318,17 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt !!! note - In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. + En algunos raros casos, el desarrollador de una aplicación sólo la distribuirá a través de F-Droid ([Gadgetbridge](https://gadgetbridge.org/) es un ejemplo de ello). Si realmente necesitas una aplicación como esa, te recomendamos que utilices [Neo Store](https://github.com/NeoApplications/Neo-Store/) en lugar de la aplicación oficial F-Droid para obtenerla. -## Criteria +## Criterios **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. !!! example "This section is new" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Estamos trabajando para establecer criterios definidos para cada sección de nuestro sitio, y esto puede estar sujeto a cambios. Si tienes alguna duda sobre nuestros criterios, por favor [pregunta en nuestro foro](https://discuss.privacyguides.net/latest) y no asumas que no hemos tenido en cuenta algo a la hora de hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se debaten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso. -### Software +### Sistema Operativo - Must be open-source software. - Must support bootloader locking with custom AVB key support. @@ -337,17 +339,15 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Must **not** enable Google Play Services by default. - Must **not** require system modification to support Google Play Services. -### Devices +### Dispositivo - Must support at least one of our recommended custom operating systems. - Must be currently sold new in stores. - Must receive a minimum of 5 years of security updates. - Must have dedicated secure element hardware. -### Applications +### Aplicaciones - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/assets/img/how-tor-works/tor-path-dark.svg b/i18n/es/assets/img/how-tor-works/tor-path-dark.svg index 9002c9b16..f62866cd0 100644 --- a/i18n/es/assets/img/how-tor-works/tor-path-dark.svg +++ b/i18n/es/assets/img/how-tor-works/tor-path-dark.svg @@ -24,8 +24,8 @@ - Your - Device + Su + dispositivo diff --git a/i18n/es/assets/img/how-tor-works/tor-path.svg b/i18n/es/assets/img/how-tor-works/tor-path.svg index cb53d8b13..a66597393 100644 --- a/i18n/es/assets/img/how-tor-works/tor-path.svg +++ b/i18n/es/assets/img/how-tor-works/tor-path.svg @@ -24,22 +24,22 @@ - Your - Device + Su + dispositivo - Entry + Entrada - Middle + Medio - Exit + Salida diff --git a/i18n/es/basics/account-creation.md b/i18n/es/basics/account-creation.md index aa3894b33..1938e358d 100644 --- a/i18n/es/basics/account-creation.md +++ b/i18n/es/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Creación De Cuenta" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- A menudo la gente se inscribe en servicios sin pensar. Tal vez sea un servicio de streaming para que puedas ver ese nuevo show del que todo el mundo habla, o una cuenta que te da un descuento para tu lugar de comida rápida favorito. Sea cual sea el caso, debes tener en cuenta las implicaciones que tednrá para tus datos ahora y más adelante. @@ -43,7 +44,7 @@ Si un servicio es hackeado, puede que usted comience a recibir correos engañoso [Servicios recomendados de alias de correo electrónico](../email.md#email-aliasing-services ""){.md-button} -### Single sign-on +### Inicio de sesión único !!! note @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/account-deletion.md b/i18n/es/basics/account-deletion.md index d9d81118b..3244b4658 100644 --- a/i18n/es/basics/account-deletion.md +++ b/i18n/es/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Eliminación de cuenta" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Con el tiempo, puede ser fácil acumular varias cuentas en línea, muchas de las cuales puede que ya no utilices. Eliminar estas cuentas que no utilizas es un paso importante para recuperar tu privacidad, ya que las cuentas inactivas son vulnerables a las filtraciones de datos. Una filtración de datos se da cuando la seguridad de un servicio se ve comprometida y la información protegida es vista, transmitida o robada por actores no autorizados. Desafortunadamente, las filtraciones de datos son [demasiado comunes](https://haveibeenpwned.com/PwnedWebsites) en estos días, por lo que practicar una buena higiene digital es la mejor manera de minimizar el impacto que tienen en tu vida. El objetivo de esta guía es ayudarte a atravesar el fastidioso proceso de eliminación de cuentas para mejorar tu presencia en línea, lo que es a menudo dificultado por [un diseño engañoso](https://www.deceptive.design/). @@ -59,5 +60,3 @@ Aunque puedas eliminar una cuenta, no hay garantía de que toda tu información ## Evitar cuentas nuevas Como dice el refrán, "más vale prevenir que lamentar" Siempre que sientas la tentación de crear una nueva cuenta, pregúntate "¿realmente lo necesito? ¿Puedo lograr lo que necesito sin una cuenta?" A menudo puede ser mucho más difícil eliminar una cuenta que crearla. E incluso después de borrar o cambiar la información de tu cuenta, puede haber una versión en caché de un tercero, como en el [Internet Archive](https://archive.org/). Evita la tentación cuando puedas, ¡tu futuro yo te lo agradecerá! - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/common-misconceptions.md b/i18n/es/basics/common-misconceptions.md index 9ffa5cd61..61b65eb99 100644 --- a/i18n/es/basics/common-misconceptions.md +++ b/i18n/es/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Conceptos erróneos comunes" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "El software de código abierto es siempre seguro" o "El software propietario es más seguro" @@ -44,7 +45,7 @@ Uno de los modelos de amenaza más claros es aquel en el que la gente *sabe qui No sugerimos usar una VPN o Tor para ninguna de estas cosas, ya que tu identidad ya es conocida por otros medios. - !!! tip + !!! consejo Al comprar en línea, el uso de un [casillero de paquetes](https://en.wikipedia.org/wiki/Parcel_locker) puede ayudar a mantener la privacidad de tu dirección física. @@ -56,6 +57,4 @@ Uno de los modelos de amenaza más claros es aquel en el que la gente *sabe qui Usar Tor puede ayudar con esto. También cabe destacar que es posible un mayor anonimato mediante la comunicación asíncrona: La comunicación en tiempo real es vulnerable al análisis de los patrones de escritura (es decir, más de un párrafo de texto, distribuido en un foro, por correo electrónico, etc.) ---8<-- "includes/abbreviations.es.txt" - [^1]: Un ejemplo notable de esto es [el incidente de 2021 en el que investigadores de la Universidad de Minnesota introdujeron tres vulnerabilidades en el proyecto de desarrollo del kernel de Linux](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/es/basics/common-threats.md b/i18n/es/basics/common-threats.md index eef40a370..23db3b14d 100644 --- a/i18n/es/basics/common-threats.md +++ b/i18n/es/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Amenazas comunes" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- En términos generales, clasificamos nuestras recomendaciones en las [amenazas](threat-modeling.md) u objetivos que se aplican a la mayoría de las personas. ==Puede que no te preocupe ninguna, una, varias o todas estas posibilidades==, y las herramientas y servicios que utilices dependerán de cuáles sean tus objetivos. Es posible que también tengas amenazas específicas fuera de estas categorías, ¡lo cual está perfectamente bien! Lo importante es desarrollar una comprensión de los beneficios y las deficiencias de las herramientas que elijas utilizar, porque prácticamente ninguna de ellas te protegerá de todas las amenazas. @@ -34,7 +35,7 @@ En lo que respecta a la seguridad de las aplicaciones, generalmente no sabemos ( Para minimizar el daño que una pieza maliciosa de software *podría hacer*, deberías emplear la seguridad por compartimentación. Por ejemplo, esto podría darse en la forma de usar diferentes ordenadores para diferentes trabajos, usar máquinas virtuales para separar diferentes grupos de aplicaciones relacionadas, o usar un sistema operativo seguro con un fuerte enfoque en el aislamiento de aplicaciones y el control de acceso obligatorio. -!!! tip +!!! consejo Los sistemas operativos móviles suelen tener un mejor aislamiento de aplicaciones que los sistemas operativos de escritorio: Las aplicaciones no pueden obtener acceso a la raíz y requieren permiso para acceder a los recursos del sistema. @@ -44,7 +45,7 @@ Para minimizar el daño que una pieza maliciosa de software *podría hacer*, deb Los ataques dirigidos contra una persona concreta son más problemáticos de tratar. Los ataques más comunes son el envío de documentos maliciosos por correo electrónico, la explotación de vulnerabilidades (por ejemplo, en los navegadores y sistemas operativos) y los ataques físicos. Si esto te preocupa, deberías emplear estrategias de mitigación de amenazas más avanzadas. -!!! tip +!!! consejo Por su diseño, los **navegadores web**, los **clientes de correo electrónico** y las **aplicaciones de oficina** suelen ejecutar código no fiable, enviado por terceros. Ejecutar múltiples máquinas virtuales -para separar aplicaciones como estas de su sistema anfitrión, así como entre sí- es una técnica que puedes utilizar para mitigar la posibilidad de que un exploit en estas aplicaciones comprometa el resto de tu sistema. Por ejemplo, tecnologías como Qubes OS o Microsoft Defender Application Guard en Windows proporcionan métodos convenientes para hacerlo. @@ -80,11 +81,11 @@ La vigilancia masiva es el intrincado esfuerzo por controlar el "comportamiento, Si quiere saber más sobre los métodos de vigilancia y cómo se aplican en su ciudad, también puede echar un vistazo al [Atlas of Surveillance](https://atlasofsurveillance.org/) de la [Electronic Frontier Foundation](https://www.eff.org/). - In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net. + En Francia puede consultar el sitio [Technolopolice website](https://technopolice.fr/villes/), mantenido por la asociación sin ánimo de lucro La Quadrature du Net. Los gobiernos suelen justificar los programas de vigilancia masiva como medios necesarios para combatir el terrorismo y prevenir la delincuencia. cita "ACLU: [*La lección de privacidad del 11 de septiembre: La vigilancia masiva no es el camino a seguir*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" -!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" +!!! cita "ACLU: [*La lección de privacidad del 11 de septiembre: La vigilancia masiva no es el camino a seguir*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" Aunque eludir la censura en sí puede ser fácil, ocultar el hecho de que lo estás haciendo puede ser muy problemático. Debrías considerar qué aspectos de la red puede observar tu adversario y si tiene una negación plausible de tus acciones. @@ -128,19 +129,17 @@ La censura en línea puede ser llevada a cabo (en diversos grados) por actores q La censura en las plataformas corporativas es cada vez más común, ya que plataformas como Twitter y Facebook ceden a la demanda del público, a las presiones del mercado y a las de los organismos gubernamentales. Las presiones gubernamentales pueden ser peticiones encubiertas a las empresas, como la de la Casa Blanca [solicitando la retirada](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) de un vídeo provocativo de YouTube, o abiertamente, como la del gobierno chino exigiendo a las empresas que se adhieran a un estricto régimen de censura. -La censura en las plataformas corporativas es cada vez más común, ya que plataformas como Twitter y Facebook ceden a la demanda del público, a las presiones del mercado y a las de los organismos gubernamentales. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. +La censura en las plataformas corporativas es cada vez más común, ya que plataformas como Twitter y Facebook ceden a la demanda del público, a las presiones del mercado y a las de los organismos gubernamentales. Las presiones gubernamentales pueden ser peticiones encubiertas a las empresas, como la de la Casa Blanca [solicitando la retirada](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) de un vídeo provocativo de YouTube, o abiertamente, como la del gobierno chino exigiendo a las empresas que se adhieran a un estricto régimen de censura. -People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. +Las personas preocupadas por la amenaza de la censura pueden utilizar tecnologías como [Tor](../advanced/tor-overview.md) para eludirla, y apoyar plataformas de comunicación resistentes a la censura como [Matrix](../real-time-communication.md#element), que no tiene una autoridad de cuentas centralizada que pueda cerrar cuentas arbitrariamente. -!!! tip +!!! consejo - While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. + Si bien evadir la censura en sí misma puede ser fácil, ocultar el hecho de que lo estás haciendo puede ser muy problemático. - You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection). + Deberías considerar qué aspectos de la red puede observar tu adversario y si tienes una justificación verosímil para tus acciones. Por ejemplo, el uso de [DNS cifrado](../advanced/dns-overview.md#what-is-encrypted-dns) puede ayudarte a eludir sistemas de censura rudimentarios basados en DNS, pero no puede ocultar realmente lo que visitas a tu ISP. Una VPN o Tor puede ayudar a ocultar lo que estás visitando de los administradores de red, pero no puede ocultar que estás utilizando esas redes en primer lugar. Los transportes conectables (como Obfs4proxy, Meek, o Shadowsocks) pueden ayudarte a evadir cortafuegos que bloquean protocolos VPN comunes o Tor, pero tus intentos de evasión aún pueden ser detectados por métodos como sondeo o [inspección profunda de paquetes](https://es.wikipedia.org/wiki/Inspección_profunda_de_paquete). -You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. - ---8<-- "includes/abbreviations.es.txt" +Siempre debes tener en cuenta los riesgos de intentar saltarse la censura, las posibles consecuencias y lo sofisticado que puede ser el adversario. Debe ser precavido con la selección del software y tener un plan de respaldo en caso de que te pillen. [^1]: Wikipedia: [*Vigilancia masiva*](https://es.wikipedia.org/wiki/Vigilancia_masiva) y [*Vigilancia*](https://es.wikipedia.org/wiki/Vigilancia). [^2]: Junta de Supervisión de la Privacidad y las Libertades Civiles de los Estados Unidos: [*Informe sobre el Programa de Registros Telefónicos llevado a cabo bajo la Sección 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) diff --git a/i18n/es/basics/email-security.md b/i18n/es/basics/email-security.md index 6fbf613e7..203eceb0c 100644 --- a/i18n/es/basics/email-security.md +++ b/i18n/es/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Seguridad del correo electrónico icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- El correo electrónico es una forma de comunicación insegura por defecto. Puedes mejorar la seguridad de tu correo electrónico con herramientas como OpenPGP, que añaden cifrado de extremo a extremo a tus mensajes, pero OpenPGP sigue teniendo una serie de inconvenientes en comparación con el cifrado de otras aplicaciones de mensajería, y algunos datos del correo electrónico nunca pueden cifrarse de forma inherente debido a cómo está diseñado el correo electrónico. @@ -38,5 +39,3 @@ Los metadatos del correo electrónico están protegidos de observadores externos ### ¿Por qué los metadatos no pueden ser E2EE? Los metadatos del correo electrónico son cruciales para la funcionalidad más básica del correo electrónico (de dónde viene y a dónde tiene que ir). E2EE no estaba integrado originalmente en los protocolos de correo electrónico, sino que requería un software adicional como OpenPGP. Dado que los mensajes OpenPGP todavía tienen que funcionar con los proveedores de correo electrónico tradicionales, no puede cifrar los metadatos del correo electrónico, sino sólo el cuerpo del mensaje. Esto significa que, incluso cuando se utiliza OpenPGP, los observadores externos pueden ver mucha información sobre tus mensajes, como a quién estás enviando correos electrónicos, las líneas de asunto, cuándo estás enviando correos, etc. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/multi-factor-authentication.md b/i18n/es/basics/multi-factor-authentication.md index 2e3cf8e45..0b6e2cba7 100644 --- a/i18n/es/basics/multi-factor-authentication.md +++ b/i18n/es/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticación de múltiples factores" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **La autenticación multifactorial** (**MFA**) es un mecanismo de seguridad que requiere pasos adicionales a la introducción del nombre de usuario (o correo electrónico) y la contraseña. El método más común son los códigos de tiempo limitado que puedes recibir de un SMS o una aplicación. @@ -162,5 +163,3 @@ MFA de SSH también se puede configurar utilizando TOTP. DigitalOcean ha proporc ### KeePass (y KeePassXC) Las bases de datos de KeePass y KeePassXC pueden ser aseguradas utilizando Challenge-Response o HOTP como segundo factor de autenticación. Yubico ha proporcionado un documento para KeePass [Uso de su YubiKey con KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) y también hay uno en el sitio web de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa). - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/passwords-overview.md b/i18n/es/basics/passwords-overview.md index 51ad8fdf3..e105737fb 100644 --- a/i18n/es/basics/passwords-overview.md +++ b/i18n/es/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introducción a las contraseñas" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Las contraseñas son una parte esencial de nuestra vida digital cotidiana. Las utilizamos para proteger nuestras cuentas, nuestros dispositivos y nuestros secretos. A pesar de ser a menudo lo único que nos separa de un adversario que busca nuestra información privada, no se piensa mucho en ellas, lo que a menudo lleva a la gente a utilizar contraseñas que pueden ser fácilmente adivinadas o forzadas. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Copias de seguridad You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/threat-modeling.md b/i18n/es/basics/threat-modeling.md index 51dd7ef4e..ac4e0b308 100644 --- a/i18n/es/basics/threat-modeling.md +++ b/i18n/es/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "¿Qué son los modelos de amenaza?" icon: 'material/target-account' +description: Equilibrar la seguridad, la privacidad y la facilidad de uso es una de las primeras y más difíciles tareas a las que se enfrentará en su camino hacia la privacidad. --- Equilibrar la seguridad, la privacidad y la facilidad de uso es una de las primeras y más difíciles tareas a las que se enfrentará en su camino hacia la privacidad. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -98,7 +99,7 @@ Sólo una vez que se haya planteado estas preguntas estará en condiciones de ev Elaborar un plan de seguridad le ayudará a comprender las amenazas que le son propias y a evaluar sus activos, sus adversarios y las capacidades de éstos, junto con la probabilidad de los riesgos a los que se enfrenta. -## Further Reading +## Lecturas Adicionales For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Fuentes - [EFF Surveillance Self Defense: Su plan de seguridad](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/vpn-overview.md b/i18n/es/basics/vpn-overview.md index 0cdbc15d4..3236abdf8 100644 --- a/i18n/es/basics/vpn-overview.md +++ b/i18n/es/basics/vpn-overview.md @@ -1,29 +1,30 @@ --- title: Vista general del VPN icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- -Las redes virtuales privadas (conocidas en inglés como Virtual Private Networks) son una manera de ampliar el extremo de tu red hacia algún lugar del mundo. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). +Las redes virtuales privadas (conocidas en inglés como Virtual Private Networks) son una manera de ampliar el extremo de tu red hacia algún lugar del mundo. Un ISP puede ver el flujo de tráfico de Internet que entra y sale de su dispositivo de terminación de red (es decir, el módem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). -A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. +Una VPN puede ayudar, ya que puede trasladar la confianza a un servidor en otro lugar del mundo. Como resultado, el ISP solamente ve que te conectaste a una VPN y nada de la actividad que le estás pasando. -## Should I use a VPN? +## ¿Debería usar una VPN? -**Yes**, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service. +**Sí**, a menos que ya estés usando Tor. Una VPN hace dos cosas: trasladar los riesgos de su proveedor de servicios de Internet a sí mismo y ocultar su IP de un servicio de terceros. -VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way. +Las VPN no pueden cifrar datos fuera de la conexión entre su dispositivo y el servidor VPN. Los proveedores de VPN pueden ver y modificar su tráfico del mismo modo que su proveedor de Internet. Y no hay forma de verificar de ninguna manera las políticas de "no registro" de un proveedor de VPN. -However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking. +Sin embargo, ocultan tu IP real de un servicio de terceros, siempre que no haya fugas de IP. Le ayudan a mezclarse con los demás y a mitigar el seguimiento basado en la IP. -## When shouldn't I use a VPN? +## ¿Cuándo no debería usar una VPN? -Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful. +El uso de una VPN en caso de que estés utilizando tu[identidad conocida](common-threats.md#common-misconceptions) probablemente no sea útil. -Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website. +Si lo hace, pueden activarse los sistemas de detección de spam y fraude, por ejemplo si te conectas al sitio web de tu banco. -## What about encryption? +## ¿Qué pasa con el cifrado? Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption. @@ -41,7 +42,7 @@ Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md). -## What if I need anonymity? +## ¿Y si necesito anonimato? VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead. @@ -70,9 +71,7 @@ For situations like these, or if you have another compelling reason, the VPN pro ## Related VPN Information -- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) -- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) -- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) -- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.es.txt" +- [El problema con las VPN y los sitios de revisión de privacidad](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) +- [Investigación sobre aplicaciones VPN gratuitas](https://www.top10vpn.com/free-vpn-app-investigation/) +- [Propietarios ocultos de VPN revelados: 101 productos VPN administrados por solo 23 empresas](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) +- [Esta empresa china está secretamente detrás de 24 aplicaciones populares que buscan permisos peligrosos](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) diff --git a/i18n/es/calendar.md b/i18n/es/calendar.md index 23fe133d8..22ad2ca14 100644 --- a/i18n/es/calendar.md +++ b/i18n/es/calendar.md @@ -1,6 +1,7 @@ --- title: "Clientes de Correo Electrónico" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -81,5 +82,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/cloud.md b/i18n/es/cloud.md index 0b020a27d..e5a484416 100644 --- a/i18n/es/cloud.md +++ b/i18n/es/cloud.md @@ -1,6 +1,7 @@ --- title: "Correo Electrónico" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Muchos proveedores de almacenamiento en la nube exigen que confíes plenamente en que no mirarán tus archivos. Las alternativas que se enumeran a continuación eliminan la necesidad de confianza, ya que le ponen en control de sus datos o implementan E2EE. @@ -30,7 +31,6 @@ Confíe en su proveedor utilizando una alternativa a continuación que es compat ??? -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -59,5 +59,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/cryptocurrency.md b/i18n/es/cryptocurrency.md new file mode 100644 index 000000000..00d0f2ecd --- /dev/null +++ b/i18n/es/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! peligro + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recomendación + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/es/data-redaction.md b/i18n/es/data-redaction.md index cd4b209de..8f7f7341a 100644 --- a/i18n/es/data-redaction.md +++ b/i18n/es/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- Cuando compartas archivos, asegúrate de eliminar los metadatos asociados. Los archivos de imagen suelen incluir Datos [Exif](https://es.wikipedia.org/wiki/Exchangeable_image_file_format). A veces, las fotos incluyen incluso coordenadas GPS en los metadatos del archivo. @@ -142,5 +143,3 @@ La aplicación ofrece múltiples formas de borrar los metadatos de las imágenes - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/desktop-browsers.md b/i18n/es/desktop-browsers.md index cc56f6374..fae72df06 100644 --- a/i18n/es/desktop-browsers.md +++ b/i18n/es/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Navegadores de escritorio" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- Estas son nuestras recomendaciones de navegadores web para computadoras y las configuraciones para la navegación estándar/no anónima por Internet. Si necesitas navegar por Internet de forma anónima, deberías utilizar [Tor](tor.md) . En general, recomendamos mantener una cantidad mínima de extensiones; estas tienen un acceso privilegiado dentro de tu navegador, requieren que confíes en el desarrollador, pueden hacerte [destacar](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), y [debilitan](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) el aislamiento del sitio. @@ -257,6 +258,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.es.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/es/desktop.md b/i18n/es/desktop.md index a4e9b1ba4..d78ca05da 100644 --- a/i18n/es/desktop.md +++ b/i18n/es/desktop.md @@ -1,6 +1,7 @@ --- title: "Almacenamiento en la Nube" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Nuestros sistemas operativos recomendados: - Debe soportar el cifrado de disco completo durante la instalación. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Debe ser compatible con una amplia variedad de hardware. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/dns.md b/i18n/es/dns.md index a9eefe7a3..94a29301c 100644 --- a/i18n/es/dns.md +++ b/i18n/es/dns.md @@ -1,142 +1,172 @@ --- -title: "Introducción a DNS" +title: "Resolvers DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! ¿Debería utilizar un DNS cifrado? +Un DNS cifrado con servidores de terceros solo debe utilizarse para evitar el [bloqueo de DNS básico](https://en.wikipedia.org/wiki/DNS_blocking) cuando puedas estar seguro de que no habrá ninguna consecuencia. Un DNS encriptado no te ayudará a esconder tu actividad en línea. - El DNS cifrado con un tercero solo debe usarse para evitar redirecciones y el bloqueo básico de DNS cuando puedas estar seguro de que no habrá consecuencias o estés interesado en un proveedor que realice un filtrado rudimentario. DNS encriptado no te ayudará a esconder tu actividad en línea. - - [Aprende más sobre el DNS](technology/dns.md){ .md-button } +[Aprende más sobre DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Proveedores recomendados -| DNS | Política de Privacidad | Protocolo | Protocolos | Registros | ECS | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------- | -------------------------------------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Comercial | Texto simple
DoH
DoT
DNSCrypt | 2 | No Filter list being used can be found here. [**DNS mediante HTTPS**](https://es.wikipedia.org/wiki/DNS_mediante_HTTPS) como está definido en el [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) empaqueta las consultas en el protocolo [HTTP/2](https://es.wikipedia.org/wiki/HTTP/2) y proporciona seguridad con HTTPS. | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Comercial | Texto simple
DoH
DoT | 2 | No | -| [**ControlID**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Comercial | Texto simple
DoH
DoT | 2 | No | -| [**IVPN**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | Comercial | DoH
DoT | 2 | No Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Comercial | Texto simple
DoH
DoT
DNSCrypt | Opcional [^5] | No | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Comercial | Some[^6] | Opcional [^5] | Based on server choice, Malware blocking by default. | +| Proveedor de DNS | Política de Privacidad | Protocolos | Registro | ECS | Filtrado | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | -------------------------------------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Texto simple
DoH
DoT
DNSCrypt | Parcial[^1] | No | Basado en la elección del servidor. La lista de filtros que se utilizan pueden encontrarse aquí. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | No | Basado en la elección del servidor. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Opcional[^3] | No | Basado en la elección del servidor. | +| [**IVPN**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | No | Basado en la elección del servidor. La lista de filtros que se utilizan pueden encontrarse aquí. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Texto simple
DoH
DoT
DNSCrypt | Opcional [^5] | Basado en la elección del servidor. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Comercial | Parcial[^6] | Opcional [^5] | Según la elección del servidor, bloqueo de malware por defecto. | -## Criteria +## Criterios -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Ten en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos que nos permiten proporcionar recomendaciones objetivas. Te sugerimos que te familiarices con esta lista antes de elegir usar un proyecto, y que lleves a cabo tu propia investigación para asegurarte de que es la elección correcta para ti. -!!! example "This section is new" +!!! Ejemplo "Esta sección es nueva" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Estamos trabajando para establecer criterios definidos para cada sección de nuestro sitio, y esto puede estar sujeto a cambios. Si tienes alguna duda sobre nuestros criterios, por favor [pregunta en nuestro foro](https://discuss.privacyguides.net/latest) y no asumas que no hemos tenido en cuenta algo a la hora de hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se debaten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso. -- Debe soportar [DNSSEC](technology/dns.md#what-is-dnssec-and-when-is-it-used) -- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. -- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. +- Debe soportar [DNSSEC](technology/dns.md#what-is-dnssec-and-when-is-it-used). +- [Minimización QNAME](advanced/dns-overview.md#what-is-qname-minimization). +- Permita desactivar [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs). +- Preferir soporte [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) o soporte de dirección geográfica. -## DNS sin cifrado +## Compatibilidad con sistemas operativos nativos ### Android -Las últimas versiones de iOS, iPadOS, tvOS y macOS, soportan tanto DoT como DoH. Ambos protocolos son soportados nativamente a través de [configuración de perfiles ](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) o a través de la [API de configuración DNS](https://developer.apple.com/documentation/networkextension/dns_settings). +Android 9 y superiores soportan DNS sobre TLS. Los ajustes se pueden encontrar en: **Configuración** → **Red & Internet** → **DNS privado**. ### Dispositivos Apple -Tras la instalación de un perfil de configuración o de una aplicación que utilice la API de configuración de DNS, se puede seleccionar la configuración de DNS. Si una VPN está activo, la resolución dentro del túnel VPN utilizará la configuración DNS de la VPN y no la configuración de todo el sistema. +Las últimas versiones de iOS, iPadOS, tvOS y macOS, admiten tanto DoT como DoH. Ambos protocolos son soportados nativamente a través de [configuración de perfiles ](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) o a través de la [API de configuración DNS](https://developer.apple.com/documentation/networkextension/dns_settings). -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +Tras la instalación de un perfil de configuración o de una aplicación que utilice la API de configuración de DNS, se puede seleccionar la configuración de DNS. Si una VPN está activa, la resolución dentro del túnel VPN utilizará la configuración DNS de la VPN y no la configuración de todo el sistema. -#### Signed Profiles +#### Perfiles firmados -Apple does not provide a native interface for creating encrypted DNS profiles. Información Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). +Apple no proporciona una interfaz nativa para crear perfiles DNS cifrados. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) es una herramienta no oficial para crear tus propios perfiles DNS encriptados, aunque no estarán firmados. Son preferibles los perfiles firmados; la firma valida el origen de un perfil y ayuda a garantizar su integridad. Los perfiles de configuración firmados reciben la etiqueta verde de "Verificado". Para más información sobre la firma de código, consulte [Acerca de la firma de código](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Perfiles firmados** son ofrecidos por [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io)y [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). -!!! info +!!! Información - `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + `systemd-resolved`, que muchas distribuciones Linux utilizan para realizar sus búsquedas DNS, todavía no [soporta DoH](https://github.com/systemd/systemd/issues/8639). Si quieres usar DoH, necesitarás instalar un proxy como [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) y [configurarlo](https://wiki. rchlinux.org/title/Dnscrypt-proxy) para obtener todas las consultas DNS de la resolución del sistema y reenviarlas a HTTPS. -## Encrypted DNS Proxies +## Proxies DNS cifrados -Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). +El software proxy DNS encriptado proporciona un proxy local para que el resolver DNS no encriptado +lo reenvíe. Normalmente se utiliza en plataformas que no soportan de forma nativa el DNS cifrado [](advanced/dns-overview.md#what-is-encrypted-dns).

-### DNS -!!! recomendación - - ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } - ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } - - **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. - - [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) - - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) - -### DNSCrypt - -!!! recomendación - - ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } - - **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). - - !!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." - - [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" } - [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute } - - ??? downloads - - - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) - - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) - -## Self-hosted Solutions - -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. ### RethinkDNS !!! recomendación - ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } + ![Logo de RethinkDNS](assets/img/android/rethinkdns.svg#only-light){ align=right } + ![Logo de RethinkDNS](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } - **AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **RethinkDNS** es un cliente Android de código abierto que soporta [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) y DNS Proxy junto con el almacenamiento en caché de las respuestas DNS, el registro local de las consultas DNS y también se puede utilizar como cortafuegos. - AdGuard Home features a polished web interface to view insights and manage blocked content. + [:octicons-home-16: Inicio](https://rethinkdns.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Código fuente" } + + ??? descargas + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) + - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) - [:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } - [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } -### DNSCloak + + +### dnscrypt-proxy !!! recomendación - ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } + ![logo dnscrypt-proxy](assets/img/dns/dnscrypt-proxy.svg){ align=right } - **Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **dnscrypt-proxy** es un proxy DNS con soporte para [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), y [DNS Anonimizado](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). - Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. + !!! advertencia "La función DNS anónima [**no**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonimiza otro tráfico de red." + + [:octicons-repo-16: Repositorio](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribuir } + + ??? descargas + + - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) + - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) + - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) - [:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } - [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.es.txt" -[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) -[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) -[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) -[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) -[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) -[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) + +## Soluciones autoalojadas + +Una solución DNS autoalojada es útil para proporcionar filtrado en plataformas controladas, como Smart TV y otros dispositivos IoT, ya que no se necesita software del lado del cliente. + + + +### AdGuard Home + +!!! recomendación + + ![Logo de AdGuard Home](assets/img/dns/adguard-home.svg){ align=right } + + **AdGuard Home** es un código abierto [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) que utiliza [filtrado DNS](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) para bloquear contenido web no deseado, como anuncios. + + AdGuard Home cuenta con una interfaz web pulida para ver información y gestionar el contenido bloqueado. + + [:octicons-home-16: Inicio](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } + [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Código fuente" } + + + + +### Pi-hole + +!!! recomendación + + ![Logo de Pi-hole](assets/img/dns/pi-hole.svg){ align=right } + + **Pi-hole** es un código abierto [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) que utiliza [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) para bloquear contenidos web no deseados, como la publicidad. + + Pi-hole está diseñado para alojarse en una Raspberry Pi, pero no se limita a dicho hardware. El software cuenta con una interfaz web fácil de usar para ver los datos y gestionar los contenidos bloqueados. + + [:octicons-home-16: Inicio](https://pi-hole.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribuir } + + + + +[^1]: + AdGuard almacena métricas de rendimiento agregadas de sus servidores DNS, es decir, el número de solicitudes completas a un servidor en particular, el número de solicitudes bloqueadas y la velocidad de procesamiento de solicitudes. También guardan y almacenan la base de datos de dominios solicitados en las últimas 24 horas. "Necesitamos esta información para identificar y bloquear nuevos rastreadores y amenazas". "También registramos cuántas veces se ha bloqueado tal o cual rastreador. Necesitamos esta información para eliminar normas obsoletas de nuestros filtros". [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) + + +[^2]: + Cloudflare recopila y almacena únicamente los datos de consulta DNS limitados que se envían al resolver 1.1.1.1. El servicio de resolución 1.1.1.1 no registra datos personales, y el grueso de los limitados datos de consulta no identificables personalmente se almacena sólo durante 25 horas. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) + + +[^3]: + El Control D sólo registra los resolvers Premium con perfiles DNS personalizados. Los resolvers libres no registran datos. [https://controld.com/privacy](https://controld.com/privacy) + + +[^4]: + El servicio DNS de Mullvad está disponible tanto para suscriptores como para no suscriptores de Mullvad VPN. Su política de privacidad afirma explícitamente que no registran las solicitudes DNS de ninguna manera. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) + + +[^5]: + NextDNS puede proporcionar información y funciones de registro previa solicitud. Puede elegir los tiempos de retención y las ubicaciones de almacenamiento de los registros que desee conservar. Si no se solicita específicamente, no se registra ningún dato. [https://nextdns.io/privacy](https://nextdns.io/privacy) + + +[^6]: + Quad9 recopila algunos datos con fines de supervisión y respuesta ante amenazas. Esos datos pueden remezclarse y compartirse, por ejemplo, con fines de investigación sobre seguridad. Quad9 no recoge ni registra direcciones IP ni otros datos que consideren personalmente identificables. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) diff --git a/i18n/es/email-clients.md b/i18n/es/email-clients.md index 5962ed571..42a21cffd 100644 --- a/i18n/es/email-clients.md +++ b/i18n/es/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Nuestra lista de recomendaciones contiene clientes de correo electrónico que soportan [OpenPGP](encryption.md#openpgp) y una autenticación fuerte como [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth te permite utilizar la [Autenticación Multifactor](basics/multi-factor-authentication.md) y previene el robo de cuentas. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/email.md b/i18n/es/email.md index 3b4f339f1..200f58a1c 100644 --- a/i18n/es/email.md +++ b/i18n/es/email.md @@ -1,6 +1,7 @@ --- title: "Servicios de correo electrónico" icon: material/email +description: Estos proveedores de correo electrónico ofrecen un lugar estupendo para almacenar tus mensajes de forma segura, y muchos ofrecen cifrado OpenPGP interoperable con otros proveedores. --- El correo electrónico es prácticamente necesario para utilizar cualquier servicio en línea. Sin embargo, no lo recomendamos para las conversaciones de persona a persona. En vez de utilizar el correo electrónico para comunicarse con otras personas, considere utilizar un servicio de mensajería instantánea que soporte el secreto de reenvío. @@ -9,29 +10,41 @@ El correo electrónico es prácticamente necesario para utilizar cualquier servi Para todo lo demás, recomendamos una variedad de proveedores de correo electrónico basados en modelos sostenibles, además de características de seguridad y privacidad integradas. +- [Proveedores de correo electrónico compatibles con OpenPGP :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Otros proveedores encriptados :material-arrow-right-drop-circle:](#more-providers) +- [Servicios de alias de correo electrónico :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Opciones autoalojadas :material-arrow-right-drop-circle:](#self-hosting-email) + ## Servicios compatibles con OpenPGP -Estos proveedores soportan de manera nativa el cifrado/descifrado de OpenPGP, permitiendo que los correos electrónicos E2EE sean independientes del proveedor. Por ejemplo, un usuario de Proton Mail no puede enviar un mensaje E2EE a un usuario de Mailbox.org, o usted puede recibir notificaciones cifradas con OpenPGP desde servicios de internet que lo soporten. +Estos proveedores soportan de forma nativa el cifrado/descifrado OpenPGP y el estándar Web Key Directory (WKD), lo que permite que los correos electrónicos E2EE sean independientes del proveedor. Por ejemplo, un usuario de Proton Mail podría enviar un mensaje E2EE a un usuario de Mailbox.org, o usted podría recibir notificaciones cifradas con OpenPGP desde servicios de Internet que lo admitan. -!!! warning +
+ +- ![Logo Proton Mail](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Logo Mailbox.org](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
+ +!!! advertencia Al utilizar una tecnología de cifrado de extremo a extremo (E2EE, por sus siglas en inglés) como OpenPGP, los correos aún tendrán algunos metadatos que no son encriptados en el encabezado del correo. Más información sobre los [metadatos de correo electrónico](basics/email-security.md#email-metadata-overview). - OpenPGP tampoco soporta el secreto de reenvío, lo que significa si la clave privada del receptos es robada, todos los mensajes cifrados previamente con ella, serán expuestos. [¿Cómo puedo proteger mis claves privadas?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP tampoco soporta el secreto de reenvío, lo que significa si la clave privada del receptor es robada, todos los mensajes cifrados previamente con ella, serán expuestos. [¿Cómo puedo proteger mis claves privadas?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail !!! recomendación - ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + ![Logo Proton Mail](assets/img/email/protonmail.svg){ align=right } **Proton Mail** es un servicio de correo electrónico con un enfoque en la privacidad, el cifrado, la seguridad y la facilidad de uso. Ellos operan desde **2013**. Proton AG tiene su sede en Ginebra, Suiza. Las cuentas inician con 500 MB de almacenamiento en el plan gratuito. [:octicons-home-16: Página principal](https://proton.me/mail){ .md-button .md-button--primary } - [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" } + [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Servicio Onion" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Código fuente" } ??? descargas @@ -43,172 +56,179 @@ Estos proveedores soportan de manera nativa el cifrado/descifrado de OpenPGP, pe - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Las cuentas gratuitas tienen algunas limitaciones, como no poder buscar texto en el contenido, y no tener acceso a [Proton Mail Bridge](https://proton.me/mail/bridge), que es requerido para utilizar un [cliente recomendado de correo electrónico para escritorio](email-clients.md) (como Thunderbird). Las cuentas de pago incluyen características como Proton Mail Bridge, almacenamiento adicional y soporte para dominios personalizados. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +Las cuentas gratuitas tienen algunas limitaciones, como no poder buscar texto en el contenido, y no tener acceso a [Proton Mail Bridge](https://proton.me/mail/bridge), que es requerido para utilizar un [cliente recomendado de correo electrónico para escritorio](email-clients.md) (como Thunderbird). Las cuentas de pago incluyen características como Proton Mail Bridge, almacenamiento adicional y soporte para dominios personalizados. Se proporcionó una carta de certificación [](https://proton.me/blog/security-audit-all-proton-apps) para las aplicaciones de Proton Mail el 9 de noviembre de 2021 por [Securitum](https://research.securitum.com). -If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. +Si tiene el plan Proton Unlimited, Business o Visionary, también obtendrá [SimpleLogin](#simplelogin) Premium de forma gratuita. -Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. +Proton Mail tiene informes de errores internos que **no** comparten con terceros. Puede desactivarse en: **Ajustes** > **Ir a Ajustes** > **Cuenta** > **Seguridad y privacidad** > **Enviar informes de fallos**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Dominios personalizados y alias - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Los suscriptores de pago de Proton Mail pueden utilizar su propio dominio con el servicio o una dirección [catch-all](https://proton.me/support/catch-all). Proton Mail también admite la subdirección [](https://proton.me/support/creating-aliases), útil para quienes no desean adquirir un dominio. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Métodos de pago privados - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [acepta](https://proton.me/support/payment-options) dinero en efectivo por correo, además de tarjeta de crédito/débito estándar, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), y pagos por PayPal. -??? success "Account Security" +#### :material-check:{ .pg-green } Seguridad de las cuentas - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail sólo admite la autenticación de dos factores TOTP [](https://proton.me/support/two-factor-authentication-2fa). Todavía no se admite el uso de una clave de seguridad U2F. Proton Mail tiene previsto implantar U2F una vez completado su código [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/). -??? success "Data Security" +#### :material-check:{ .pg-green } Seguridad de los datos - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail tiene [cifrado de acceso cero](https://proton.me/blog/zero-access-encryption) en reposo para sus correos electrónicos y [calendarios](https://proton.me/news/protoncalendar-security-model). Los datos protegidos con cifrado de acceso cero sólo son accesibles para usted. -??? success "Email Encryption" +Cierta información almacenada en [Contactos de Proton](https://proton.me/support/proton-contacts), como nombres para mostrar y direcciones de correo electrónico, no está protegida con cifrado de acceso cero. Los campos de contacto que admiten cifrado de acceso cero, como los números de teléfono, se indican con un icono de candado. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Cifrado de correo electrónico -??? warning "Digital Legacy" +Proton Mail ha [integrado el cifrado OpenPGP](https://proton.me/support/how-to-use-pgp) en su webmail. Los correos electrónicos a otras cuentas de Proton Mail se cifran automáticamente, y el cifrado a direcciones que no sean de Proton Mail con una clave OpenPGP pueden ser habilitados fácilmente en la configuración de su cuenta. También le permiten encriptar [mensajes a direcciones que no sean de Proton Mail](https://proton.me/support/password-protected-emails) sin necesidad de que se suscriban a una cuenta de Proton Mail o utilicen software como OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail también admite el descubrimiento de claves públicas a través de HTTP desde su [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Esto permite a las personas que no utilizan Proton Mail encontrar fácilmente las claves OpenPGP de las cuentas de Proton Mail, para E2EE entre proveedores. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Legado digital - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail no ofrece la función de legado digital. -??? check "Aplicaciones móviles" +#### :material-information-outline:{ .pg-blue } Cancelación de la cuenta - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +Si tiene una cuenta de pago y su factura [no se paga](https://proton.me/support/delinquency) después de 14 días, no podrá acceder a sus datos. Transcurridos 30 días, su cuenta se convertirá en morosa y no recibirá correo entrante. Se le seguirá facturando durante este periodo. + +#### Funcionalidad adicional de :material-information-outline:{ .pg-blue } + +Proton Mail ofrece una cuenta "Ilimitada" por 9,99 euros al mes, que también permite acceder a Proton VPN además de proporcionar múltiples cuentas, dominios, alias y 500 GB de almacenamiento. ### Mailbox.org !!! recomendación - ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right } + ![Logo de Mailbox.org](assets/img/email/mailboxorg.svg){ align=right } - **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed. + **Mailbox.org** es un servicio de correo electrónico centrado en ser seguro, sin publicidad y alimentado de forma privada con energía 100% ecológica. Llevan en funcionamiento desde 2014. Mailbox.org tiene su sede en Berlín, Alemania. Las cuentas empiezan con 2 GB de almacenamiento, que pueden ampliarse según sea necesario. - [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation} + [:octicons-home-16: Inicio](https://mailbox.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentación} - ??? downloads + ??? descargas - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Dominios personalizados y alias - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org le permite utilizar su propio dominio y admite las direcciones [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org también es compatible con [subdireccionamiento](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), lo que es útil si no desea comprar un dominio. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Métodos de pago privados - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org no acepta criptomonedas debido a que su procesador de pagos BitPay suspendió sus operaciones en Alemania. Sin embargo, aceptan el pago por correo, el pago en efectivo en cuenta bancaria, la transferencia bancaria, la tarjeta de crédito, PayPal y un par de procesadores específicos alemanes: paydirekt y Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Seguridad de las cuentas - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org soporta [autenticación de doble factor](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) solo para su correo web. Puedes utilizar TOTP o una [Yubikey](https://en.wikipedia.org/wiki/YubiKey) a través de [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Los estándares web como [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) aún no son compatibles. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Seguridad de los datos - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org permite el cifrado del correo entrante usando su [buzón cifrado](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Los nuevos mensajes que recibas se cifrarán inmediatamente con tu clave pública. -??? success "Email Encryption" +Sin embargo, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), la plataforma de software utilizada por Mailbox.org, [no admite](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) el cifrado de su libreta de direcciones y calendario. Una [opción independiente](calendar.md) puede ser más apropiada para esa información. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Cifrado de correo electrónico -??? success "Digital Legacy" +Mailbox.org tiene [cifrado integrado](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) en su correo web, lo que simplifica el envío de mensajes a personas con claves públicas OpenPGP. También permiten a [destinatarios remotos descifrar un correo electrónico](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) en los servidores de Mailbox.org. Esta característica es útil cuando el destinatario remoto no tiene OpenPGP y no puede descifrar una copia del correo electrónico en su propio buzón de correo. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org también admite el descubrimiento de claves públicas a través de HTTP desde su [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Esto permite a personas ajenas a Mailbox.org encontrar fácilmente las claves OpenPGP de las cuentas de Mailbox.org, para E2EE entre proveedores. -??? info "Account Termination" +#### :material-check:{ .pg-green } Legado digital - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org tiene una función de legado digital para todos los planes. Puede elegir si desea que alguno de sus datos se transmita a los herederos, siempre que lo soliciten y aporten su testamento. También puede designar a una persona por su nombre y dirección. -??? check "Aplicaciones móviles" +#### :material-information-outline:{ .pg-blue } Cancelación de la cuenta - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Su cuenta se convertirá en una cuenta de usuario restringida cuando finalice su contrato, después de [30 días se eliminará irrevocablemente](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Funciones adicionales + +Puede acceder a su cuenta de Mailbox.org a través de IMAP/SMTP utilizando su [servicio.onion](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Sin embargo, no se puede acceder a su interfaz de correo web a través de su servicio .onion y es posible que se produzcan errores de certificado TLS. + +Todas las cuentas vienen con un almacenamiento limitado en la nube que [se puede cifrar](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org también ofrece el alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), que impone el cifrado TLS en la conexión entre servidores de correo; de lo contrario, el mensaje no se enviará en absoluto. Mailbox.org también admite [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) además de protocolos de acceso estándar como IMAP y POP3. + +## Más proveedores + +Estos proveedores almacenan tus correos electrónicos con cifrado de conocimiento cero, lo que los convierte en excelentes opciones para mantener seguros tus correos electrónicos almacenados. Sin embargo, no admiten normas de cifrado interoperables para las comunicaciones E2EE entre proveedores. + +
+ +- ![Logotipo de StartMail](assets/img/email/startmail.svg#only-light){ .twemoji }![Logotipo de StartMail](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Logotipo de Tutanota](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail !!! recomendación - ![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right } - ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right } + ![Logotipo de StartMail](assets/img/email/startmail.svg#only-light){ align=right } + ![Logotipo de StartMail](assets/img/email/startmail-dark.svg#only-dark){ align=right } - **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial. + **StartMail** es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso del cifrado estándar OpenPGP. StartMail lleva en funcionamiento desde 2014 y tiene su sede en Boulevard 11, Zeist Países Bajos. Las cuentas empiezan con 10GB. Ofrecen una prueba de 30 días. - [:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation} + [:octicons-home-16: Inicio](https://www.startmail.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentación} - ??? downloads + ??? descargas - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Dominios personalizados y alias - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Las cuentas personales pueden utilizar alias[ personalizados o rápidos](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). [Los dominios personalizados](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) también están disponibles. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Métodos de pago privados - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail acepta Visa, MasterCard, American Express y Paypal. StartMail también dispone de otras opciones de pago [](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) como [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (actualmente sólo para cuentas Personales) y Débito Directo SEPA para cuentas de más de un año. -??? success "Account Security" +#### :material-check:{ .pg-green } Seguridad de las cuentas - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail admite la autenticación de doble factor TOTP [sólo para webmail](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). No permiten la autenticación con clave de seguridad U2F. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Seguridad de los datos - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail dispone de [cifrado de acceso cero en reposo](https://www.startmail.com/en/whitepaper/#_Toc458527835), utilizando su sistema de "bóveda de usuario". Cuando te conectas, se abre la bóveda y el correo electrónico se traslada a la bóveda fuera de la cola, donde se desencripta con la clave privada correspondiente. -??? success "Email Encryption" +StartMail admite la importación de [contactos](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts), sin embargo, solo se puede acceder a ellos en el correo web y no a través de protocolos como [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Los contactos tampoco se almacenan utilizando el cifrado de conocimiento cero. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Cifrado de correo electrónico -??? warning "Digital Legacy" +StartMail tiene [cifrado integrado](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) en su correo web, lo que simplifica el envío de mensajes cifrados con claves públicas OpenPGP. Sin embargo, no son compatibles con el estándar Web Key Directory, lo que hace que el descubrimiento de la clave pública de un buzón de correo Startmail sea más difícil para otros proveedores de correo electrónico o clientes. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Legado digital -??? info "Account Termination" +StartMail no ofrece una función de legado digital. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Cancelación de la cuenta -??? check "Aplicaciones móviles" +Al vencimiento de la cuenta, StartMail eliminará permanentemente su cuenta después de [6 meses en 3 fases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Funciones adicionales -## More Providers +StartMail permite el proxy de imágenes dentro de los correos electrónicos. Si permite que se cargue la imagen remota, el remitente no sabrá cuál es su dirección IP. -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. - -### Solo software como servicio (ScuS) +### Tutanota !!! recomendación - ![Tutanota logo](assets/img/email/tutanota.svg){ align=right } + ![Logo de Tutanota](assets/img/email/tutanota.svg){ align=right } - **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan. + **Tutanota** es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso de cifrado. Tutanota lleva en funcionamiento desde **2011** y tiene su sede en Hannover, Alemania. Las cuentas empiezan con 1Gb de almacenamiento con su plan gratuito. - [:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" } - [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://tutanota.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota) - [:simple-appstore: App Store](https://apps.apple.com/app/tutanota/id922429609) @@ -218,109 +238,116 @@ These providers store your emails with zero-knowledge encryption, making them gr - [:simple-linux: Linux](https://tutanota.com/#download) - [:octicons-browser-16: Web](https://mail.tutanota.com/) -Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. +Tutanota no es compatible con el[protocolo IMAP](https://tutanota.com/faq/#imap) ni con el uso de[clientes de correo electrónico](email-clients.md)de terceros, y tampoco podrás añadir [cuentas de correo electrónico externas](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) a la aplicación Tutanota. Ni [importación de correo electrónico](https://github.com/tutao/tutanota/issues/630) ni [subcarpetas](https://github.com/tutao/tutanota/issues/927) son actualmente compatibles, aunque esto [está previsto que se cambie](https://tutanota.com/blog/posts/kickoff-import). Los correos electrónicos se pueden exportar [individualmente o por selección masiva](https://tutanota.com/howto#generalMail) por carpeta, lo que puede resultar incómodo si tiene muchas carpetas. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Dominios personalizados y alias - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Las cuentas de pago de Tutanota pueden usar hasta 5 [alias](https://tutanota.com/faq#alias) y [dominios personalizados](https://tutanota.com/faq#custom-domain). Tutanota no permite la [subdirección (más direcciones)](https://tutanota.com/faq#plus), pero puede utilizar un [catch-all](https://tutanota.com/howto#settings-global) con un dominio personalizado. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Métodos de pago privados - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota solo acepta directamente tarjetas de crédito y PayPal, sin embargo, la [criptomoneda](cryptocurrency.md) se puede usar para comprar tarjetas de regalo a través de su [asociación](https://tutanota.com/faq/#cryptocurrency) con Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Seguridad de las cuentas - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota soporta [autenticación de dosble factor](https://tutanota.com/faq#2fa) con TOTP o U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Seguridad de los datos - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota dispone de [cifrado de acceso cero en reposo](https://tutanota.com/faq#what-encrypted) para sus correos electrónicos, [contactos de la libreta de direcciones](https://tutanota.com/faq#encrypted-address-book), y [calendarios](https://tutanota.com/faq#calendar). Esto significa que sólo tú puedes leer los mensajes y otros datos almacenados en tu cuenta. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Cifrado de correo electrónico - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [no utiliza OpenPGP](https://www.tutanota.com/faq/#pgp). Las cuentas de Tutanota sólo pueden recibir correos electrónicos cifrados de cuentas de correo electrónico que no son de tutanota cuando se envían a través de un [buzón temporal de Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Legado digital - Tutanota doesn't offer a digital legacy feature. +Tutanota no ofrece la función de legado digital. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Cancelación de la cuenta - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota eliminará [las cuentas gratuitas inactivas](https://tutanota.com/faq#inactive-accounts) después de seis meses. Puedes reutilizar una cuenta gratuita desactivada si pagas. -??? check "Aplicaciones móviles" +#### :material-information-outline:{ .pg-blue } Funciones adicionales - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota ofrece la versión empresarial [a las organizaciones sin ánimo de lucro](https://tutanota.com/blog/posts/secure-email-for-non-profit) de forma gratuita o con un importante descuento. -## Email Aliasing Services +Tutanota también tiene una función para empresas llamada [Secure Connect](https://tutanota.com/secure-connect/). Esto garantiza que el contacto del cliente con la empresa utilice E2EE. La función cuesta 240 €/año. -An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +## Servicios de alias de correo -Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. +Un servicio de alias de correo electrónico le permite generar fácilmente una nueva dirección de correo electrónico para cada sitio web en el que se registre. Los alias de correo electrónico que genera se reenvían a una dirección de correo electrónico de su elección, ocultando tanto su dirección de correo electrónico "principal" como la identidad de su proveedor de correo electrónico. El verdadero alias de correo electrónico es mejor que el direccionamiento plus, comúnmente utilizado y admitido por muchos proveedores, que permite crear alias como tunombre+[anythinghere]@ejemplo.com, porque los sitios web, los anunciantes y las redes de seguimiento pueden eliminar trivialmente cualquier cosa después del signo + para conocer tu verdadera dirección de correo electrónico. -Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: +
-- Aliases can be turned on and off individually when you need them, preventing websites from emailing you randomly. -- Replies are sent from the alias address, shielding your real email address. +- ![Logo de AnonAddy](assets/img/email/anonaddy.svg#only-light){ .twemoji }![Logo deAnonAddy](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![Logo de SimpleLogin](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) -They also have a number of benefits over "temporary email" services: +
-- Aliases are permanent and can be turned on again if you need to receive something like a password reset. -- Emails are sent to your trusted mailbox rather than stored by the alias provider. -- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you. +El alias de correo electrónico puede servir de salvaguarda en caso de que su proveedor de correo electrónico deje de funcionar. En ese caso, puedes redirigir fácilmente tus alias a una nueva dirección de correo electrónico. A su vez, sin embargo, estás depositando tu confianza en que el servicio de alias siga funcionando. -Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign. +Utilizar un servicio dedicado de alias de correo electrónico también tiene una serie de ventajas sobre un alias general en un dominio personalizado: -Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider. +- Los alias pueden activarse y desactivarse individualmente cuando los necesites, evitando que los sitios web te envíen correos electrónicos al azar. +- Las respuestas se envían desde la dirección de alias, ocultando tu dirección de correo electrónico real. + +También tienen una serie de ventajas sobre los servicios de "correo electrónico temporal": + +- Los alias son permanentes y pueden volver a activarse si necesitas recibir algo como un restablecimiento de contraseña. +- Los correos electrónicos se envían a tu buzón de confianza en lugar de ser almacenados por el proveedor de alias. +- Los servicios de correo electrónico temporal suelen tener buzones públicos a los que puede acceder cualquiera que conozca la dirección, los alias son privados para ti. + +Nuestras recomendaciones de alias de correo electrónico son proveedores que le permiten crear alias en dominios que ellos controlan, así como en su(s) propio(s) dominio(s) personalizado(s) por una módica cuota anual. También pueden ser autoalojados si desea el máximo control. Sin embargo, utilizar un dominio personalizado puede tener inconvenientes relacionados con la privacidad: Si eres la única persona que utiliza tu dominio personalizado, tus acciones pueden ser fácilmente rastreadas a través de sitios web simplemente mirando el nombre del dominio en la dirección de correo electrónico e ignorando todo lo que hay antes del signo arroba (@). + +Utilizar un servicio de alias requiere confiar, tanto a tu proveedor de correo electrónico como a tu proveedor de alias, tus mensajes sin cifrar. Algunos proveedores mitigan esto ligeramente con el cifrado automático PGP, que reduce el número de partes en las que tienes que confiar de dos a una al cifrar los correos entrantes antes de que lleguen a tu proveedor de buzón final. ### AnonAddy !!! recomendación - ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right } - ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right } + ![Logo de AnonAddy](assets/img/email/anonaddy.svg#only-light){ align=right } + ![Logo de AnonAddy](assets/img/email/anonaddy-dark.svg#only-dark){ align=right } - **AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. + **AnonAddy** te permite crear 20 alias de dominio en un dominio compartido de forma gratuita, o alias "estándar" ilimitados que son menos anónimos. - [:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" } - [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://anonaddy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app) - [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app) - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe) -The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year. +El número de alias compartidos (que terminan en un dominio compartido como @anonaddy.me) que puedes crear está limitado a 20 en el plan gratuito de AnonAddy y a 50 en su plan de 12 $/año. Puedes crear un número ilimitado de alias estándar (que terminan en un dominio como @[username].anonaddy.com o un dominio personalizado en los planes de pago), sin embargo, como se ha mencionado anteriormente, esto puede ir en detrimento de la privacidad porque la gente puede relacionar trivialmente tus alias estándar basándose únicamente en el nombre de dominio. Hay disponibles alias compartidos ilimitados por 36 $/año. -Notable free features: +Funciones gratuitas destacables: -- [x] 20 Shared Aliases -- [x] Unlimited Standard Aliases -- [ ] No Outgoing Replies -- [x] 2 Recipient Mailboxes -- [x] Automatic PGP Encryption +- [x] 20 Alias compartidos +- [x] Alias estándar ilimitados +- [ ] No hay respuestas salientes +- [x] 2 Buzones de destinatarios +- [x] Cifrado PGP automático ### SimpleLogin !!! recomendación - ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right } + ![Logo de Simplelogin](assets/img/email/simplelogin.svg){ align=right } - **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains. + **SimpleLogin** es un servicio gratuito que proporciona alias de correo electrónico en una variedad de nombres de dominio compartidos, y opcionalmente proporciona características de pago como alias ilimitados y dominios personalizados. - [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary } - [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" } + [:octicons-home-16: Inicio](https://simplelogin.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Código fuente" } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android) - [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858) @@ -330,88 +357,88 @@ Notable free features: - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff) - [:simple-safari: Safari](https://apps.apple.com/app/id1494051017) -SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf). +SimpleLogin fue [adquirida por Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) a partir del 8 de abril de 2022. Si utiliza Proton Mail para su buzón principal, SimpleLogin es una gran elección. Como ambos productos pertenecen ahora a la misma empresa, ahora sólo tiene que confiar en una única entidad. También esperamos que SimpleLogin se integre más estrechamente con las ofertas de Proton en el futuro. SimpleLogin sigue siendo compatible con el reenvío a cualquier proveedor de correo electrónico de su elección. Securitum [auditado](https://simplelogin.io/blog/security-audit/) SimpleLogin a principios de 2022 y todos los problemas [fueron resueltos](https://simplelogin.io/audit2022/web.pdf). -You can link your SimpleLogin account in the settings with your Proton account. If you have the Proton Unlimited, Business, or Visionary Plan, you will have SimpleLogin Premium for free. +Puedes vincular tu cuenta SimpleLogin en la configuración con tu cuenta Proton. Si tienes el plan Proton Unlimited, Business o Visionary, tendrás SimpleLogin Premium gratis. -Notable free features: +Funciones gratuitas destacables: -- [x] 10 Shared Aliases -- [x] Unlimited Replies -- [x] 1 Recipient Mailbox +- [x] 10 Alias compartidos +- [x] Respuestas ilimitadas +- [x] 1 buzón de destinatario -## Nuestro criterio +## Correo de auto-alojamiento -Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. +Los administradores de sistemas avanzados pueden plantearse crear su propio servidor de correo electrónico. Los servidores de correo requieren atención y un mantenimiento continuo para mantener la seguridad y la fiabilidad de la entrega del correo. -### Combined software solutions +### Soluciones de software combinadas !!! recomendación - ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } + ![Logo de Mailcow](assets/img/email/mailcow.svg){ align=right } - **Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. + **Mailcow** es un servidor de correo más avanzado perfecto para aquellos con un poco más de experiencia en Linux. Tiene todo lo que necesitas en un contenedor Docker: Un servidor de correo con soporte DKIM, antivirus, monitorización de spam, webmail, ActiveSync con SOGo y administración basada en web con soporte 2FA. - [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } - [:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://mailcow.email){ .md-button .md-button--primary } + [:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribuir } !!! recomendación - ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right } + ![Logo de Mail-in-a-Box](assets/img/email/mail-in-a-box.svg){ align=right } - **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server. + **Mail-in-a-Box** es un script de configuración automatizada para desplegar un servidor de correo en Ubuntu. Su objetivo es facilitar a los usuarios la instalación de su propio servidor de correo. - [:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary } - [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" } + [:octicons-home-16: Inicio](https://mailinabox.email){ .md-button .md-button--primary } + [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Código fuente" } -For a more manual approach we've picked out these two articles: +Para un enfoque más manual, hemos seleccionado estos dos artículos: -- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) -- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017) +- [Configuración de un servidor de correo con OpenSMTPD, Dovecot y Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) +- [Cómo gestionar tu propio servidor de correo](https://www.c0ffee.net/blog/mail-server-guide/) (agosto de 2017) -## Criteria +## Criterios -**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. +**Tenga en cuenta que no estamos afiliados a ninguno de los proveedores que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos para cualquier proveedor de Email que desee ser recomendado, incluyendo la implementación de las mejores prácticas de la industria, tecnología moderna y más. Le sugerimos que se familiarice con esta lista antes de elegir un proveedor de correo electrónico, y que realice su propia investigación para asegurarse de que el proveedor de correo electrónico que elija sea la opción adecuada para usted. ### Tecnología -We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. +Consideramos que estas características son importantes para ofrecer un servicio seguro y óptimo. Debe considerar si el proveedor tiene las características que necesita. + +**Mínimo para calificar:** + +- Cifra los datos de las cuentas de correo electrónico en reposo con cifrado de acceso cero. +- Capacidad de exportación como [Mbox](https://en.wikipedia.org/wiki/Mbox) o .eml individual con [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) estándar. +- Permitir a los usuarios utilizar su propio [nombre de dominio](https://en.wikipedia.org/wiki/Domain_name). Los nombres de dominio personalizados son importantes para los usuarios porque les permiten mantener su agencia del servicio, en caso de que éste se estropee o sea adquirido por otra empresa que no dé prioridad a la privacidad. +- Operaciones en infraestructura propia, es decir, no construidas sobre proveedores de servicios de correo electrónico de terceros. **Mejor caso:** -- Encrypts email account data at rest with zero-access encryption. -- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. -- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy. -- Operates on owned infrastructure, i.e. not built upon third-party email service providers. - -**Best Case:** - -- Encrypts all account data (Contacts, Calendars, etc) at rest with zero-access encryption. -- Integrated webmail E2EE/PGP encryption provided as a convenience. -- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com` -- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. -- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). -- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Cifra todos los datos de la cuenta (contactos, calendarios, etc.) en reposo con cifrado de acceso cero. +- Cifrado integrado de correo web E2EE/PGP proporcionado como una conveniencia. +- Compatibilidad con [WKD](https://wiki.gnupg.org/WKD) para permitir un mejor descubrimiento de claves OpenPGP públicas a través de HTTP. Los usuarios de GnuPG pueden obtener una clave escribiendo: `gpg --locate-key usuario_ejemplo@ejemplo.com` +- Soporte para un buzón temporal para usuarios externos. Esto es útil cuando quieres enviar un correo electrónico encriptado, sin enviar una copia real a tu destinatario. Estos correos electrónicos suelen tener una vida útil limitada y luego se eliminan automáticamente. Tampoco requieren que el destinatario configure ninguna criptografía como OpenPGP. +- Disponibilidad de los servicios del proveedor de correo electrónico a través de un [ servicio onion](https://en.wikipedia.org/wiki/.onion). +- Soporte de [subdireccionamiento](https://en.wikipedia.org/wiki/Email_address#Subaddressing). +- Funcionalidad Catch-all o alias para aquellos que poseen sus propios dominios. +- Utilización de protocolos estándar de acceso al correo electrónico como IMAP, SMTP o [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Los protocolos de acceso estándar garantizan que los clientes puedan descargar fácilmente todo su correo electrónico en caso de que quieran cambiar de proveedor. ### Privacidad -We prefer our recommended providers to collect as little data as possible. +Preferimos que nuestros proveedores recomendados recojan la menor cantidad de datos posible. -**Mejor caso:** +**Mínimo para calificar:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Proteger la dirección IP del remitente. Filtrarlo para que no aparezca en el campo de cabecera `Recibido`. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR - Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/). **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Seguridad @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Programas de recompensa de errores y/o un proceso coordinado de divulgación de vulnerabilidades. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Confianza @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Funcionalidades adicionales While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/encryption.md b/i18n/es/encryption.md index a781ee90e..051b0b5ad 100644 --- a/i18n/es/encryption.md +++ b/i18n/es/encryption.md @@ -1,6 +1,7 @@ --- title: "Software de encriptación" icon: material/file-lock +description: El cifrado de los datos es la única forma de controlar quién puede acceder a ellos. These tools allow you to encrypt your emails and any other files. --- El cifrado de los datos es la única forma de controlar quién puede acceder a ellos. Si actualmente no está utilizando software de encriptación para su disco duro, correos electrónicos o archivos, debería elegir una opción aquí. @@ -354,5 +355,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/file-sharing.md b/i18n/es/file-sharing.md index 8ca0d1470..181bbfd95 100644 --- a/i18n/es/file-sharing.md +++ b/i18n/es/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Compartición y sincronización de archivos" icon: material/share-variant +description: Descubra cómo puede compartir de manera privada sus archivos entre sus dispositivos, con sus amigos y familia, o de manera anónima en línea. --- Descubra cómo puede compartir de manera privada sus archivos entre sus dispositivos, con sus amigos y familia, o de manera anónima en línea. @@ -130,19 +131,17 @@ ffsend upload --host https://send.vis.ee/ FILE !!! ejemplo "Esta sección es nueva" - Estamos trabajando en establecer criterios definidos para cada sección de nuestra página, y esto puede estar sujeto a cambios. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Estamos trabajando en establecer criterios definidos para cada sección de nuestra página, y esto puede estar sujeto a cambios. Si tienes alguna duda sobre nuestros criterios, por favor [pregunta en nuestro foro](https://discuss.privacyguides.net/latest) y no asumas que no hemos tenido en cuenta algo a la hora de hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se debaten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso. -#### Minimum Requirements +#### Requisitos Mínimos -- Must not require a third-party remote/cloud server. -- Must be open-source software. +- No debe requerir un servidor de terceros remoto o en la nube. +- Debe ser software de código abierto. - Debe tener clientes para Linux, macOS y Winwos; o tener una interfaz web. -#### Best-Case +#### Mejor Caso -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Nuestro criterio del mejor caso representa lo que nos gustaría ver del proyecto perfecto en esta categoría. Es posible que nuestras recomendaciones no incluyan todas o algunas de estas funciones, pero las que sí las incluyan pueden estar mejor clasificadas que otras en esta página. -- Has mobile clients for iOS and Android, which at least support document previews. -- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.es.txt" +- Dispone de clientes móviles para iOS y Android, que al menos permiten previsualizar los documentos. +- Admite la copia de seguridad de fotos desde iOS y Android, y opcionalmente admite la sincronización de archivos/carpetas en Android. diff --git a/i18n/es/financial-services.md b/i18n/es/financial-services.md new file mode 100644 index 000000000..ebae53210 --- /dev/null +++ b/i18n/es/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recomendación + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recomendación + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recomendación + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recomendación + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/es/frontends.md b/i18n/es/frontends.md index 2fe355099..1eedd7acd 100644 --- a/i18n/es/frontends.md +++ b/i18n/es/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/index.md b/i18n/es/index.md index ac41e0eb8..89be433ea 100644 --- a/i18n/es/index.md +++ b/i18n/es/index.md @@ -7,38 +7,36 @@ hide: --- -## Why should I care? +## ¿Por qué debería importarme? -##### “I have nothing to hide. Why should I care about my privacy?” +##### "No tengo nada que ocultar. ¿Por qué debería preocuparme por mi privacidad?” -Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination). +Al igual que el derecho al matrimonio interracial, el sufragio femenino, la libertad de expresión y muchos otros, nuestro derecho a la privacidad no siempre ha sido respetado. En varias dictaduras, sigue sin serlo. Generaciones anteriores a las nuestras lucharon por nuestro derecho a la privacidad. ==La privacidad es un derecho humano, inherente a todes nosotres, == al que tenemos derecho (sin discriminación). -You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human. +No deberías confundir privacidad con secretismo. Sabemos lo que pasa en el cuarto de baño, pero aún así cierras la puerta. Esto se debe a que quieres privacidad, no secretismo. **Todo el mundo** tiene algo que proteger. La privacidad es algo que nos hace humanos. -[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary} +[:material-target-account: Amenazas frecuentes en el internet](basics/common-threats.md ""){.md-button.md-button--primary} -## What should I do? +## ¿Qué debo hacer? -##### First, you need to make a plan +##### Primero, necesitas hacer un plan -Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them. +Intentar proteger todos tus datos de todo el mundo y en todo momento es impráctico, caro y agotador. ¡Pero no te preocupes! La seguridad es un proceso, si piensas con antelación, podrás elaborar un plan adecuado para ti. La seguridad no es solo sobre las herramientas que utilizas o el software que descargas. Más bien, empieza por entender las amenazas únicas a las que te enfrentas, y cómo puedes contrarrestarlas. -==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan. +==Este proceso de identificación de amenazas y definición de contramedidas se llama **modelado de amenazas**==, y constituye la base de todo buen plan de seguridad y privacidad. -[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary} +[:material-book-outline: Aprende más sobre el modelado de amenazas](basics/threat-modeling.md ""){.md-button.md-button--primary} --- -## We need you! Here's how to get involved: +## ¡Te necesitamos! Aquí está cómo involucrarse: -[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" } -[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" } -[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" } -[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" } -[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" } -[:material-information-outline:](about/index.md){ title="Learn more about us" } -[:material-hand-coin-outline:](about/donate.md){ title="Support the project" } +[:simple-discourse:](https://discuss.privacyguides.net/){ title="Únete a nuestro foro" } +[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Síguenos en Mastodon" } +[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribuye a este sitio web" } +[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Ayuda a traducir este sitio web" } +[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chatea con nosotros en Matrix" } +[:material-information-outline:](about/index.md){ title="Conócenos mejor" } +[:material-hand-coin-outline:](about/donate.md){ title="Apoya el proyecto" } -It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.es.txt" +Es importante que un sitio web como Privacy Guides se mantenga siempre actualizado. Necesitamos que nuestra audiencia vigile las actualizaciones de software para las aplicaciones listadas en nuestro sitio y también sigan las últimas noticias sobre proveedores que recomendamos. Es difícil mantenerse al día con el ritmo rápido de Internet, pero intentamos lo mejor. Si detectas un error, crees que un proveedor no debe ser listado, notas que falta un proveedor calificado, crees que un plugin de navegador ya no es la mejor opción, o descubres cualquier otro problema, por favor háznoslo saber. diff --git a/i18n/es/kb-archive.md b/i18n/es/kb-archive.md index 5667d7aab..a7e1ed6ac 100644 --- a/i18n/es/kb-archive.md +++ b/i18n/es/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrando Eliminación de Metadatos](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/meta/brand.md b/i18n/es/meta/brand.md index f2792cfdc..5c5acfdbd 100644 --- a/i18n/es/meta/brand.md +++ b/i18n/es/meta/brand.md @@ -20,5 +20,3 @@ Lineamientos adicionales de marca pueden encontrarse en [github.com/privacyguide "Privacy Guides" y el logo del escudo son marcas registradas por Jonah Aragon, el uso ilimitado es otorgado al proyecto de Privacy Guides. Sin renuncias a ninguno de sus derechos, Privacy Guides no asesora a terceros sobre el alcance de sus derechos de propiedad intelectual. Privacy Guides no permite o autoriza el uso de ninguna de sus marcas de ninguna manera, donde es probable que se cause confusión al implicar la asociació o el patrocinio de Privacy Guides. Si tiene conocimiento de algún uso de este tipo, por favor contacte a Jonah Aragon en jonah@privacyguides.org. Consulte a su asesor jurídico si tiene preguntas. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/meta/git-recommendations.md b/i18n/es/meta/git-recommendations.md index b3fb0761e..f59b5f81f 100644 --- a/i18n/es/meta/git-recommendations.md +++ b/i18n/es/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/meta/uploading-images.md b/i18n/es/meta/uploading-images.md index 85ba54771..55f136f8a 100644 --- a/i18n/es/meta/uploading-images.md +++ b/i18n/es/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/meta/writing-style.md b/i18n/es/meta/writing-style.md index c0fe9160c..b9e47a716 100644 --- a/i18n/es/meta/writing-style.md +++ b/i18n/es/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/mobile-browsers.md b/i18n/es/mobile-browsers.md index 5e8d66a41..72e061675 100644 --- a/i18n/es/mobile-browsers.md +++ b/i18n/es/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Navegadores Móviles" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- Estos son nuestros navegadores web para móviles y configuraciones recomendadas actualmente para la navegación estándar/no anónima por Internet. Si necesitas navegar por Internet de forma anónima, deberías utilizar [Tor](tor.md) . En general, recomendamos mantener las extensiones al mínimo; tienen acceso privilegiado dentro de su navegador, requieren que confíe en el desarrollador, pueden hacerte [destacar](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), y [debilitar el aislamiento del sitio](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ). @@ -188,5 +189,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/multi-factor-authentication.md b/i18n/es/multi-factor-authentication.md index 31173e9f7..cd7ed54ac 100644 --- a/i18n/es/multi-factor-authentication.md +++ b/i18n/es/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticación de múltiples factores" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Llaves de Seguridad @@ -145,5 +146,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/news-aggregators.md b/i18n/es/news-aggregators.md index 99dd93c49..02862e15a 100644 --- a/i18n/es/news-aggregators.md +++ b/i18n/es/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: octicons/rss-24 +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -Un [agregador de noticias](https://es.wikipedia.org/wiki/Agregador) es una forma de mantenerse al día con sus blogs y sitios de noticias favoritos. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Clientes agregadores @@ -174,5 +175,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/notebooks.md b/i18n/es/notebooks.md index 0c4f87731..958e23695 100644 --- a/i18n/es/notebooks.md +++ b/i18n/es/notebooks.md @@ -1,6 +1,7 @@ --- title: "Bloc de Notas" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Mantén el control de tus notas y diarios sin darlos a un tercero. @@ -82,7 +83,7 @@ Joplin does not support password/PIN protection for the [application itself or i - [:octicons-browser-16: Navegador](https://app.standardnotes.org/) - [:fontawesome-brands-github: GitHub](https://github.com/standardnotes) -Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information. +Cryptee ofrece 100MB de almacenamiento gratuito, con opciones de pago si necesitas más. La inscripción no requiere correo electrónico ni otros datos personales. ## Dignos de mención @@ -99,9 +100,9 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" } [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute } -## Criteria +## Criterios -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Por favor, tome en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** En adición a [nuestros criterios estándares](about/criteria.md), hemos desarrollado un claro conjunto de requisitos para permitirnos brindar recomendaciones objetivas. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. !!! example "This section is new" @@ -115,5 +116,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/os/android-overview.md b/i18n/es/os/android-overview.md index ef74b455d..a62e51447 100644 --- a/i18n/es/os/android-overview.md +++ b/i18n/es/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Visión general de Android icon: fontawesome/brands/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android es un sistema operativo seguro el cuál tiene [aislamiento de las aplicaciones](https://source.android.com/security/app-sandbox), [arranque verificado](https://source.android.com/security/verifiedboot) (AVB), y un robusto sistema de control de [permisos](https://developer.android.com/guide/topics/permissions/overview). @@ -53,9 +54,44 @@ Es importante no usar una versión de Android al [final de su vida útil](https: ## Permisos de Android -Los [permisos en Android](https://developer.android.com/guide/topics/permissions/overview) te dan control sobre que pueden acceder las aplicaciones. Google regularmente hace [mejoras](https://developer.android.com/about/versions/11/privacy/permissions) en el sistema de permisos en cada versión sucesiva. Todas las aplicaciones que instales están estrictamente [aisladas](https://source.android.com/security/app-sandbox), por lo que no es necesario instalar ninguna aplicación de antivirus. Un smartphone con la última versión de Android siempre será más seguro que un smartphone antiguo con un antivirus que hayas pagado. Es mejor no pagar por un antivirus y ahorrar para comprar un nuevo smartphone como un Google Pixel. +Los [permisos en Android](https://developer.android.com/guide/topics/permissions/overview) te dan control sobre que pueden acceder las aplicaciones. Google regularmente hace [mejoras](https://developer.android.com/about/versions/11/privacy/permissions) en el sistema de permisos en cada versión sucesiva. Todas las aplicaciones que instales están estrictamente [aisladas](https://source.android.com/security/app-sandbox), por lo que no es necesario instalar ninguna aplicación de antivirus. -Si quieres ejecutar una aplicación sobre la que no estás seguro, considera usar un perfil de usuario o de trabajo. +Un smartphone con la última versión de Android siempre será más seguro que un smartphone antiguo con un antivirus que hayas pagado. Es mejor no pagar por un antivirus y ahorrar para comprar un nuevo smartphone como un Google Pixel. + +Android 10: + +- [Almacenamiento Específico](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) te da más control sobre tus archivos y puede limitar lo que puede acceder al [almacenamiento externo](https://developer.android.com/training/data-storage#permissions). Las aplicaciones pueden tener un directorio específico en el almacenamiento externo, así como la capacidad de almacenar tipos específicos de archivos allí. +- Acceso más estricto a la [ubicación del dispositivo](https://developer.android.com/about/versions/10/privacy/changes?hl=es-419#app-access-device-location) introduciendo el permiso `ACCESS_BACKGROUND_LOCATION`. Esto impide que las aplicaciones accedan a la ubicación cuando se ejecutan en segundo plano sin permiso expreso del usuario. + +Android 11: + +- [Permisos únicos](https://developer.android.com/about/versions/11/privacy/permissions?hl=es-419#one-time) que te permite conceder un permiso a una aplicación una sola vez. +- [Restablecimiento automático de permisos](https://developer.android.com/about/versions/11/privacy/permissions?hl=es-419#auto-reset), que restablece [los permisos de tiempo de ejecución](https://developer.android.com/guide/topics/permissions/overview?hl=es-419#runtime) que se concedieron al abrir la aplicación. +- Permisos detallados para acceder a funciones relacionadas con el [número de teléfono](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers). + +Android 12: + +- Un permiso para conceder sólo la [ubicación aproximada](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Reinicio automático de [aplicaciones hibernadas](https://developer.android.com/about/versions/12/behavior-changes-12?hl=es-419#app-hibernation). +- [Auditoría de acceso a los datos](https://developer.android.com/about/versions/12/behavior-changes-12?hl=es-419#data-access-auditing) que facilita determinar qué parte de una aplicación está realizando un tipo específico de acceso a los datos. + +Android 13: + +- Un permiso para [acceso wifi cercano](https://developer.android.com/about/versions/13/behavior-changes-13?hl=es-419#nearby-wifi-devices-permission). Las direcciones MAC de los puntos de acceso WiFi cercanos eran una forma popular de que las aplicaciones rastrearan la ubicación de un usuario. +- Más [permisos de contenido multimedia detallados](https://developer.android.com/about/versions/13/behavior-changes-13?hl=es-419#granular-media-permissions), lo que significa que puedes conceder acceso sólo a imágenes, vídeos o archivos de audio. +- El uso en segundo plano de los sensores requiere ahora el permiso [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission). + +Una aplicación puede solicitar un permiso para una función específica que tenga. Por ejemplo, cualquier aplicación que pueda escanear códigos QR necesitará el permiso de la cámara. Algunas aplicaciones pueden solicitar más permisos de los necesarios. + +[Exodus](https://exodus-privacy.eu.org/) puede ser útil para comparar aplicaciones con fines similares. Si una aplicación requiere muchos permisos y tiene un montón de publicidad y analíticas, probablemente sea un mal signo. Recomendamos consultar cada uno de los rastreadores y leer sus descripciones, en lugar de limitarse a **contar el total** y asumir que todos los elementos enumerados son iguales. + +!!! advertencia + + Si una aplicación es principalmente un servicio basado en web, el seguimiento puede producirse en el lado del servidor. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) indica que "no hay rastreadores", pero lo cierto es que sí rastrea los intereses y el comportamiento de los usuarios en todo el sitio. Las aplicaciones pueden eludir la detección si no utilizan las bibliotecas de código estándar producidas por la industria publicitaria, aunque esto es poco probable. + +!!! nota + + Las aplicaciones que respetan la privacidad, como [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/), pueden mostrar algunos rastreadores como [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). Esta biblioteca incluye [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) que puede proporcionar [notificaciones push](https://es.wikipedia.org/wiki/Tecnología_push) en las aplicaciones. Este [es el caso](https://fosstodon.org/@bitwarden/109636825700482007) con Bitwarden. Esto no significa que Bitwarden utilice todas las funciones analíticas que ofrece Google Firebase Analytics. ## Acceso a medios @@ -131,5 +167,3 @@ Te van a dar la opción de eliminar tu ID de publicidad o *Optar por no recibir [SafetyNet](https://developer.android.com/training/safetynet/attestation) y el [Play Integrity APIs](https://developer.android.com/google/play/integrity) son generalmente usados para [aplicaciones bancarias](https://grapheneos.org/usage#banking-apps). Muchas aplicaciones bancarias funcionarán bien en GrapheneOS con los servicios de Google Play aislados, sin embargo, algunas aplicaciones no financieras tienen sus propios mecanismos anti-manipulación que pueden fallar. GrapheneOS pasa con éxito el chequeo `basicIntegrity`, pero no el check de certificación `ctsProfileMatch`. Los dispositivos con Android 8 o posterior tienen soporte de certificación de hardware que no se puede omitir sin claves filtradas o vulnerabilidades graves. En cuanto a Google Wallet, no lo recomendamos debido a su [política de privacidad](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), la cual dicta que debes optar por excluirte si no quieres que tu calificación crediticia y tu información personal sea compartido con los servicios de marketing afiliados. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/os/linux-overview.md b/i18n/es/os/linux-overview.md index 775c0de04..c98190681 100644 --- a/i18n/es/os/linux-overview.md +++ b/i18n/es/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Vista general de Linux icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -Es una creencia popular que los programas de [código abierto](https://en.wikipedia.org/wiki/Open-source_software) son seguros porque su código fuente está disponible. Siempre hay una expectativa de que la verificación comunitaria sucede regularmente; sin embargo, [este no siempre es el caso](https://seirdy.one/posts/2022/02/02/floss-security/). Esto depende de varios factores, como la actividad del proyecto, la experiencia del desarrollador, el nivel de rigor aplicado a las [revisiones de código](https://en.wikipedia.org/wiki/Code_review) y con qué frecuencia se le brinda atención a ciertas partes del [código base](https://en.wikipedia.org/wiki/Codebase), que pueden no ser modificados en años. +Es una creencia popular que los programas de [código abierto](https://en.wikipedia.org/wiki/Open-source_software) son seguros porque su código fuente está disponible. Siempre hay una expectativa de que la verificación comunitaria sucede regularmente; sin embargo, [este no siempre es el caso](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. De momento, Linux de escritorio tiene algunas áreas que pueden ser mejoradas al ser comparadas con sus contrapartes propietarias, por ejemplo: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/os/qubes-overview.md b/i18n/es/os/qubes-overview.md index a580e9990..eb80004dd 100644 --- a/i18n/es/os/qubes-overview.md +++ b/i18n/es/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/passwords.md b/i18n/es/passwords.md index 34937ec04..b668ba76c 100644 --- a/i18n/es/passwords.md +++ b/i18n/es/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Manténgase seguro y protegido en línea con un gestor de contraseñas cifrado y de código abierto. @@ -237,5 +238,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/productivity.md b/i18n/es/productivity.md index 4192af631..6aaea1653 100644 --- a/i18n/es/productivity.md +++ b/i18n/es/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/real-time-communication.md b/i18n/es/real-time-communication.md index cc0eb8793..7414f4bcd 100644 --- a/i18n/es/real-time-communication.md +++ b/i18n/es/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Comunicación en tiempo real" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- Estas son nuestras recomendaciones para la comunicación cifrada en tiempo real. @@ -70,7 +71,6 @@ We have some additional tips on configuring and hardening your Signal installati SimpleX Chat [was audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) by Trail of Bits in October 2022. Currently SimpleX Chat only provides a client for Android and iOS. La especificación del protocolo Matrix puede encontrarse en su [documentación](https://spec.matrix.org/latest/). El trinquete criptográfico [Olm](https://matrix.org/docs/projects/other/olm) utilizado por Matrix es una implementación del - algoritmo de doble trinquete de Signal.

Your data can be exported, and imported onto another device, as there are no central servers where this is backed up. @@ -208,5 +208,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/router.md b/i18n/es/router.md index 57288b8dd..5b6121f76 100644 --- a/i18n/es/router.md +++ b/i18n/es/router.md @@ -1,6 +1,7 @@ --- title: "Firmware del Router" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- A continuación se presentan algunos sistemas operativos alternativos, que pueden utilizarse en routers, puntos de acceso Wi-Fi, etc. @@ -47,5 +48,3 @@ OPNsense se desarrolló originalmente como una bifurcación de [pfSense](https:/ - Debe ser de código abierto. - Debe recibir actualizaciones de manera periódica. - Debe ser compatible con una amplia variedad de hardware. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/search-engines.md b/i18n/es/search-engines.md index 2091e801e..517d53cb4 100644 --- a/i18n/es/search-engines.md +++ b/i18n/es/search-engines.md @@ -1,6 +1,7 @@ --- title: "Motores de Búsqueda" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Utilice un motor de búsqueda que no construya un perfil publicitario basado en sus búsquedas. @@ -101,5 +102,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/tools.md b/i18n/es/tools.md index fee0caf5d..3e196dc4b 100644 --- a/i18n/es/tools.md +++ b/i18n/es/tools.md @@ -3,6 +3,7 @@ title: "Herramientas de Privacidad" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Si está buscando una solución específica para algo, estas son las herramientas de hardware y software que recomendamos en una variedad de categorías. Nuestras herramientas de privacidad recomendadas se eligen principalmente en función de sus características de seguridad, con un énfasis adicional en las herramientas descentralizadas y de código abierto. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -100,10 +101,11 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Logotipo de Nextcloud](assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Autoalojable)](https://nextcloud.com/) -- ![Logotipo de Proton Drive](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](https://drive.protonmail.com/) -- ![Logotipo de Cryptee](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Logotipo de Cryptee](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](https://crypt.ee/) -- ![Logotipo de Tahoe-LAFS](assets/img/cloud/tahoe-lafs.svg#only-light){ .twemoji }![Tahoe-LAFS logo](assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ .twemoji } [Tahoe-LAFS (Avanzado)](https://www.tahoe-lafs.org/) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
@@ -215,6 +217,29 @@ For more details about each project, why they were chosen, and additional tips o [Aprender más :material-arrow-right:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Aprender más :material-arrow-right:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Aprender más :material-arrow-right:](financial-services.md#gift-card-marketplaces) + ### Motores de Búsqueda
@@ -242,9 +267,9 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -263,6 +288,16 @@ For more details about each project, why they were chosen, and additional tips o [Aprender más :material-arrow-right:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Aprender más :material-arrow-right:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -454,5 +489,3 @@ For more details about each project, why they were chosen, and additional tips o
[Aprender más :material-arrow-right:](video-streaming.md) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/tor.md b/i18n/es/tor.md index bd1a45986..62b854719 100644 --- a/i18n/es/tor.md +++ b/i18n/es/tor.md @@ -1,6 +1,7 @@ --- title: "Navegadores Web" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ La red **Tor** es un grupo de servidores operados por voluntarios que te permite Tor funciona enrutando tu tráfico de Internet a través de esos servidores operados por voluntarios, en lugar de hacer una conexión directa con el sitio que estás tratando de visitar. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Ruta del circuito Tor - Los nodos en la ruta solo pueden ver los servidores a los que están directamente conectados, por ejemplo el nodo "Entry" que se muestra puede ver tu dirección IP y la dirección del nodo "Middle", pero no tiene forma de ver qué sitio web estás visitando.
-
- -- [Más información sobre cómo funciona Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Conectarse a Tor @@ -122,5 +117,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/video-streaming.md b/i18n/es/video-streaming.md index 598ef26c1..e23fd32ce 100644 --- a/i18n/es/video-streaming.md +++ b/i18n/es/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Transmisiones en Vivo" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- La principal amenaza al utilizar una plataforma de streaming es que sus hábitos de streaming y sus suscripciones podrían utilizarse para elaborar un perfil. Debería combinar estas herramientas con un [VPN](/vpn) o [Tor](https://www.torproject.org/) para hacer más difícil perfilar su perfil. @@ -52,5 +53,3 @@ Puede desactivar la opción *Guardar datos de alojamiento para ayudar a la red L - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/vpn.md b/i18n/es/vpn.md index 884f1aa9a..1963aaf53 100644 --- a/i18n/es/vpn.md +++ b/i18n/es/vpn.md @@ -1,11 +1,20 @@ --- -title: "Servicios VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Encuentre una VPN sin registro que no esté dispuesto a vender o leer su tráfico web. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "Las VPN no proporcionan anonimato" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "Las VPN no proporcionan anonimato" El uso de una VPN **no** mantendrá tus hábitos de navegación en el anonimato, ni añadirá seguridad adicional al tráfico no seguro (HTTP). @@ -15,78 +24,11 @@ Encuentre una VPN sin registro que no esté dispuesto a vender o leer su tráfic [Descargar Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mitos de Tor & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button } -??? question "¿Cuándo son útiles las VPN?" - - Si buscas una mayor **privacidad** de tu ISP, de una red wifi pública o mientras hace o descargar archivos Torrent, una VPN puede ser la solución para usted, siempre y cuando entienda los riesgos que conlleva. - - [Más información](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Proveedores recomendados -!!! summary "Criterios" - - Nuestros proveedores recomendados usan encriptación, aceptan Monero, soportan WireGuard & OpenVPN, y tienen una política de no registro. Lea nuestra [lista de criterios completa](#our-criteria) para mayor información. - -### Mullvad - -!!! recommendation - - ![Mullvad logo](assets/img/vpn/mullvad.svg#only-light){ align=right } - ![Mullvad logo](assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - - **Mullvad** es una VPN rápida y cómoda con un enfoque serio en la transparencia y la seguridad. Llevan en funcionamiento desde **2009**. - - Mullvad tiene su sede en Suecia y no tiene prueba gratuita. descargas - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? check annotate "38 Países" - - Mullvad tiene [servidores en 38 países](https://mullvad.net/servers/) (1). Elegir un proveedor de VPN con un servidor cercano a usted reducirá la latencia del tráfico de red que envíe. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. - - También pensamos que es mejor para la seguridad de las claves privadas del proveedor de VPN si utilizan [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), en lugar de soluciones compartidas más baratas (con otros clientes) como los [servidores privados virtuales](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. En 2022/05/17 - -??? check "Auditoria independiente" - - Los clientes VPN de Mullvad han sido auditados por Cure53 y Assured AB en un reporte de pentest [publicado en cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Los investigadores de seguridad concluyeron: - - > Cure53 y Assured AB están satisfechos con los resultados de la auditoría y el software deja una impresión positiva en general. Con la dedicación a la seguridad del equipo interno de Mullvad VPN, los testers no tienen dudas de que el proyecto va por buen camino desde el punto de vista de la seguridad. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? check "Clientes Open Source" - - Proton VPN proporciona el código fuente para su aplicación de escritorio and móvil en su [GitHub organization](https://github.com/ProtonVPN). - -??? check "Acepta dinero y Monero" - - Proton VPN, además de aceptar tarjetas de crédito/débito y Paypal, acepta Bitcoin, y **cash/local currency** como formas anónimas de pago. - -??? check "Soporte de WireGuard" - - Mullvad soporta el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) es un protocolo más reciente que utiliza [criptografía](https://www.wireguard.com/protocol/) de última generación. Además, WireGuard pretende ser más simple y veloz. - - Mullvad [recomienda](https://mullvad.net/en/help/why-wireguard/) el uso de WireGuard con su servicio. Es el protocolo por defecto o único en las aplicaciones de Mullvad para Android, iOS, macOS y Linux, pero en Windows hay que [activar manualmente](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. - -??? check "Soporte de IPv6" - - Mullvad soporta el futuro de la red [IPv6](https://es.wikipedia.org/wiki/IPv6). Su red permite [acceder a servicios alojados en IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) a diferencia de otros proveedores que bloquean las conexiones IPv6. - -??? check "Redirección remota de puertos" - - Además de proporcionar los archivos de configuración estándar de OpenVPN, Proton VPN tiene clientes móviles para [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085) y [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US) que permiten conectarse fácilmente a sus servidores. - -??? check "Aplicaciones móviles" - - Mullvad ha publicado su cliente en la [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) y en [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), ambos con una interfaz fácil de usar en lugar de requerir la configuración manual de la conexión de WireGuard. El cliente móvil en Android también está disponible en [F-Droid](https://f-droid.org/packages/net.mullvad.mullvadvpn), lo que garantiza que se compila con [builds reproducibles](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! info "Funcionalidades adicionales" - - Mullvad es muy transparente en cuanto a los nodos que posee o alquila (https://mullvad.net/es/servers/). Utilizan [ShadowSocks](https://shadowsocks.org/en/index.html) en su configuración de ShadowSocks + OpenVPN, lo que les hace más resistentes contra los cortafuegos con [Inspección profunda de paquete](https://es.wikipedia.org/wiki/Deep_Packet_Inspection) que intentan bloquear las VPN. +Nuestros proveedores recomendados usan encriptación, aceptan Monero, soportan WireGuard & OpenVPN, y tienen una política de no registro. Read our [full list of criteria](#criteria) for more information. ### Proton VPN @@ -103,43 +45,44 @@ Encuentre una VPN sin registro que no esté dispuesto a vender o leer su tráfic [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } También pensamos que es mejor para la seguridad de las claves privadas del proveedor de VPN si utilizan [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), en lugar de soluciones compartidas más baratas (con otros clientes) como los [servidores privados virtuales](https://en.wikipedia.org/wiki/Virtual_private_server). -??? check annotate "63 países" +#### :material-check:{ .pg-green } 35 Countries - Proton VPN tiene [servidores en 63 países](https://protonvpn.com/vpn-servers) (1). Elegir un proveedor de VPN con un servidor cercano a usted reducirá la latencia del tráfico de red que envíe. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. - - También pensamos que es mejor para la seguridad de las claves privadas del proveedor de VPN si utilizan [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), en lugar de soluciones compartidas más baratas (con otros clientes) como los [servidores privados virtuales](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. +{ .annotate } 1. En 2022/05/17 -??? check "Auditoria independiente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN se ha sometido a una [auditoría de no-logging de Cure53](https://cure53.de/audit-report_ivpn.pdf) que concluyó de acuerdo con la afirmación de no-logging de IVPN. IVPN también ha completado un [informe completo de pentest Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) en enero de 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? check "Clientes Open Source" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - A partir de febrero de 2020 [las aplicaciones de IVPN son ahora de código abierto](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? check "Acepta efectivo" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - Además de aceptar tarjetas de crédito/débito y PayPal, IVPN acepta Bitcoin, **Monero** y **efectivo/moneda local** (en planes anuales) como formas de pago anónimas. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? check "Soporte de WireGuard" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - Proton VPN soporta principalmente el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) es un protocolo más reciente que utiliza [criptografía](https://www.wireguard.com/protocol/) de última generación. Además, WireGuard pretende ser más simple y veloz. - - IVPN [recomienda](https://www.ivpn.net/wireguard/) el uso de WireGuard con su servicio y, como tal, es el protocolo predeterminado en todas las aplicaciones de IVPN. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? warning "Redirección remota de puertos" +Proton VPN soporta principalmente el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Además, WireGuard pretende ser más simple y veloz. - El [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) es posible con un plan de pago (Pro). Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? check "Redirección remota de puertos" +#### :material-check:{ .pg-green } Remote Port Forwarding - Además de proporcionar los archivos de configuración estándar de OpenVPN, Proton VPN tiene clientes móviles para [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683) y [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client) que permiten conectarse fácilmente a sus servidores. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? check "Aplicaciones móviles" +#### :material-check:{ .pg-green } Mobile Clients - Proton VPN tiene sus propios servidores y centros de datos en Suiza, Islandia y Suecia. Ofrecen bloqueo de anuncios y de dominios con malware conocido con su servicio de DNS. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN tiene sus propios servidores y centros de datos en Suiza, Islandia y Suecia. IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### IVPN @@ -163,55 +106,118 @@ Encuentre una VPN sin registro que no esté dispuesto a vender o leer su tráfic - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? check annotate "32 Países" +#### :material-check:{ .pg-green } 41 Countries - IVPN tiene [servidores en 32 países](https://www.ivpn.net/server-locations) (1). Elegir un proveedor de VPN con un servidor cercano a usted reducirá la latencia del tráfico de red que envíe. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. - - También pensamos que es mejor para la seguridad de las claves privadas del proveedor de VPN si utilizan [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), en lugar de soluciones compartidas más baratas (con otros clientes) como los [servidores privados virtuales](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. +{ .annotate } 1. En 2022/05/17 -??? check "Auditoria independiente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Los clientes VPN de Mullvad han sido auditados por Cure53 y Assured AB en un reporte de pentest [publicado en cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Los investigadores de seguridad concluyeron: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. Con la dedicación a la seguridad del equipo interno de Mullvad VPN, los testers no tienen dudas de que el proyecto va por buen camino desde el punto de vista de la seguridad. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] El ecosistema general de aplicaciones utilizado por Mullvad deja una impresión sólida y estructurada. La estructura general de la aplicación facilita el despliegue de parches y correcciones de forma estructurada. Más que nada, los hallazgos detectados por Cure53 muestran la importancia de auditar y reevaluar constantemente los vectores de filtración actuales, para garantizar siempre la privacidad de los usuarios finales. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com) es un protocolo más reciente que utiliza \[criptografía\](https://www.wireguard.com/protocol/) de última generación. + +#### :material-check:{ .pg-green } WireGuard Support + +IVPN soporta el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Además, WireGuard pretende ser más simple y veloz. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. La aplicación móvil en Android también está disponible en \[F-Droid\](https://f-droid.org/en/packages/net.ivpn.client), lo que garantiza que se compila con \[builds reproducibles\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Mullvad + +!!! recommendation + + ![Mullvad logo](assets/img/vpn/mullvad.svg#only-light){ align=right } + ![Mullvad logo](assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - > Cure53 y Assured AB están satisfechos con los resultados de la auditoría y el software deja una impresión positiva en general. Con la dedicación a la seguridad del equipo interno de Mullvad VPN, los testers no tienen dudas de que el proyecto va por buen camino desde el punto de vista de la seguridad. + **Mullvad** es una VPN rápida y cómoda con un enfoque serio en la transparencia y la seguridad. Llevan en funcionamiento desde **2009**. - En 2020 se anunció una segunda auditoría (https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) y el [informe final de la auditoría] (https://cure53.de/pentest-report_mullvad_2020_v2.pdf) se publicó en el sitio web de Cure53: + Mullvad tiene su sede en Suecia y no tiene prueba gratuita. descargas - > Los resultados de este proyecto de mayo-junio de 2020 dirigido al complejo Mullvad, son bastante positivos. [...] El ecosistema general de aplicaciones utilizado por Mullvad deja una impresión sólida y estructurada. La estructura general de la aplicación facilita el despliegue de parches y correcciones de forma estructurada. Más que nada, los hallazgos detectados por Cure53 muestran la importancia de auditar y reevaluar constantemente los vectores de filtración actuales, para garantizar siempre la privacidad de los usuarios finales. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? check "Clientes Open Source" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. +{ .annotate } -??? check "Acepta efectivo" +1. En 2022/05/17 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. [WireGuard](https://www.wireguard.com) es un protocolo más reciente que utiliza [criptografía](https://www.wireguard.com/protocol/) de última generación. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? check "Soporte de WireGuard" +#### :material-check:{ .pg-green } Independently Audited - IVPN soporta el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) es un protocolo más reciente que utiliza [criptografía](https://www.wireguard.com/protocol/) de última generación. Además, WireGuard pretende ser más simple y veloz. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Los clientes VPN de Mullvad han sido auditados por Cure53 y Assured AB en un reporte de pentest \[publicado en cure53.de\](https://cure53.de/pentest-report_mullvad_v2.pdf). Los investigadores de seguridad concluyeron: -??? check "Redirección remota de puertos" +> Cure53 y Assured AB están satisfechos con los resultados de la auditoría y el software deja una impresión positiva en general. Con la dedicación a la seguridad del equipo interno de Mullvad VPN, los testers no tienen dudas de que el proyecto va por buen camino desde el punto de vista de la seguridad. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - El [redirección de puertos] (https://es.wikipedia.org/wiki/Port_Forwarding) es posible con un plan Pro. La redirección de puertos [puede ser activada](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) a través del Client Area. +#### :material-check:{ .pg-green } Open-Source Clients -??? warning "Redirección remota de puertos" +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - Además de proporcionar archivos de configuración estándar de OpenVPN, IVPN tiene aplicaciones móviles para [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683) y [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client) que permiten conectarse fácilmente a sus servidores. La aplicación móvil en Android también está disponible en [F-Droid](https://f-droid.org/en/packages/net.ivpn.client), lo que garantiza que se compila con [builds reproducibles](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +#### :material-check:{ .pg-green } Accepts Cash -??? check "Redirección remota de puertos" +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. - Los clientes IVPN soportan la autenticación de dos factores (los clientes Mullvad y Proton VPN no). IVPN también proporciona la funcionalidad "[AntiTracker](https://www.ivpn.net/antitracker)", que bloquea las redes publicitarias y los rastreadores de la red. +#### :material-check:{ .pg-green } WireGuard Support -??? check "Aplicaciones móviles" +Mullvad soporta el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Además, WireGuard pretende ser más simple y veloz. - Es importante tener en cuenta que el uso de un proveedor de VPN no le hará anónimo, pero le dará mayor privacidad en ciertas situaciones. Una VPN no es una herramienta para actividades ilegales. No confíes en una política de "no registro". Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. + +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Su red permite \[acceder a servicios alojados en IPv6\](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) a diferencia de otros proveedores que bloquean las conexiones IPv6. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad ha publicado su cliente en la \[App Store\](https://apps.apple.com/app/mullvad-vpn/id1488466513) y en \[Google Play\](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), ambos con una interfaz fácil de usar en lugar de requerir la configuración manual de la conexión de WireGuard. El cliente móvil en Android también está disponible en \[F-Droid\](https://f-droid.org/packages/net.mullvad.mullvadvpn), lo que garantiza que se compila con \[builds reproducibles\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Utilizan \[ShadowSocks\](https://shadowsocks.org/en/index.html) en su configuración de ShadowSocks + OpenVPN, lo que les hace más resistentes contra los cortafuegos con \[Inspección profunda de paquete\](https://es.wikipedia.org/wiki/Deep_Packet_Inspection) que intentan bloquear las VPN. ## Criteria @@ -246,13 +252,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Mejor caso:** -- Opción de pago en Monero o en efectivo. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No se requiere información personal para registrarse: Sólo nombre de usuario, contraseña y correo electrónico como máximo. **Best Case:** -- Acepta Monero, dinero en efectivo y otras formas de pago anónimo (tarjetas de regalo, etc.) -- No se aceptan datos personales (nombre de usuario autogenerado, no se requiere correo electrónico, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Seguridad @@ -310,5 +316,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Funcionalidades adicionales While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/fa/404.md b/i18n/fa/404.md index 49886058c..25c1c7805 100644 --- a/i18n/fa/404.md +++ b/i18n/fa/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/criteria.md b/i18n/fa/about/criteria.md index 562a5d4a3..3084230bd 100644 --- a/i18n/fa/about/criteria.md +++ b/i18n/fa/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/donate.md b/i18n/fa/about/donate.md index 5e700e2ad..8accd67a1 100644 --- a/i18n/fa/about/donate.md +++ b/i18n/fa/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/index.md b/i18n/fa/about/index.md index 917b49103..619406fee 100644 --- a/i18n/fa/about/index.md +++ b/i18n/fa/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/notices.md b/i18n/fa/about/notices.md index 2ded68dfc..6415953c4 100644 --- a/i18n/fa/about/notices.md +++ b/i18n/fa/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/privacy-policy.md b/i18n/fa/about/privacy-policy.md index 70ab9d9be..26c668d1a 100644 --- a/i18n/fa/about/privacy-policy.md +++ b/i18n/fa/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/privacytools.md b/i18n/fa/about/privacytools.md index 319fac36e..515c21f59 100644 --- a/i18n/fa/about/privacytools.md +++ b/i18n/fa/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/services.md b/i18n/fa/about/services.md index 45a5f1765..71f2c95b7 100644 --- a/i18n/fa/about/services.md +++ b/i18n/fa/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/statistics.md b/i18n/fa/about/statistics.md index 6e2334d43..8f17240c3 100644 --- a/i18n/fa/about/statistics.md +++ b/i18n/fa/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/advanced/communication-network-types.md b/i18n/fa/advanced/communication-network-types.md index fcbc0465b..1f07a2c4c 100644 --- a/i18n/fa/advanced/communication-network-types.md +++ b/i18n/fa/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/advanced/dns-overview.md b/i18n/fa/advanced/dns-overview.md index 1e872d2d8..95a4ee11b 100644 --- a/i18n/fa/advanced/dns-overview.md +++ b/i18n/fa/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- [سیستم نام دامنه (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System) 'دفترچه تلفن اینترنت' است. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/advanced/payments.md b/i18n/fa/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/fa/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/fa/advanced/tor-overview.md b/i18n/fa/advanced/tor-overview.md index 678ffe864..dd9d2a951 100644 --- a/i18n/fa/advanced/tor-overview.md +++ b/i18n/fa/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.fa.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/fa/android.md b/i18n/fa/android.md index 082a71261..3da86daae 100644 --- a/i18n/fa/android.md +++ b/i18n/fa/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/account-creation.md b/i18n/fa/basics/account-creation.md index e1371a802..afa5d429f 100644 --- a/i18n/fa/basics/account-creation.md +++ b/i18n/fa/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/account-deletion.md b/i18n/fa/basics/account-deletion.md index 5bc04f102..2498d6045 100644 --- a/i18n/fa/basics/account-deletion.md +++ b/i18n/fa/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/common-misconceptions.md b/i18n/fa/basics/common-misconceptions.md index 9db645e06..41997417f 100644 --- a/i18n/fa/basics/common-misconceptions.md +++ b/i18n/fa/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.fa.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/fa/basics/common-threats.md b/i18n/fa/basics/common-threats.md index 4b1111992..e278c0cbf 100644 --- a/i18n/fa/basics/common-threats.md +++ b/i18n/fa/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.fa.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/fa/basics/email-security.md b/i18n/fa/basics/email-security.md index 61694ede0..f0c2fb579 100644 --- a/i18n/fa/basics/email-security.md +++ b/i18n/fa/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/multi-factor-authentication.md b/i18n/fa/basics/multi-factor-authentication.md index f3f5b7043..2f6a7b555 100644 --- a/i18n/fa/basics/multi-factor-authentication.md +++ b/i18n/fa/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/passwords-overview.md b/i18n/fa/basics/passwords-overview.md index 2bb9b52a8..6858d8b5b 100644 --- a/i18n/fa/basics/passwords-overview.md +++ b/i18n/fa/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/threat-modeling.md b/i18n/fa/basics/threat-modeling.md index ecb360e88..fc1b3b411 100644 --- a/i18n/fa/basics/threat-modeling.md +++ b/i18n/fa/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/vpn-overview.md b/i18n/fa/basics/vpn-overview.md index 906b31f09..a1a007f52 100644 --- a/i18n/fa/basics/vpn-overview.md +++ b/i18n/fa/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/calendar.md b/i18n/fa/calendar.md index ced209812..bbcb033ad 100644 --- a/i18n/fa/calendar.md +++ b/i18n/fa/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/cloud.md b/i18n/fa/cloud.md index 3e05b2d65..8846ff6ca 100644 --- a/i18n/fa/cloud.md +++ b/i18n/fa/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/cryptocurrency.md b/i18n/fa/cryptocurrency.md new file mode 100644 index 000000000..ba06ba1ea --- /dev/null +++ b/i18n/fa/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/fa/data-redaction.md b/i18n/fa/data-redaction.md index b3879c416..961594a8d 100644 --- a/i18n/fa/data-redaction.md +++ b/i18n/fa/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/desktop-browsers.md b/i18n/fa/desktop-browsers.md index f903cef9d..1f5c11399 100644 --- a/i18n/fa/desktop-browsers.md +++ b/i18n/fa/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.fa.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/fa/desktop.md b/i18n/fa/desktop.md index 0d4f97cfe..2db4d1191 100644 --- a/i18n/fa/desktop.md +++ b/i18n/fa/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/dns.md b/i18n/fa/dns.md index 48581c704..a8cc21dac 100644 --- a/i18n/fa/dns.md +++ b/i18n/fa/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.fa.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/fa/email-clients.md b/i18n/fa/email-clients.md index f14610d38..b9f5dd7d8 100644 --- a/i18n/fa/email-clients.md +++ b/i18n/fa/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/email.md b/i18n/fa/email.md index 018713f5e..7ab4c31d5 100644 --- a/i18n/fa/email.md +++ b/i18n/fa/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/encryption.md b/i18n/fa/encryption.md index d254167c0..ded8533b1 100644 --- a/i18n/fa/encryption.md +++ b/i18n/fa/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/file-sharing.md b/i18n/fa/file-sharing.md index 2d22ffc66..3e79d791f 100644 --- a/i18n/fa/file-sharing.md +++ b/i18n/fa/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/financial-services.md b/i18n/fa/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/fa/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/fa/frontends.md b/i18n/fa/frontends.md index e2a458beb..7f245f412 100644 --- a/i18n/fa/frontends.md +++ b/i18n/fa/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/index.md b/i18n/fa/index.md index 07466b4ad..85cfead2b 100644 --- a/i18n/fa/index.md +++ b/i18n/fa/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/kb-archive.md b/i18n/fa/kb-archive.md index ef94741f4..92daee33b 100644 --- a/i18n/fa/kb-archive.md +++ b/i18n/fa/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/meta/brand.md b/i18n/fa/meta/brand.md index 07e4bb192..53cb9ac42 100644 --- a/i18n/fa/meta/brand.md +++ b/i18n/fa/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/meta/git-recommendations.md b/i18n/fa/meta/git-recommendations.md index fa2e11428..f59b5f81f 100644 --- a/i18n/fa/meta/git-recommendations.md +++ b/i18n/fa/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/meta/uploading-images.md b/i18n/fa/meta/uploading-images.md index 61949c17f..55f136f8a 100644 --- a/i18n/fa/meta/uploading-images.md +++ b/i18n/fa/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/meta/writing-style.md b/i18n/fa/meta/writing-style.md index 6915a7ffc..b9e47a716 100644 --- a/i18n/fa/meta/writing-style.md +++ b/i18n/fa/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/mobile-browsers.md b/i18n/fa/mobile-browsers.md index 1d8dfb6b9..372e19b84 100644 --- a/i18n/fa/mobile-browsers.md +++ b/i18n/fa/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/multi-factor-authentication.md b/i18n/fa/multi-factor-authentication.md index 3bd4e5d31..41030fe3b 100644 --- a/i18n/fa/multi-factor-authentication.md +++ b/i18n/fa/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/news-aggregators.md b/i18n/fa/news-aggregators.md index c0de18bcf..2dad5ac09 100644 --- a/i18n/fa/news-aggregators.md +++ b/i18n/fa/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/notebooks.md b/i18n/fa/notebooks.md index 116bf2b3a..0739f6680 100644 --- a/i18n/fa/notebooks.md +++ b/i18n/fa/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/os/android-overview.md b/i18n/fa/os/android-overview.md index bb93e22fc..a78631a2a 100644 --- a/i18n/fa/os/android-overview.md +++ b/i18n/fa/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/os/linux-overview.md b/i18n/fa/os/linux-overview.md index 731dfba8b..638c79279 100644 --- a/i18n/fa/os/linux-overview.md +++ b/i18n/fa/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/os/qubes-overview.md b/i18n/fa/os/qubes-overview.md index 557c32569..17b286b9f 100644 --- a/i18n/fa/os/qubes-overview.md +++ b/i18n/fa/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/passwords.md b/i18n/fa/passwords.md index dbe30a966..e81f1186e 100644 --- a/i18n/fa/passwords.md +++ b/i18n/fa/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/productivity.md b/i18n/fa/productivity.md index 63832903c..4490325da 100644 --- a/i18n/fa/productivity.md +++ b/i18n/fa/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/real-time-communication.md b/i18n/fa/real-time-communication.md index 9a51acf49..68f9d767b 100644 --- a/i18n/fa/real-time-communication.md +++ b/i18n/fa/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/router.md b/i18n/fa/router.md index 4677d1a61..a494c017d 100644 --- a/i18n/fa/router.md +++ b/i18n/fa/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/search-engines.md b/i18n/fa/search-engines.md index 1b19c469e..911525d7d 100644 --- a/i18n/fa/search-engines.md +++ b/i18n/fa/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/tools.md b/i18n/fa/tools.md index 1c4e0a778..ef945a945 100644 --- a/i18n/fa/tools.md +++ b/i18n/fa/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/tor.md b/i18n/fa/tor.md index 0c8cf09d6..ce93c961d 100644 --- a/i18n/fa/tor.md +++ b/i18n/fa/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/video-streaming.md b/i18n/fa/video-streaming.md index 8cc0135f1..8f8ebd0b8 100644 --- a/i18n/fa/video-streaming.md +++ b/i18n/fa/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/vpn.md b/i18n/fa/vpn.md index 2d06ffdd2..6bba25466 100644 --- a/i18n/fa/vpn.md +++ b/i18n/fa/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fr/404.md b/i18n/fr/404.md index 0907d1e3a..ea9af6fbc 100644 --- a/i18n/fr/404.md +++ b/i18n/fr/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Page introuvable @@ -13,5 +17,3 @@ Nous n'avons pas pu trouver la page que vous recherchiez ! Peut-être recherchie - [Les meilleurs fournisseurs de VPN](vpn.md) - [Le forum de Privacy Guides](https://discuss.privacyguides.net) - [Notre blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/CODE_OF_CONDUCT.md b/i18n/fr/CODE_OF_CONDUCT.md index 88a0e9100..88e156d76 100644 --- a/i18n/fr/CODE_OF_CONDUCT.md +++ b/i18n/fr/CODE_OF_CONDUCT.md @@ -1,53 +1,53 @@ -# Community Code of Conduct +# Code de conduite communautaire -**We pledge** to make our community a harassment-free experience for everyone. +**Nous nous engageons** à faire de notre communauté une expérience sans harcèlement pour tous. -**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others. +**Nous nous efforçons** de créer un environnement positif, en utilisant un langage accueillant et inclusif, et en étant respectueux des points de vue des autres. -**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment. +**Nous n'autorisons pas** un comportement inapproprié ou autrement inacceptable, tel qu'un langage sexualisé, des commentaires trolls et insultants, ou toute autre promotion de l'intolérance ou du harcèlement. -## Community Standards +## Normes communautaires -What we expect from members of our communities: +Ce que nous attendons des membres de nos communautés : -1. **Don't spread misinformation** +1. **Ne diffusez pas de fausses informations** - We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. + Nous créons une communauté éducative fondée sur des preuves en matière de confidentialité et de sécurité de l'information, et non un foyer pour les théories du complot. Par exemple, lorsque vous affirmez qu'un certain logiciel est malveillant ou que certaines données de télémétrie portent atteinte à la vie privée, expliquez en détail ce qui est collecté et comment. Les affirmations de cette nature doivent être étayées par des preuves techniques. -1. **Don't abuse our willingness to help** +1. **N'abusez pas de notre volonté d'aider** - Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). + Les membres de notre communauté ne sont pas votre support technique gratuit. Nous sommes heureux de vous aider à franchir certaines étapes de votre parcours de protection de la vie privée si vous êtes prêt à faire des efforts de votre côté. Nous ne sommes pas disposés à répondre à des questions répétées à l'infini sur des problèmes informatiques génériques auxquels vous auriez pu répondre vous-même en 30 secondes de recherche sur Internet. Ne soyez pas un [vampire de l'aide](https://slash7.com/2006/12/22/vampires/). -1. **Behave in a positive and constructive manner** +1. **Comportez-vous de manière positive et constructive** - Examples of behavior that contributes to a positive environment for our community include: + Voici quelques exemples de comportements qui contribuent à un environnement positif pour notre communauté : - - Demonstrating empathy and kindness toward other people - - Being respectful of differing opinions, viewpoints, and experiences - - Giving and gracefully accepting constructive feedback - - Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience - - Focusing on what is best not just for us as individuals, but for the overall community + - Faire preuve d'empathie et de gentillesse envers les autres + - Être respectueux des différentes opinions, points de vue et expériences + - Donner et accepter avec grâce des retours constructifs + - Accepter la responsabilité et présenter des excuses à ceux qui ont été affectés par nos erreurs, et tirer des leçons de cette expérience + - Se concentrer sur ce qui est le mieux non seulement pour nous en tant qu'individus, mais aussi pour l'ensemble de la communauté -### Unacceptable Behavior +### Comportement inacceptable -The following behaviors are considered harassment and are unacceptable within our community: +Les comportements suivants sont considérés comme du harcèlement et sont inacceptables au sein de notre communauté : -- The use of sexualized language or imagery, and sexual attention or advances of any kind -- Trolling, insulting or derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or email address, without their explicit permission -- Other conduct which could reasonably be considered inappropriate in a professional setting +- L'utilisation d'un langage ou d'images à caractère sexuel, ainsi que des attentions ou des avances sexuelles de quelque nature que ce soit +- Le "trolling", les commentaires insultants ou désobligeants et les attaques personnelles ou d’ordre politique +- Le harcèlement en public ou en privé +- Publier des informations privées d'autrui, telles qu'une adresse physique ou électronique, sans leur permission explicite +- Toute autre conduite qui pourrait raisonnablement être considérée comme inappropriée dans un cadre professionnel -## Scope +## Périmètre d’application -Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities. +Notre code de conduite s'applique dans tous les espaces du projet, ainsi que lorsqu'une personne représente le projet Privacy Guides dans d'autres communautés. -We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion. +Nous sommes responsables de la clarification des normes de notre communauté, et nous avons le droit de supprimer ou de modifier les commentaires de ceux qui participent à notre communauté, si nécessaire et à notre discrétion. ### Contact -If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system. +Si vous observez un problème sur une plateforme comme Matrix ou Reddit, veuillez contacter nos modérateurs sur cette plateforme en chat, via DM, ou par le biais de tout système désigné "Modmail". -If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`. +Si vous avez un problème ailleurs, ou un problème que nos modérateurs de la communauté ne sont pas en mesure de résoudre, adressez-vous à `jonah@privacyguides.org` et/ou `dngray@privacyguides.org`. -All community leaders are obligated to respect the privacy and security of the reporter of any incident. +Tous les dirigeants de la communauté sont tenus de respecter la vie privée et la sécurité du rapporteur de l'incident. diff --git a/i18n/fr/about/criteria.md b/i18n/fr/about/criteria.md index 78c645dcd..847148edd 100644 --- a/i18n/fr/about/criteria.md +++ b/i18n/fr/about/criteria.md @@ -38,5 +38,3 @@ Nous avons ces exigences à l'égard des développeurs qui souhaitent soumettre - Vous devez indiquer quel est le modèle de menace exact avec votre projet. - Il doit être clair pour les utilisateurs potentiels ce que le projet peut fournir et ce qu'il ne peut pas fournir. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/donate.md b/i18n/fr/about/donate.md index 6fc4c7a81..8717528b5 100644 --- a/i18n/fr/about/donate.md +++ b/i18n/fr/about/donate.md @@ -48,5 +48,3 @@ Nous hébergeons [des services internet](https://privacyguides.net) pour tester Nous achetons occasionnellement des produits et des services dans le but de tester nos [outils recommandés](../tools.md). Nous travaillons toujours avec notre hôte fiscal (la Fondation Open Collective) pour recevoir des dons en crypto-monnaies. Pour l'instant, la comptabilité est irréalisable pour de nombreuses petites transactions, mais cela devrait changer à l'avenir. En attendant, si vous souhaitez faire un don important en crypto-monnaies (> 100 $), veuillez contacter [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/index.md b/i18n/fr/about/index.md index f9ef34697..37d72fbe4 100644 --- a/i18n/fr/about/index.md +++ b/i18n/fr/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "À propos de Privacy Guides" +description: Privacy Guides est un site web à vocation sociale qui fournit des informations pour protéger la sécurité de vos données et votre vie privée. --- -**Privacy Guides** est un site web à vocation sociale qui fournit des informations pour protéger la sécurité de vos données et votre vie privée. Nous sommes un collectif à but non lucratif entièrement géré par des [membres bénévoles de l'équipe](https://discuss.privacyguides.net/g/team) et des contributeurs. +![Logo de Privacy Guides](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Soutenir le projet](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** est un site web à vocation sociale qui fournit [des informations](/kb) pour protéger la sécurité de vos données et votre vie privée. Nous sommes un collectif à but non lucratif entièrement géré par des [membres bénévoles de l'équipe](https://discuss.privacyguides.net/g/team) et des contributeurs. Notre site web est exempt de toute publicité et n'est pas affilié aux fournisseurs répertoriés. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title="Page d'accueil" } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Code source" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribuer } + +L'objectif de Privacy Guides est d'éduquer notre communauté sur l'importance de la vie privée en ligne et sur les programmes gouvernementaux internationaux qui sont conçus pour surveiller toutes vos activités en ligne. + +> Pour trouver des applications [alternatives axées sur la protection de la vie privée], consultez des sites tels que Good Reports et **Privacy Guides**, qui répertorient les applications axées sur la protection de la vie privée dans diverses catégories, notamment les fournisseurs de courrier électronique (généralement payants) qui ne sont pas gérés par les grands géants du web. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) [Traduit de l'anglais] + +> Si vous êtes à la recherche d'un nouveau VPN, vous pouvez consulter le code de réduction d'à peu près tous les podcasts. Si vous cherchez un **bon** VPN, vous avez besoin d'une aide professionnelle. Il en va de même pour les clients de messagerie, les navigateurs, les systèmes d'exploitation et les gestionnaires de mots de passe. Comment savoir laquelle de ces options est la meilleure, la plus respectueuse de la vie privée ? Pour cela, il existe **Privacy Guides**, une plateforme sur laquelle un certain nombre de bénévoles recherchent jour après jour les meilleurs outils respectueux de la vie privée à utiliser sur internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Traduit du néerlandais] + +Également présenté sur : [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], et [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## Histoire + +Privacy Guides a été lancé en septembre 2021 dans le prolongement du projet éducatif open source [défunt](privacytools.md) « PrivacyTools ». Nous avons reconnu l’importance de recommandations indépendantes, axées sur des critères, et de connaissances générales dans l’environnement de la protection de la vie privée. C'est pourquoi nous avions besoin de préserver le travail qui avait été créé par tant de contributeurs depuis 2015, et être sûr que ces informations aient une place stable sur le web indéfiniment. + +En 2022, nous avons achevé la transition de l'environnement de site web principal de Jekyll à MkDocs, en utilisant le logiciel de documentation `mkdocs-material`. Ce changement a rendu les contributions open source à notre site considérablement plus facile pour les personnes extérieures, parce qu'au lieu d'avoir besoin de connaître une syntaxe complexe pour écrire des messages efficacement, contribuer est maintenant aussi simple que d'écrire un document Markdown standard. + +Nous avons également lancé notre nouveau forum de discussion sur [discuss.privacyguides.net](https://discuss.privacyguides.net/) comme plateforme communautaire pour partager des idées et poser des questions sur notre mission. Cela complète notre communauté existante sur Matrix et remplace notre précédente plate-forme de Discussions GitHub, réduisant ainsi notre dépendance aux plateformes de discussion propriétaires. + +Jusqu'à présent en 2023, nous avons lancé des traductions internationales de notre site en [français](/fr/), [hébreu](/he/), et [néerlandais](/nl/), et d'autres langues sont à venir, rendu possible par notre excellente équipe de traduction sur [Crowdin](https://crowdin.com/project/privacyguides). Nous avons l'intention de poursuivre notre mission de sensibilisation et d'éducation, et trouver des moyens de mieux mettre en évidence les dangers d'un manque de sensibilisation à la protection de la vie privée à l'ère numérique moderne, et la prévalence et les conséquences des failles de sécurité dans l'industrie de la technologie. ## Notre équipe @@ -48,7 +76,7 @@ title: "À propos de Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -De plus, [de nombreuses personnes](https://github.com/privacyguides/privacyguides.org/graphs/contributors) ont apporté des contributions au projet. Vous pouvez aussi, nous sommes open source sur GitHub ! +De plus, [de nombreuses personnes](https://github.com/privacyguides/privacyguides.org/graphs/contributors) ont apporté des contributions au projet. Vous pouvez aussi, nous sommes open source sur GitHub, et acceptons les suggestions de traduction sur [Crowdin](https://crowdin.com/project/privacyguides). Les membres de notre équipe examinent toutes les modifications apportées au site et s'occupent des tâches administratives telles que l'hébergement et les finances, mais ils ne profitent pas personnellement des contributions apportées à ce site. Nos finances sont hébergées de manière transparente par la Fondation Open Collective 501(c)(3) sur [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Les dons à Privacy Guides sont généralement déductibles des impôts aux États-Unis. @@ -56,8 +84,6 @@ Les membres de notre équipe examinent toutes les modifications apportées au si *Ce qui suit est un résumé lisible par l'homme de la [licence](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE) (et ne se substitue pas à celle-ci) :* -:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Sauf indication contraire, le contenu original de ce site web est mis à disposition sous la [licence publique internationale Creative Commons Attribution-NoDerivatives 4.0](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). Cela signifie que vous êtes libre de copier et de redistribuer le matériel sur n'importe quel support ou dans n'importe quel format, à n'importe quelle fin, même commerciale, pour autant que vous accordiez le crédit approprié à `Privacy Guides (www.privacyguides.org)` et que vous fournissiez un lien vers la licence. Vous **ne pouvez pas** utiliser la marque Privacy Guides dans votre propre projet sans l'approbation expresse de ce projet. Si vous remixez, transformez ou construisez sur le contenu de ce site web, vous n'êtes pas autorisé à distribuer le matériel modifié. +:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Sauf indication contraire, le contenu original de ce site web est mis à disposition sous la [licence publique internationale Creative Commons Attribution-NoDerivatives 4.0](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). Cela signifie que vous êtes libre de copier et de redistribuer le matériel sur n'importe quel support ou dans n'importe quel format, à n'importe quelle fin, même commerciale, pour autant que vous accordiez le crédit approprié à `Privacy Guides (www.privacyguides.org)` et que vous fournissiez un lien vers la licence. Vous pouvez le faire de toute manière raisonnable, mais pas d'une manière qui suggère que Privacy Guides vous approuve ou approuve votre utilisation. Si vous remixez, transformez ou construisez sur le contenu de ce site web, vous n'êtes pas autorisé à distribuer le matériel modifié. Cette licence a été mise en place pour empêcher les gens de partager notre travail sans en donner le crédit approprié, et pour empêcher les gens de modifier notre travail d'une manière qui pourrait être utilisée pour induire les gens en erreur. Si vous trouvez les termes de cette licence trop restrictifs pour le projet sur lequel vous travaillez, veuillez nous contacter à l'adresse `jonah@privacyguides.org`. Nous serons heureux de fournir des options de licence alternatives pour les projets bien intentionnés dans le domaine de la vie privée ! - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/notices.md b/i18n/fr/about/notices.md index 0f33d67cd..ec5c59b17 100644 --- a/i18n/fr/about/notices.md +++ b/i18n/fr/about/notices.md @@ -24,7 +24,7 @@ Cela n'inclut pas le code tiers intégré dans ce dépôt, ou le code pour leque Certaines parties de cet avis ont été reprises du projet [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) sur GitHub. Cette ressource et cette page elle-même sont publiées sous [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE). -Cela signifie que vous pouvez utiliser le contenu lisible par l'homme de ce dépôt pour votre propre projet, conformément aux conditions décrites dans le texte universel CC0 1.0. Vous **ne pouvez pas** utiliser la marque Privacy Guides dans votre propre projet sans l'approbation expresse de ce projet. Les marques de commerce de Privacy Guides comprennent le mot-clé et le logo "Privacy Guides". Les marques déposées de Privacy Guides comprennent l'appellation « Privacy Guides » ainsi que le logo Shield. +Cela signifie que vous pouvez utiliser le contenu lisible par l'homme de ce dépôt pour votre propre projet, conformément aux conditions décrites dans le texte universel CC0 1.0. Vous pouvez le faire de toute manière raisonnable, mais pas d'une manière qui suggère que Privacy Guides vous approuve ou approuve votre utilisation. Les marques de commerce de Privacy Guides comprennent le mot-clé et le logo "Privacy Guides". Les marques déposées de Privacy Guides comprennent l'appellation « Privacy Guides » ainsi que le logo Shield. Nous estimons que les logos et autres images des `actifs` obtenus auprès de fournisseurs tiers sont soit du domaine public, soit **d'un usage raisonnable**. En résumé, la [doctrine d'usage raisonnable](https://fr.wikipedia.org/wiki/Fair_use) permet l'utilisation d'images protégées par le droit d'auteur afin d'identifier le sujet à des fins de commentaire public. Toutefois, ces logos et autres images peuvent encore être soumis aux lois sur les marques commerciales dans une ou plusieurs juridictions. Avant d'utiliser ce contenu, veuillez vous assurer qu'il permet d'identifier l'entité ou l'organisation propriétaire de la marque et que vous avez le droit de l'utiliser en vertu des lois applicables dans les circonstances de votre utilisation prévue. *Lorsque vous copiez le contenu de ce site web, vous êtes seul responsable de vous assurer que vous ne violez pas la marque ou le droit d'auteur de quelqu'un d'autre.* @@ -41,5 +41,3 @@ Vous ne devez pas mener d'activités de collecte de données systématiques ou a * [Web scrapping](https://fr.wikipedia.org/wiki/Web_scraping) * Extraction de données * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/privacy-policy.md b/i18n/fr/about/privacy-policy.md index 38de9feb8..5a4eb6672 100644 --- a/i18n/fr/about/privacy-policy.md +++ b/i18n/fr/about/privacy-policy.md @@ -59,5 +59,3 @@ De manière plus générale, pour les plaintes en vertu du RGPD. Vous pouvez les Nous publierons toute nouvelle version de cette déclaration [ici](privacy-policy.md). Il se peut que nous modifiions la manière dont nous annonçons les changements dans les futures versions de ce document. Nous pouvons également mettre à jour nos coordonnées à tout moment sans annoncer de changement. Veuillez vous référer à la [politique de confidentialité](privacy-policy.md) pour obtenir les dernières informations de contact à tout moment. Un [historique](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) de révision complet de cette page peut être trouvé sur GitHub. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/privacytools.md b/i18n/fr/about/privacytools.md index fda4fd598..3475ffd61 100644 --- a/i18n/fr/about/privacytools.md +++ b/i18n/fr/about/privacytools.md @@ -116,5 +116,3 @@ Ce sujet a fait l'objet de nombreuses discussions au sein de nos communautés à - [2 avr 2022 réponse de u/dng99 à l'article de blog accusatoire de PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [16 mai 2022 réponse de @TommyTran732 sur Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post sur le forum de Techlore par @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/services.md b/i18n/fr/about/services.md index 6f1fc168b..4fdbe8cc2 100644 --- a/i18n/fr/about/services.md +++ b/i18n/fr/about/services.md @@ -36,5 +36,3 @@ Nous utilisons un certain nombre de services web pour tester des fonctionnalité - Disponibilité : semi-public Nous hébergeons Invidious principalement pour servir les vidéos YouTube intégrées à notre site web. Cette instance n'est pas destinée à un usage général et peut être limitée à tout moment. - Source : [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/statistics.md b/i18n/fr/about/statistics.md index ddedefe51..381af078f 100644 --- a/i18n/fr/about/statistics.md +++ b/i18n/fr/about/statistics.md @@ -59,5 +59,3 @@ title: Statistiques de trafic }) }) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/advanced/communication-network-types.md b/i18n/fr/advanced/communication-network-types.md index fd3e558c9..7f8907108 100644 --- a/i18n/fr/advanced/communication-network-types.md +++ b/i18n/fr/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types de réseaux de communication" icon: 'material/transit-connection-variant' +description: Une présentation de plusieurs architectures réseau couramment utilisées par les applications de messagerie instantanée. --- Il existe plusieurs architectures réseau couramment utilisées pour relayer des messages entre des personnes. Ces réseaux peuvent offrir des garanties différentes en matière de protection de la vie privée. C'est pourquoi il est utile de tenir compte de votre [modèle de menace](../basics/threat-modeling.md) lorsque vous décidez quelle application à utiliser. @@ -100,5 +101,3 @@ L'auto-hébergement d'un nœud dans un réseau de routage anonyme ne procure pas - Moins fiable si les nœuds sont sélectionnés par un routage aléatoire, certains nœuds peuvent être très éloignés de l'expéditeur et du récepteur, ce qui ajoute une latence ou même l'impossibilité de transmettre les messages si l'un des nœuds se déconnecte. - Plus complexe à mettre en œuvre car la création et la sauvegarde sécurisée d'une clé cryptographique privé sont nécessaires. - Comme pour les autres plateformes décentralisées, l'ajout de fonctionnalités est plus complexe pour les développeurs que sur une plateforme centralisée. Par conséquent, des fonctionnalités peuvent manquer ou être incomplètement mises en œuvre, comme le relais des messages hors ligne ou la suppression des messages. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/advanced/dns-overview.md b/i18n/fr/advanced/dns-overview.md index b1fbb0c36..2e4a91444 100644 --- a/i18n/fr/advanced/dns-overview.md +++ b/i18n/fr/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction aux DNS" icon: material/dns +description: Le Système de Nom de Domaine est le "répertoire téléphonique de l'internet", qui aide votre navigateur à trouver le site web qu'il recherche. --- Le [système de nom de domaine](https://fr.wikipedia.org/wiki/Domain_Name_System) est "l'annuaire de l'internet". Le DNS traduit les noms de domaine en adresses IP afin que les navigateurs et autres services puissent charger les ressources de l'internet, grâce à un réseau décentralisé de serveurs. @@ -303,5 +304,3 @@ Le [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) est un Il est destiné à "accélérer" la transmission des données en donnant au client une réponse qui appartient à un serveur proche de lui, comme un [réseau de diffusion de contenu](https://fr.wikipedia.org/wiki/Réseau_de_diffusion_de_contenu), souvent utilisé pour la diffusion de vidéos en continu et pour servir des applications Web JavaScript. Cette fonction a un coût en termes de confidentialité, car elle fournit au serveur DNS des informations sur la localisation du client. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/advanced/payments.md b/i18n/fr/advanced/payments.md new file mode 100644 index 000000000..c3fe69c7a --- /dev/null +++ b/i18n/fr/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Paiements privés +icon: material/hand-coin +--- + +Ce n'est pas pour rien que les données relatives à vos habitudes d'achat sont considérées comme le Saint-Graal du ciblage publicitaire : vos achats peuvent constituer un véritable trésor de données vous concernant. Malheureusement, le système financier actuel est, de par sa conception, hostile à la protection de la vie privée, car il permet aux banques, aux autres entreprises et aux gouvernements de retracer facilement les transactions. Néanmoins, vous disposez de nombreuses options pour effectuer des paiements de façon privée. + +## Argent liquide + +Pendant des siècles, **l'argent liquide** a été la principale forme de paiement privé. Dans la plupart des cas, l'argent liquide présente d'excellentes caractéristiques de confidentialité, est largement accepté dans la plupart des pays et est **fongible**, ce qui signifie qu'il n'est pas unique et qu'il est totalement interchangeable. + +Les lois sur les paiements en espèces varient d'un pays à l'autre. Aux États-Unis, les paiements en espèces supérieurs à 10 000 $ doivent faire l'objet d'une déclaration spéciale à l'IRS sur le [formulaire 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). L'entreprise destinataire est tenue de vérifier l'identité du bénéficiaire (nom, adresse, profession, date de naissance et numéro de sécurité sociale ou autre numéro fiscal), à quelques exceptions près. Des limites inférieures sans pièce d'identité, telles que 3 000 $ ou moins, existent pour les échanges et les transferts de fonds. Les espèces contiennent également des numéros de série. Ces données ne sont presque jamais tracées par les commerçants, mais elles peuvent être utilisées par les services répressifs dans le cadre d'enquêtes ciblées. + +Malgré cela, c'est généralement la meilleure option. + +## Cartes prépayées & cartes-cadeaux + +Il est relativement simple d'acheter des cartes-cadeaux et des cartes prépayées dans la plupart des magasins d'alimentation et des commerces de proximité avec de l'argent liquide. Les cartes-cadeaux ne sont généralement pas payantes, mais les cartes prépayées le sont souvent. Il convient donc d'être attentif à ces frais et aux dates d'expiration. Certains magasins peuvent demander à voir votre pièce d'identité à la caisse afin de réduire les fraudes. + +Les cartes-cadeaux sont généralement assorties d'une limite de 200 $ par carte, mais certaines offrent des limites allant jusqu'à 2 000 $ par carte. Les cartes prépayées (Visa ou Mastercard, par exemple) sont généralement assorties d'une limite de 1 000 $ par carte. + +Les cartes-cadeaux ont l'inconvénient d'être soumises aux politiques des commerçants, qui peuvent avoir des conditions et des restrictions terribles. Par exemple, certains commerçants n'acceptent pas exclusivement les paiements par carte-cadeau ou peuvent annuler la valeur de la carte s'ils considèrent que vous êtes un utilisateur à haut risque. Une fois que vous disposez d'un crédit commercial, le commerçant exerce un contrôle important sur ce crédit. + +Les cartes prépayées ne permettent pas de retirer de l'argent dans les DABs ni d'effectuer des paiements "pair à pair" avec Venmo et d'autres applications similaires. + +Pour la plupart des gens, l'argent liquide reste la meilleure option pour les achats en personne. Les cartes-cadeaux peuvent être utiles pour les économies qu'elles permettent de réaliser. Les cartes prépayées peuvent être utiles dans les endroits qui n'acceptent pas d'argent liquide. Les cartes-cadeaux et les cartes prépayées sont plus faciles à utiliser en ligne que l'argent liquide, et elles sont plus faciles à acquérir avec des crypto-monnaies qu'avec de l'argent liquide. + +### Marchés en ligne + +Si vous avez des [crypto-monnaies](../cryptocurrency.md), vous pouvez acheter des cartes-cadeaux sur une place de marché de cartes-cadeaux en ligne. Certains de ces services proposent des options de vérification d'identité pour des limites plus élevées, mais ils permettent également d'ouvrir des comptes avec une simple adresse email. Les limites de base commencent à 5 000 - 10 000 $ par jour pour les comptes de base, et des limites nettement plus élevées sont prévues pour les comptes dont l'identité a été vérifiée (le cas échéant). + +Lorsque vous achetez des cartes-cadeaux en ligne, vous bénéficiez généralement d'une légère réduction. Les cartes prépayées sont généralement vendues en ligne à leur valeur nominale ou moyennant des frais. Si vous achetez des cartes prépayées et des cartes-cadeaux avec des crypto-monnaies, vous devriez fortement préférer payer avec du Monero qui offre une grande confidentialité, plus d'informations à ce sujet ci-dessous. Payer une carte-cadeau avec une méthode de paiement traçable annule les avantages qu'une carte-cadeau peut offrir lorsqu'elle est achetée en espèces ou en Monero. + +- [Places de marché de cartes-cadeaux en ligne :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Cartes virtuelles + +Un autre moyen de protéger vos informations auprès des commerçants en ligne est d'utiliser des cartes virtuelles à usage unique qui masquent vos informations bancaires ou de facturation. Cette fonction est principalement utile pour vous protéger contre les fuites de données des commerçants, le suivi peu sophistiqué ou la corrélation des achats par les agences de marketing, et le vol de données en ligne. Elles ne vous aident **pas** à effectuer un achat de manière totalement anonyme et ne cachent aucune information à l'institution bancaire elle-même. Les institutions financières habituelles qui proposent des cartes virtuelles sont soumises aux lois sur la connaissance du client (KYC), ce qui signifie qu'elles peuvent exiger une pièce d'identité ou d'autres informations d'identification. + +- [Services de masquage des paiements recommandés :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +Ce sont généralement de bonnes options pour les paiements récurrents/abonnements en ligne, tandis que les cartes-cadeaux prépayées sont préférables pour les transactions ponctuelles. + +## Crypto-monnaie + +Les crypto-monnaies sont une forme numérique de monnaie conçue pour fonctionner sans autorités centrales telles qu'un gouvernement ou une banque. Bien que *certains* projets de crypto-monnaie vous permettent d'effectuer des transactions privées en ligne, beaucoup d'entre eux utilisent une chaîne de blocs publique qui ne garantit pas la confidentialité des transactions. Les crypto-monnaies ont également tendance à être des actifs très volatils, ce qui signifie que leur valeur peut changer rapidement et de manière significative à tout moment. C'est pourquoi nous ne recommandons généralement pas d'utiliser les crypto-monnaies comme réserve de valeur à long terme. Si vous décidez d'utiliser des crypto-monnaies en ligne, assurez-vous au préalable de bien comprendre les aspects liés à la protection de la vie privée et n'investissez que des montants qu'il ne serait pas désastreux de perdre. + +!!! danger "Danger" + + La grande majorité des crypto-monnaies fonctionnent sur une chaîne de blocs **publique**, ce qui signifie que chaque transaction est connue de tous. Cela inclut même les crypto-monnaies les plus connues comme le Bitcoin et l'Ethereum. Les transactions avec ces crypto-monnaies ne doivent pas être considérées comme privées et ne protégeront pas votre anonymat. + + En outre, de nombreuses crypto-monnaies, si ce n'est la plupart, sont des escroqueries. Effectuez des transactions avec prudence, uniquement avec des projets auxquels vous faites confiance. + +### Crypto-monnaies privées + +Il existe un certain nombre de projets de crypto-monnaies qui prétendent assurer la protection de la vie privée en rendant les transactions anonymes. Nous recommandons d'en utiliser un qui assure l'anonymat des transactions **par défaut** afin d'éviter des erreurs opérationnelles. + +- [Crypto-monnaies recommandées :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Les crypto-monnaies privées font l'objet d'un examen de plus en plus minutieux de la part des agences gouvernementales. En 2020, [l'IRS a publié une prime de 625 000 $](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) pour des outils qui peuvent briser la confidentialité des transactions du réseau Lightning Bitcoin et/ou de Monero. En fin de compte, ils [ont versé à deux sociétés](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis et Integra Fec) un montant combiné de 1,25 million $ pour des outils qui prétendent le faire (on ne sait pas quel réseau de crypto-monnaies ces outils ciblent). En raison du secret qui entoure ce type d'outils, ==aucune de ces méthodes de traçage des crypto-monnaies n'a été confirmée de manière indépendante.== Cependant, il est tout à fait probable que des outils qui aident les enquêtes ciblées sur les transactions de crypto-monnaies privées existent, et que les crypto-monnaies privées ne parviennent qu'à contrecarrer la surveillance de masse. + +### Autres crypto-monnaies (Bitcoin, Ethereum, etc.) + +La grande majorité des projets de crypto-monnaies utilisent une chaîne de blocs publique, ce qui signifie que toutes les transactions sont à la fois facilement traçables et permanentes. C'est pourquoi nous décourageons fortement l'utilisation de la plupart des crypto-monnaies pour une utilisation liées à la protection de la vie privée. + +Les transactions anonymes sur une chaîne de blocs publique sont *théoriquement* possibles, et le wiki Bitcoin [donne un exemple de transaction "complètement anonyme"](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). Toutefois, cela nécessite une configuration compliquée impliquant Tor et le "minage en solo" d'un bloc pour générer une crypto-monnaie complètement indépendante, une pratique qui n'a pas été pratique pour presque tous les enthousiastes depuis de nombreuses années. + +==Votre meilleure option est d'éviter complètement ces crypto-monnaies et de vous en tenir à une qui assure la confidentialité par défaut.== Tenter d'utiliser d'autres crypto-monnaies sort du cadre de ce site et est fortement déconseillé. + +### Garde du portefeuille + +Il existe deux types de portefeuilles pour les crypto-monnaies : les portefeuilles de garde et les portefeuilles non gardiens. Les portefeuilles de garde sont gérés par des sociétés centralisées ou des centres d'échange, qui détiennent la clé privée de votre portefeuille, et vous pouvez y accéder n'importe où, en général avec un nom d'utilisateur et un mot de passe ordinaires. Les portefeuilles non gardiens sont des portefeuilles dont vous contrôlez et gérez les clés privées permettant d'y accéder. Si vous conservez les clés privées de votre portefeuille en toute sécurité et que vous les sauvegardez, les portefeuilles non gardiens offrent une plus grande sécurité et une meilleure résistance à la censure que les portefeuilles dépositaires, car vos crypto-monnaies ne peuvent pas être volées ou gelées par une entreprise qui a la garde de vos clés privées. La garde des clés est particulièrement importante lorsqu'il s'agit de crypto-monnaies privées : les portefeuilles de garde permettent à la société d'exploitation de consulter vos transactions, ce qui annule les avantages de ces crypto-monnaies sur la protection de la vie privée. + +### Acquisition + +Il peut être difficile d'acquérir des [crypto-monnaies](../cryptocurrency.md) comme Monero de façon privée. Les places de marché P2P telles que [LocalMonero](https://localmonero.co/), une plateforme qui facilite les échanges entre les personnes, sont une option qui peut être utilisée. Si l'utilisation d'un centre d'échange exigeant la connaissance du client (KYC) est un risque acceptable pour vous tant que les transactions ultérieures ne peuvent pas être tracées, une option beaucoup plus facile est d'acheter des Monero sur un centre d'échange comme [Kraken](https://kraken.com/), ou d'acheter des Bitcoin/Litecoin sur un centre d'échange KYC qui peuvent ensuite être échangés contre des Monero. Ensuite, vous pouvez retirer les Monero achetés vers votre propre portefeuille non gardien pour les utiliser de façon privée à partir de ce moment-là. + +Si vous optez pour cette solution, veillez à acheter des Monero à des moments et dans des quantités différents de ceux où vous les dépenserez. Si vous achetez 5 000 $ de Monero sur un centre d'échange et que vous effectuez un achat de 5 000 $ avec du Monero une heure plus tard, ces actions pourraient potentiellement être corrélées par un observateur extérieur, quel que soit le chemin emprunté par le Monero. L'échelonnement des achats et l'achat de grandes quantités de Monero à l'avance pour les dépenser plus tard dans de multiples transactions plus petites peuvent permettre d'éviter ce piège. + +## Autres considérations + +Lorsque vous effectuez un paiement en personne avec de l'argent liquide, n'oubliez pas de penser à votre vie privée physique. Les caméras de sécurité sont omniprésentes. Envisagez de porter des vêtements non distincts et un masque facial (tel qu'un masque chirurgical ou N95). Ne vous inscrivez pas à des programmes de récompense et ne fournissez pas d'autres informations vous concernant. + +Lorsque vous achetez en ligne, l'idéal est de le faire sur [Tor](tor-overview.md). Cependant, de nombreux commerçants n'autorisent pas les achats avec Tor. Vous pouvez envisager d'utiliser un [VPN recommandé](../vpn.md) (payé en espèces, par carte-cadeau ou par Monero), ou d'effectuer l'achat dans un café ou une bibliothèque disposant d'une connexion Wi-Fi gratuite. Si vous commandez un article physique qui doit être livré, vous devrez fournir une adresse de livraison. Vous devriez envisager d'utiliser une boîte postale, une boîte aux lettres privée ou une adresse professionnelle. diff --git a/i18n/fr/advanced/tor-overview.md b/i18n/fr/advanced/tor-overview.md index e9080518d..fa006b1ed 100644 --- a/i18n/fr/advanced/tor-overview.md +++ b/i18n/fr/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction à Tor" icon: 'simple/torproject' +description: Tor est un réseau décentralisé, gratuit, conçu pour utiliser Internet avec le plus de confidentialité possible. --- Tor est un réseau décentralisé, gratuit, conçu pour utiliser Internet avec le plus de confidentialité possible. S'il est utilisé correctement, le réseau permet une navigation et des communications privées et anonymes. @@ -68,14 +69,12 @@ Si vous souhaitez utiliser Tor pour naviguer sur le web, nous ne recommandons qu - [Navigateur Tor :material-arrow-right-drop-circle:](../tor.md#tor-browser) -## Ressources Supplémentaires +## Ressources supplémentaires - [Manuel d'utilisation du navigateur Tor](https://tb-manual.torproject.org) - [Comment Tor fonctionne - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Services onion Tor - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.fr.txt" - [^1]: Le premier relais de votre circuit est appelé "garde d'entrée" ou "garde". Il s'agit d'un relais rapide et stable qui reste le premier de votre circuit pendant 2 à 3 mois afin de vous protéger contre une attaque connue de rupture d'anonymat. Le reste de votre circuit change avec chaque nouveau site web que vous visitez, et tous ensemble ces relais fournissent les protections complètes de Tor en matière de vie privée. Pour en savoir plus sur le fonctionnement des relais de garde, consultez cet [article de blog](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) et ce [document](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) sur les gardes d'entrée. ([https://support.torproject.org/fr/tbb/tbb-2/](https://support.torproject.org/fr/tbb/tbb-2/)) [^2]: Balise de relai: une (dis-)qualification spéciale des relais pour les positions de circuit (par exemple, "Guard", "Exit", "BadExit"), les propriétés de circuit (par exemple, "Fast", "Stable") ou les rôles (par exemple, "Authority", "HSDir"), tels qu'attribués par les autorités de l'annuaire et définis plus précisément dans la spécification du protocole de l'annuaire. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/fr/android.md b/i18n/fr/android.md index 0fc683a62..623bbc6a6 100644 --- a/i18n/fr/android.md +++ b/i18n/fr/android.md @@ -1,20 +1,22 @@ --- title: "Android" icon: 'simple/android' +description: Vous pouvez remplacer le système d'exploitation de votre téléphone Android par ces alternatives sécurisées et respectueuses de la vie privée. --- ![Logo d'Android](assets/img/android/android.svg){ align=right } -**Android Open Source Project** est un système d'exploitation mobile à code source ouvert dirigé par Google qui équipe la majorité des appareils mobiles dans le monde. La plupart des téléphones vendus avec Android sont modifiés pour inclure des intégrations et des applications invasives telles que Google Play Services. Vous pouvez donc améliorer considérablement votre vie privée sur votre appareil mobile en remplaçant l'installation par défaut de votre téléphone par une version d'Android dépourvue de ces fonctionnalités invasives. +**Android Open Source Project** est un système d'exploitation mobile open source dirigé par Google qui équipe la majorité des appareils mobiles dans le monde. La plupart des téléphones vendus avec Android sont modifiés pour inclure des intégrations et des applications invasives telles que Google Play Services. Vous pouvez donc améliorer considérablement votre vie privée sur votre appareil mobile en remplaçant l'installation par défaut de votre téléphone par une version d'Android dépourvue de ces fonctionnalités invasives. [:octicons-home-16:](https://source.android.com/){ .card-link title=Page d'accueil } [:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} -[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Code Source" } +[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Code source" } Voici les systèmes d'exploitation, les appareils et les applications Android que nous recommandons pour optimiser la sécurité et la confidentialité de votre appareil mobile. Pour en savoir plus sur Android : -- [Présentation générale d'Android :material-arrow-right-drop-circle:](os/android-overview.md) -- [Pourquoi nous recommandons GrapheneOS plutôt que CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[Présentation générale d'Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Pourquoi nous recommandons GrapheneOS plutôt que CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Dérivés de AOSP @@ -41,9 +43,9 @@ Nous vous recommandons d'installer l'un de ces systèmes d'exploitation Android [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Code source" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuer } -GrapheneOS prend en charge [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), qui exécute les [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) entièrement sandboxed comme toute autre application normale. Cela signifie que vous pouvez profiter de la plupart des services Google Play, tels que [les notifications push](https://firebase.google.com/docs/cloud-messaging/), tout en vous donnant un contrôle total sur leurs autorisations et leur accès, et tout en les contenant à un [profil de travail](os/android-overview.md#work-profile) ou un [profil d'utilisateur](os/android-overview.md#user-profiles) spécifique de votre choix. +GrapheneOS prend en charge [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), qui exécute les [Services Google Play](https://fr.wikipedia.org/wiki/Services_Google_Play) entièrement sandboxed comme toute autre application normale. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. -Les téléphones Google Pixel sont les seuls appareils qui répondent actuellement aux [exigences de sécurité matérielle](https://grapheneos.org/faq#device-support) de GrapheneOS. +Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). ### DivestOS @@ -61,11 +63,11 @@ Les téléphones Google Pixel sont les seuls appareils qui répondent actuelleme [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Code source" } [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribuer } -DivestOS dispose d'un système de [correction](https://gitlab.com/divested-mobile/cve_checker) automatique des vulnérabilités du noyau ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), de moins de morceaux propriétaires et d'un fichier [hosts](https://divested.dev/index.php?page=dnsbl) personnalisé. Son WebView renforcé, [Mulch](https://gitlab.com/divested-mobile/mulch), permet [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) pour toutes les architectures et [un partitionnement de l'état du réseau](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), et reçoit des mises à jour hors bande. DivestOS inclut également les correctifs de noyau de GrapheneOS et active toutes les fonctions de sécurité de noyau disponibles via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Tous les noyaux plus récents que la version 3.4 incluent une [désinfection](https://lwn.net/Articles/334747/) complète de la page et tous les ~22 noyaux compilés par Clang ont [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) activé. +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS met en œuvre certains correctifs de renforcement du système développés à l'origine pour GrapheneOS. DivestOS 16.0 et plus implémente les autorisations [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) et SENSORS de GrapheneOS, l'[allocateur de mémoire renforcé](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), la [constification](https://en.wikipedia.org/wiki/Java_Native_Interface) [JNI](https://en.wikipedia.org/wiki/Const_(computer_programming)), et des patchs de renforcement [bioniques](https://en.wikipedia.org/wiki/Bionic_(software)) partiels. Les versions 17.1 et supérieures offrent l'option de GrapheneOS pour [rendre aléatoire les adresses MAC](https://en.wikipedia.org/wiki/MAC_address#Randomization) entre réseaux, le contrôle [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) et les options de redémarrage/coupure Wi-Fi/coupure Bluetooth automatique [sur délai](https://grapheneos.org/features). +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS utilise F-Droid comme magasin d'applications par défaut. Normalement, nous recommandons d'éviter F-Droid en raison de ses nombreux [problèmes de sécurité](#f-droid). Cependant, le faire sur DivestOS n'est pas viable ; les développeurs mettent à jour leurs applications via leurs propres dépôts F-Droid ([Official DivestOS](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) et [WebView DivestOS](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Nous recommandons de désactiver l'application officielle F-Droid et d'utiliser [Neo Store](https://github.com/NeoApplications/Neo-Store/) avec les dépôts DivestOS activés pour maintenir ces composants à jour. Pour les autres applications, nos méthodes recommandées pour les obtenir restent applicables. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning "Avertissement" @@ -75,21 +77,21 @@ DivestOS utilise F-Droid comme magasin d'applications par défaut. Normalement, ## Appareils Android -Lorsque vous achetez un appareil, nous vous recommandons d'en prendre un aussi neuf que possible. Les logiciels et les micrologiciels des appareils mobiles ne sont pris en charge que pour une durée limitée. L'achat de nouveaux appareils permet donc de prolonger cette durée de vie autant que possible. +When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Évitez d'acheter des téléphones auprès des opérateurs de réseaux mobiles. Ces derniers ont souvent un **chargeur d'amorçage verrouillé** et ne supportent pas le [déverrouillage constructeur](https://source.android.com/devices/bootloader/locking_unlocking). Ces variantes de téléphone vous empêcheront d'installer tout type de distribution Android alternative. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. -Soyez très **prudent** lorsque vous achetez des téléphones d'occasion sur des marchés en ligne. Vérifiez toujours la réputation du vendeur. Si l'appareil est volé, il est possible que l'[IMEI soit mis sur liste noire](https://www.gsma.com/security/resources/imei-blacklisting/). Il y a également un risque d'être associé à l'activité de l'ancien propriétaire. +Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. -Quelques conseils supplémentaires concernant les appareils Android et la compatibilité du système d'exploitation : +A few more tips regarding Android devices and operating system compatibility: -- N'achetez pas d'appareils qui ont atteint ou sont sur le point d'atteindre leur fin de vie, des mises à jour supplémentaires du micrologiciel doivent être fournies par le fabricant. -- N'achetez pas de téléphones LineageOS ou /e/ OS préchargés ou tout autre téléphone Android sans prise en charge adéquate de [Démarrage Vérifié](https://source.android.com/security/verifiedboot) et sans mises à jour du micrologiciel. En outre, ces appareils ne vous permettent pas de vérifier s'ils ont été manipulés. -- En bref, si un appareil ou une distribution Android ne figure pas dans cette liste, il y a probablement une bonne raison. Consultez notre [forum](https://discuss.privacyguides.net/) pour en savoir plus ! +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. +- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! ### Google Pixel -Les téléphones Google Pixel sont les **seuls** appareils dont nous recommandons l'achat. Les téléphones Pixel ont une sécurité matérielle plus forte que tous les autres appareils Android actuellement sur le marché, grâce à une prise en charge AVB adéquate pour les systèmes d'exploitation tiers et aux puces de sécurité personnalisées [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) de Google faisant office d'Elément Sécurisé. +Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element. !!! recommendation @@ -101,22 +103,22 @@ Les téléphones Google Pixel sont les **seuls** appareils dont nous recommandon [:material-shopping: Boutique](https://store.google.com/category/phones){ .md-button .md-button--primary } -Les Eléments Sécurisés comme le Titan M2 sont plus limités que le Trusted Execution Environment du processeur utilisé par la plupart des autres téléphones, car ils ne sont utilisés que pour le stockage des secrets, l'attestation matérielle et la limitation du débit, et non pour exécuter des programmes "de confiance". Les téléphones dépourvus d'un Elément Sécurisé doivent utiliser le TEE pour *toutes* ces fonctions, ce qui élargit la surface d'attaque. +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface. -Les téléphones Google Pixel utilisent un OS TEE appelé Trusty qui est [open-source](https://source.android.com/security/trusty#whyTrusty), contrairement à de nombreux autres téléphones. +Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -L'installation de GrapheneOS sur un téléphone Pixel est facile avec leur [installateur web](https://grapheneos.org/install/web). Si vous ne vous sentez pas à l'aise pour le faire vous-même et que vous êtes prêt à dépenser un peu plus d'argent, consultez le site [NitroPhone](https://shop.nitrokey.com/shop) car ils sont préchargés avec GrapheneOS et viennent de la société réputée [Nitrokey](https://www.nitrokey.com/about). +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. -Quelques conseils supplémentaires pour l'achat d'un Google Pixel : +A few more tips for purchasing a Google Pixel: -- Si vous cherchez une bonne affaire pour un appareil Pixel, nous vous suggérons d'acheter un modèle "**a**", juste après la sortie du prochain produit phare de la marque. Les remises sont généralement disponibles parce que Google essaie d'écouler son stock. -- Tenez compte des offres spéciales et réductions proposées par les magasins physiques. -- Consultez les sites communautaires de bonnes affaires en ligne dans votre pays. Ils peuvent vous signaler les bonnes ventes. -- Google fournit une liste indiquant le [cycle de support](https://support.google.com/nexus/answer/4457705) pour chacun de ses appareils. Le prix par jour d'un appareil peut être calculé comme suit :\text{Coût} - \text {Date fin de vie}-\text{Date du jour}$, ce qui signifie que plus l'utilisation de l'appareil est longue, plus le coût par jour est faible. +- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. +- Consider price beating options and specials offered at physical stores. +- Look at online community bargain sites in your country. These can alert you to good sales. +- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. ## Applications générales -Nous recommandons une grande variété d'applications Android sur ce site. Les applications répertoriées ici sont exclusives à Android et améliorent ou remplacent les principales fonctionnalités du système. +We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. ### Shelter @@ -163,17 +165,17 @@ Nous recommandons une grande variété d'applications Android sur ce site. Les a - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases) - [:material-cube-outline: Magasin d'application de GrapheneOS](https://github.com/GrapheneOS/Apps/releases) -Auditor effectue l'attestation et la détection d'intrusion : +Auditor performs attestation and intrusion detection by: -- A l'aide d'un modèle de [Confiance lors de la première utilisation (TOFU - Trust On First Use)](https://en.wikipedia.org/wiki/Trust_on_first_use) entre un *auditeur* et un *audité*, la paire établit une clé privée dans le trousseau [matériel](https://source.android.com/security/keystore/) d'*Auditor*. -- L'*auditeur* peut être une autre instance de l'application Auditor ou le [Service d'Attestation à Distance](https://attestation.app). -- L'*auditeur* enregistre l'état et la configuration actuels de l'*audité*. -- En cas d'altération du système d'exploitation de l'*audité* après l'appairage, l'auditeur sera informé de la modification de l'état et des configurations de l'appareil. -- Vous serez alerté de ce changement. +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). +- The *auditor* records the current state and configuration of the *auditee*. +- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. +- You will be alerted to the change. -Aucune information personnelle identifiable n'est soumise au service d'attestation. Nous vous recommandons de vous inscrire avec un compte anonyme et d'activer l'attestation à distance pour un contrôle continu. +No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. -Si votre [modèle de menace](basics/threat-modeling.md) nécessite une certaine confidentialité, vous pouvez envisager d'utiliser [Orbot](tor.md#orbot) ou un VPN pour cacher votre adresse IP au service d'attestation. Pour s'assurer de l'authenticité de votre matériel et de votre système d'exploitation, [effectuez une attestation locale](https://grapheneos.org/install/web#verifying-installation) immédiatement après l'installation de l'appareil et avant toute connexion à Internet. +If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection. ### Secure Camera @@ -195,11 +197,11 @@ Si votre [modèle de menace](basics/threat-modeling.md) nécessite une certaine - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) - [:material-cube-outline: Magasin d'application de GrapheneOS](https://github.com/GrapheneOS/Apps/releases) -Les principales caractéristiques de confidentialité comprennent : +Main privacy features include: -- Suppression automatique des métadonnées [Exif](https://en.wikipedia.org/wiki/Exif) (activée par défaut) -- Utilisation de la nouvelle API [Media](https://developer.android.com/training/data-storage/shared/media), donc les [autorisations de stockage](https://developer.android.com/training/data-storage) ne sont pas nécessaires -- L'autorisation microphone n'est pas nécessaire, sauf si vous souhaitez enregistrer des sons +- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required +- Microphone permission not required unless you want to record sound !!! note "À noter" @@ -232,11 +234,11 @@ Les principales caractéristiques de confidentialité comprennent : ### Magasin d'applications GrapheneOS -Le magasin d'applications de GrapheneOS est disponible sur [GitHub](https://github.com/GrapheneOS/Apps/releases). Il prend en charge Android 12 et plus et est capable de se mettre à jour. Le magasin d'applications contient des applications autonomes construites par le projet GrapheneOS, telles que [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), et [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Si vous recherchez ces applications, nous vous recommandons vivement de les obtenir à partir du magasin d'applications de GrapheneOS plutôt que du Play Store, car les applications de leur magasin sont signées par la signature du projet GrapheneOS à laquelle Google n'a pas accès. +GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. ### Aurora Store -Le Google Play Store nécessite un compte Google pour se connecter, ce qui n'est pas idéal pour la confidentialité. Vous pouvez contourner ce problème en utilisant un client alternatif, tel que Aurora Store. +The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store. !!! recommendation @@ -251,29 +253,29 @@ Le Google Play Store nécessite un compte Google pour se connecter, ce qui n'est - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store ne vous permet pas de télécharger des applications payantes grâce à sa fonction de compte anonyme. Vous pouvez éventuellement vous connecter avec votre compte Google sur Aurora Store pour télécharger les applications que vous avez achetées, ce qui donne accès à la liste des applications que vous avez installées à Google, mais vous bénéficiez toujours de l'avantage de ne pas avoir besoin du client Google Play complet et des services Google Play ou microG sur votre appareil. +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. ### Manuellement avec les notifications RSS -Pour les applications publiées sur des plateformes telles que GitHub et GitLab, vous pouvez ajouter un flux RSS à votre [agrégateur d'actualités](/news-aggregators) qui vous aidera à suivre les nouvelles versions. +For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases. -![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![Notes de version APK](./assets/img/android/rss-changes-light.png#only-light) ![Notes de version APK](./assets/img/android/rss-changes-dark.png#only-dark) +![APK RSS](./assets/img/android/rss-apk-light.png#only-light) ![APK RSS](./assets/img/android/rss-apk-dark.png#only-dark) ![Notes de version APK](./assets/img/android/rss-changes-light.png#only-light) ![Notes de version APK](./assets/img/android/rss-changes-dark.png#only-dark) #### GitHub -Sur GitHub, en prenant l'exemple de [Secure Camera](#secure-camera), vous naviguez vers sa [page de publications](https://github.com/GrapheneOS/Camera/releases) et ajoutez `.atom` à l'URL : +On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: `https://github.com/GrapheneOS/Camera/releases.atom` #### GitLab -Sur GitLab, en prenant l'exemple de [Aurora Store](#aurora-store) , vous naviguez vers son [dépôt de projet](https://gitlab.com/AuroraOSS/AuroraStore) et ajoutez `/-/tags?format=atom` à l'URL : +On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL: `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` #### Vérifier les empreintes numériques des APK -Si vous téléchargez des fichiers APK à installer manuellement, vous pouvez vérifier leur signature à l'aide de l'outil [`apksigner`](https://developer.android.com/studio/command-line/apksigner), qui fait partie des [build-tools](https://developer.android.com/studio/releases/build-tools) d'Android. +If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). 1. Installez [Java JDK](https://www.oracle.com/java/technologies/downloads/). @@ -306,13 +308,13 @@ Si vous téléchargez des fichiers APK à installer manuellement, vous pouvez v ![Logo F-Droid](assets/img/android/f-droid.svg){ align=right width=120px } -==Nous ne recommandons **pas** actuellement F-Droid comme moyen d'obtenir des applications.== F-Droid est souvent recommandé comme une alternative à Google Play, en particulier dans la communauté de la vie privée. La possibilité d'ajouter des dépôts tiers et de ne pas être confiné au jardin clos de Google a conduit à sa popularité. F-Droid dispose en outre de [versions reproductibles](https://f-droid.org/en/docs/Reproducible_Builds/) pour certaines applications et est dédié aux logiciels libres et open-source. Cependant, il y a des [problèmes notables](https://privsec.dev/posts/android/f-droid-security-issues/) avec le client officiel F-Droid, leur contrôle de qualité, et la façon dont ils construisent, signent, et livrent les paquets. +==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages. -En raison de leur processus de construction d'applications, les applications du dépôt officiel de F-Droid sont souvent en retard sur les mises à jour. Les mainteneurs de F-Droid réutilisent également les identifiants des paquets tout en signant les applications avec leurs propres clés, ce qui n'est pas idéal car cela donne à l'équipe F-Droid une confiance ultime. +Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. -D'autres dépôts tiers populaires tels que [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) atténuent certains de ces problèmes. Le dépôt IzzyOnDroid récupère les versions directement depuis GitHub et constitue la meilleure alternative aux dépôts des développeurs. Cependant, ce n'est pas quelque chose que nous pouvons recommander, car les applications sont généralement [retirées](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) de ce dépôt lorsqu'elles arrivent dans le dépôt principal de F-Droid. Bien que cela soit logique (puisque le but de ce dépôt particulier est d'héberger des applications avant qu'elles ne soient acceptées dans le dépôt principal de F-Droid), cela peut vous laisser avec des applications installées qui ne reçoivent plus de mises à jour. +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. -Cela dit, les dépôts [F-Droid](https://f-droid.org/en/packages/) et [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) abritent d'innombrables applications. Ils peuvent donc être un outil utile pour rechercher et découvrir des applications open-source que vous pouvez ensuite télécharger via le Play Store, Aurora Store ou en obtenant l'APK directement auprès du développeur. Il est important de garder à l'esprit que certaines applications de ces dépôts n'ont pas été mises à jour depuis des années et peuvent s'appuyer sur des bibliothèques non prises en charge, entre autres, ce qui constitue un risque potentiel pour la sécurité. Vous devez faire preuve de discernement lorsque vous recherchez de nouvelles applications par cette méthode. +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. !!! note "À noter" @@ -329,25 +331,23 @@ Cela dit, les dépôts [F-Droid](https://f-droid.org/en/packages/) et [IzzyOnDro ### Systèmes d'exploitation - Doit être un logiciel open source. -- Doit prendre en charge le verrouillage du chargeur d'amorçage avec prise en charge d'une clé AVB personnalisée. -- Doit recevoir les mises à jour majeures d'Android dans le mois suivant leur publication. -- Doit recevoir les mises à jour des fonctionnalités d'Android (version mineure) dans les 14 jours suivant leur publication. -- Doit recevoir les correctifs de sécurité réguliers dans les 5 jours suivant leur publication. -- Ne doit **pas** être fourni "rooté". -- Ne doit **pas** activer Google Play Services par défaut. -- Ne doit **pas** nécessiter une modification du système pour prendre en charge les Google Play Services. +- Must support bootloader locking with custom AVB key support. +- Must receive major Android updates within 0-1 months of release. +- Must receive Android feature updates (minor version) within 0-14 days of release. +- Must receive regular security patches within 0-5 days of release. +- Must **not** be "rooted" out of the box. +- Must **not** enable Google Play Services by default. +- Must **not** require system modification to support Google Play Services. ### Appareils -- Doit prendre en charge au moins l'un des systèmes d'exploitation personnalisés que nous recommandons. -- Doit être actuellement vendu neuf en magasin. -- Doit recevoir un minimum de 5 ans de mises à jour de sécurité. -- Doit disposer d'un matériel dédié aux éléments sécurisés. +- Must support at least one of our recommended custom operating systems. +- Must be currently sold new in stores. +- Must receive a minimum of 5 years of security updates. +- Must have dedicated secure element hardware. ### Applications -- Les applications de cette page ne doivent pas être applicables à une autre catégorie de logiciels sur le site. -- Les applications générales doivent étendre ou remplacer les fonctionnalités de base du système. -- Les applications doivent être régulièrement mises à jour et entretenues. - ---8<-- "includes/abbreviations.fr.txt" +- Applications on this page must not be applicable to any other software category on the site. +- General applications should extend or replace core system functionality. +- Applications should receive regular updates and maintenance. diff --git a/i18n/fr/basics/account-creation.md b/i18n/fr/basics/account-creation.md index 8f59cb3d9..02c356d0b 100644 --- a/i18n/fr/basics/account-creation.md +++ b/i18n/fr/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Création de compte" icon: 'material/account-plus' +description: La création de comptes en ligne est pratiquement une nécessité sur internet, prenez ces mesures pour vous assurer de rester privé. --- Souvent, les gens s'inscrivent à des services sans réfléchir. Il s'agit peut-être d'un service de streaming qui vous permet de regarder la nouvelle émission dont tout le monde parle, ou d'un compte qui vous permet de bénéficier d'une réduction dans votre fast-food préféré. Quoi qu'il en soit, vous devez tenir compte des implications pour vos données, maintenant et plus tard. @@ -78,5 +79,3 @@ Dans de nombreux cas, vous devrez fournir un numéro à partir duquel vous pourr ### Nom d'utilisateur et mot de passe Certains services vous permettent de vous inscrire sans utiliser d'adresse électronique et vous demandent seulement de définir un nom d'utilisateur et un mot de passe. Ces services peuvent offrir un anonymat accru lorsqu'ils sont associés à un VPN ou à Tor. Gardez à l'esprit que pour ces comptes, il n'y aura très probablement **aucun moyen de récupérer votre compte** au cas où vous oublieriez votre nom d'utilisateur ou votre mot de passe. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/account-deletion.md b/i18n/fr/basics/account-deletion.md index e248e6167..f775eceef 100644 --- a/i18n/fr/basics/account-deletion.md +++ b/i18n/fr/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Suppression de compte" icon: 'material/account-remove' +description: Il est facile d'accumuler un grand nombre de comptes internet. Voici quelques conseils pour élaguer votre collection. --- Au fil du temps, il est facile d'accumuler un certain nombre de comptes en ligne, dont beaucoup ne sont peut-être plus utilisés. La suppression de ces comptes inutilisés est une étape importante dans la récupération de votre vie privée, car les comptes inactifs sont vulnérables aux fuites de données. Il y a une fuite des données lorsque la sécurité d'un service est compromise et que des informations protégées sont consultées, transmises ou volées par des acteurs non autorisés. Les fuites de données sont malheureusement [très fréquentes](https://haveibeenpwned.com/PwnedWebsites) de nos jours, et donc le meilleur moyen de minimiser l'impact qu'elles ont sur votre vie et de pratiquer une bonne hygiène numérique. L'objectif de ce guide est donc de vous aider à traverser le processus fastidieux de la suppression d'un compte, souvent rendu difficile à cause du [dark pattern](https://www.deceptive.design/), une pratique que certains services utilisent afin que vous abandonniez l'idée de supprimer votre compte. @@ -59,5 +60,3 @@ Même lorsque vous êtes en mesure de supprimer un compte, il n'y a aucune garan ## Éviter la création de nouveaux comptes Comme le dit le vieil adage, "Mieux vaut prévenir que guérir". Chaque fois que vous êtes tenté de vous inscrire à un nouveau service ou site web, demandez-vous : "En ai-je vraiment besoin ? Puis-je accomplir ce dont j'ai besoin sans compte ?" Il est souvent beaucoup plus difficile de supprimer un compte que d'en créer un. Et même après avoir supprimé ou modifié les informations sur votre compte, il se peut qu'il existe une version en cache provenant d'un tiers, comme [Internet Archive](https://archive.org/). Évitez la tentation quand vous le pouvez - votre futur vous en remerciera ! - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/common-misconceptions.md b/i18n/fr/basics/common-misconceptions.md index a3a68ae59..22bb91321 100644 --- a/i18n/fr/basics/common-misconceptions.md +++ b/i18n/fr/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Idées reçues" icon: 'material/robot-confused' +description: La protection de la vie privée n'est pas un sujet simple, et il est facile de se laisser piéger par les affirmations marketing et autres désinformations. --- ## "Les logiciels libres et open-source sont toujours sécurisés" ou "Les logiciels propriétaires sont plus sécurisé" @@ -56,6 +57,4 @@ Les modèles de menace les plus clairs sont ceux où les gens *savent qui vous L'utilisation de Tor peut y contribuer. Il convient également de noter qu'un plus grand anonymat est possible grâce à la communication asynchrone : La communication en temps réel est vulnérable à l'analyse des habitudes de frappe (c'est-à-dire plus d'un paragraphe de texte, diffusé sur un forum, par e-mail, etc.) ---8<-- "includes/abbreviations.fr.txt" - [^1]: Un exemple notable est l'[incident de 2021 dans lequel des chercheurs de l'Université du Minnesota ont introduit trois vulnérabilités dans le projet de développement du noyau Linux](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/fr/basics/common-threats.md b/i18n/fr/basics/common-threats.md index a6e3a11c4..e27488c0d 100644 --- a/i18n/fr/basics/common-threats.md +++ b/i18n/fr/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Menaces courantes" icon: 'material/eye-outline' +description: Votre modèle de menace vous est personnel, mais ce sont là quelques-unes des questions qui préoccupent de nombreux visiteurs de ce site. --- Pour faire simple, nous classons nos recommandations dans ces catégories générales de [menaces](threat-modeling.md) ou d'objectifs qui s'appliquent à la plupart des gens. ==Vous pouvez vous sentir concerné par une, plusieurs, toutes, ou bien aucune de ces possibilités==. Les outils et les services que vous utilisez dépendent également de vos objectifs. Il est possible que vous ayez des menaces spécifiques ne rentrant dans aucune de ces catégories, ce qui est tout à fait normal ! L'important est de bien comprendre les avantages et les inconvénients des outils que vous choisissez d'utiliser, car pratiquement aucun d'entre eux ne vous protégera contre toutes les menaces possibles. @@ -140,8 +141,6 @@ Les personnes concernées par la menace de la censure peuvent utiliser des techn Vous devez toujours tenir compte des risques encourus en essayant de contourner la censure, des conséquences potentielles et du degré de sophistication de votre adversaire. Soyez très prudent dans le choix de vos logiciels et prévoyez un plan de secours au cas où vous seriez pris. ---8<-- "includes/abbreviations.fr.txt" - [^1]: Commission de surveillance de la vie privée et des libertés civiles des États-Unis : [Rapport sur le programme d'enregistrements téléphoniques mené en vertu de la section 215](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^2]: Conseil de surveillance de la vie privée et des libertés civiles des États-Unis : [*Rapport sur le programme d'enregistrements téléphoniques mené en vertu de la section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipédia : [*Capitalisme de surveillance*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/fr/basics/email-security.md b/i18n/fr/basics/email-security.md index ccfe4d448..bb5394e72 100644 --- a/i18n/fr/basics/email-security.md +++ b/i18n/fr/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Sécurité des emails icon: material/email +description: L'email est intrinsèquement peu sûr à bien des égards, et voici quelques-unes des raisons pour lesquelles il n'est pas notre premier choix en matière de communications sécurisées. --- Le courrier électronique est une forme de communication non sécurisée par défaut. Vous pouvez améliorer la sécurité de votre courrier électronique avec des outils tels que OpenPGP, qui ajoute un chiffrement de bout en bout à vos messages, mais OpenPGP présente toujours un certain nombre d'inconvénients par rapport au chiffrement dans d'autres applications de messagerie, et certaines données de courrier électronique ne peuvent jamais être chiffrées de manière inhérente en raison de la manière dont le courrier électronique est conçu. @@ -38,5 +39,3 @@ Les métadonnées des emails sont protégées des observateurs extérieurs par l ### Pourquoi les métadonnées ne peuvent-elles pas être E2EE? Les métadonnées des emails sont essentielles à la fonctionnalité la plus élémentaire d'un email (d'où il vient et où il doit aller). À l'origine, l'E2EE n'était pas intégré dans les protocoles d'emails, mais nécessitait un logiciel complémentaire comme OpenPGP. Comme les messages OpenPGP doivent toujours fonctionner avec les fournisseurs d'emails traditionnels, il ne peut pas chiffrer les métadonnées du mail, mais seulement le corps du message lui-même. Cela signifie que, même en utilisant OpenPGP, des observateurs extérieurs peuvent voir de nombreuses informations sur vos messages, comme l'identité de l'expéditeur, l'objet du message, le moment de l'envoi, etc. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/multi-factor-authentication.md b/i18n/fr/basics/multi-factor-authentication.md index 75df6d712..0fdd50b46 100644 --- a/i18n/fr/basics/multi-factor-authentication.md +++ b/i18n/fr/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Authentification multi-facteurs" icon: 'material/two-factor-authentication' +description: MFA est un mécanisme de sécurité essentiel pour sécuriser vos comptes en ligne, mais certaines méthodes sont plus efficaces que d'autres. --- L'**Authentification Multi-Facteurs** (**MFA**) est un mécanisme de sécurité qui exige des étapes supplémentaires au-delà de la saisie du nom d'utilisateur (ou de l'email) et du mot de passe. La méthode la plus courante est celle des codes à durée limitée que vous pouvez recevoir par SMS ou par une application. @@ -162,5 +163,3 @@ La MFA par SSH peut également être configurée en utilisant TOTP. DigitalOcean ### KeePass (et KeePassXC) Les bases de données KeePass et KeePassXC peuvent être sécurisées en utilisant Challenge-Response ou HOTP comme second facteur d'authentification. Yubico a fourni un tutoriel pour KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) et il y en a également un autre sur le site [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) . - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/passwords-overview.md b/i18n/fr/basics/passwords-overview.md index 4f6fc80fd..b076fddb7 100644 --- a/i18n/fr/basics/passwords-overview.md +++ b/i18n/fr/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction aux mots de passe" icon: 'material/form-textbox-password' +description: Voici quelques conseils et astuces pour créer des mots de passe plus forts et sécuriser vos comptes. --- Les mots de passe sont un élément essentiel de notre vie numérique quotidienne. Nous les utilisons pour protéger nos comptes, nos appareils et nos secrets. Bien qu'ils soient souvent la seule chose qui nous sépare d'un adversaire qui en veut à nos informations privées, ils ne font pas l'objet d'une réflexion approfondie, ce qui conduit souvent les gens à utiliser des mots de passe faciles à deviner ou à forcer. @@ -108,5 +109,3 @@ Il existe de nombreuses options intéressantes, qu'elles soient basées sur le c ### Sauvegardes Vous devriez conserver une sauvegarde [chiffrée](../encryption.md) de vos mots de passe sur plusieurs dispositifs de stockage ou sur un fournisseur de stockage cloud. Cela peut vous aider à accéder à vos mots de passe si quelque chose arrive à votre appareil principal ou au service que vous utilisez. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/threat-modeling.md b/i18n/fr/basics/threat-modeling.md index 68ac24a6e..5c0e64d52 100644 --- a/i18n/fr/basics/threat-modeling.md +++ b/i18n/fr/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Modélisation des menaces" icon: 'material/target-account' +description: Trouver le bon équilibre entre la sécurité, la confidentialité et la commodité est l'une des premières et plus difficiles tâches que vous aurez à accomplir dans votre parcours pour regagner votre vie privée en ligne. --- Trouver le bon équilibre entre la sécurité, la confidentialité et la commodité est l'une des premières et plus difficiles tâches que vous aurez à accomplir dans votre parcours pour regagner votre vie privée en ligne. Tout est une histoire de compromis : plus quelque chose est sécurisé, plus il est limité ou peu pratique, etc. Souvent, les gens trouvent que le problème avec les outils qui leurs sont recommandés est qu'ils sont trop difficiles à utiliser ! @@ -107,5 +108,3 @@ Pour les personnes qui cherchent à améliorer leur vie privée et leur sécurit ## Sources - [EFF Surveillance Self Defense: votre plan de sécurité](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/vpn-overview.md b/i18n/fr/basics/vpn-overview.md index c3339467a..f3e1bdcfa 100644 --- a/i18n/fr/basics/vpn-overview.md +++ b/i18n/fr/basics/vpn-overview.md @@ -1,6 +1,7 @@ --- title: Introduction aux VPNs icon: material/vpn +description: Les réseaux privés virtuels déplacent le risque de votre FAI à un tiers en qui vous avez confiance. Vous devriez garder ces éléments à l'esprit. --- Les Réseaux Privés Virtuels sont un moyen d'étendre l'extrémité de votre réseau à une sortie située ailleurs dans le monde. Un Fournisseur d'Accès Internet (FAI) peut voir le flux du trafic internet qui entre et sort de votre dispositif de terminaison de réseau (c'est-à-dire la box/modem). @@ -74,5 +75,3 @@ Pour des situations comme celles-ci, ou si vous avez une autre raison impérieus - [Enquête sur les Applications VPN Gratuites](https://www.top10vpn.com/free-vpn-app-investigation/) - [Les propriétaires inconnus des VPNs dévoilés : 101 produits VPN gérés par seulement 23 sociétés](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [Cette société chinoise est secrètement à l'origine de 24 applications populaires qui cherchent à obtenir des autorisations dangereuses](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/calendar.md b/i18n/fr/calendar.md index de9deaeaa..1a90a26af 100644 --- a/i18n/fr/calendar.md +++ b/i18n/fr/calendar.md @@ -1,6 +1,7 @@ --- title: "Synchronisation de calendrier" icon: material/calendar +description: Les calendriers contiennent certaines de vos données les plus sensibles ; utilisez des produits qui implémentent le chiffrement au repos. --- Les calendriers contiennent certaines de vos données les plus sensibles ; utilisez des produits qui mettent en œuvre l'E2EE au repos pour empêcher un fournisseur de les lire. @@ -67,5 +68,3 @@ Les calendriers contiennent certaines de vos données les plus sensibles ; utili Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet parfait dans cette catégorie. Nos recommandations peuvent ne pas inclure tout ou partie de cette fonctionnalité, mais celles qui l'inclus peuvent être mieux classées que les autres sur cette page. - Doit s'intégrer aux applications natives de gestion des contacts et de calendrier du système d'exploitation, le cas échéant. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/cloud.md b/i18n/fr/cloud.md index dbebe3f7d..e3a5a0d83 100644 --- a/i18n/fr/cloud.md +++ b/i18n/fr/cloud.md @@ -1,6 +1,7 @@ --- title: "Stockage cloud" icon: material/file-cloud +description: De nombreux fournisseurs de stockage cloud nécessitent que vous leur fassiez confiance pour ne pas consulter vos fichiers. Voici des alternatives privées ! --- De nombreux fournisseurs de stockage cloud nécessitent que vous leur fassiez entièrement confiance pour ne pas consulter vos fichiers. Les alternatives énumérées ci-dessous éliminent le besoin de confiance en vous mettant en position de contrôle de vos données ou en implémentant le chiffrement de bout en bout (E2EE). @@ -29,7 +30,6 @@ Si ces alternatives ne répondent pas à vos besoins, nous vous suggérons de vo - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Les clients mobiles de Proton Drive ont été publiés en décembre 2022 et ne sont pas encore open-source. Proton a toujours retardé la publication de son code source jusqu'à la sortie initiale du produit, et [prévoit de](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) publier le code source d'ici la fin 2023. Les clients de bureau de Proton Drive sont toujours en cours de développement. ## Critères @@ -58,5 +58,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Ces clients doivent s'intégrer aux outils natifs du système d'exploitation pour les fournisseurs de stockage cloud, comme l'intégration de l'application Fichiers sur iOS, ou la fonctionnalité DocumentsProvider sur Android. - Doit permettre de partager facilement des fichiers avec d'autres utilisateurs. - Doit offrir au moins une fonctionnalité de base d'aperçu et d'édition de fichiers sur l'interface web. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/cryptocurrency.md b/i18n/fr/cryptocurrency.md new file mode 100644 index 000000000..d8922b541 --- /dev/null +++ b/i18n/fr/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Crypto-monnaie +icon: material/bank-circle +--- + +Effectuer des paiements en ligne est l'un des plus grands défis en matière de protection de la vie privée. Ces crypto-monnaies garantissent par défaut la confidentialité des transactions (ce qui n'est **pas** garanti par la majorité des crypto-monnaies), à condition que vous ayez une bonne compréhension de la façon d'effectuer des paiements privés de manière efficace. Nous vous encourageons vivement à lire notre article sur les paiements avant d'effectuer tout achat : + +[Effectuer des paiements privés :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger "Danger" + + De nombreux projets de crypto-monnaies, voire la plupart, sont des escroqueries. Effectuez des transactions avec prudence, uniquement avec des projets auxquels vous faites confiance. + +## Monero + +!!! recommendation + + ![Logo Monero](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** utilise une chaîne de blocs avec des technologies de protection de la vie privée qui obscurcissent les transactions afin d'obtenir un anonymat. Chaque transaction Monero cache le montant de la transaction, les adresses d'envoi et de réception, ainsi que la source des fonds, sans aucune difficulté, ce qui en fait un choix idéal pour les novices en matière de crypto-monnaies. + + [:octicons-home-16: Page d'accueil](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Code source" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribuer } + +Avec Monero, les observateurs extérieurs ne peuvent pas déchiffrer les adresses qui échangent des Monero, les montants des transactions, les soldes des adresses ou l'historique des transactions. + +Pour une confidentialité optimale, assurez-vous d'utiliser un portefeuille sans garde, où la clé de visualisation reste sur l'appareil. Cela signifie que vous êtes le seul à pouvoir dépenser vos fonds et à voir les transactions entrantes et sortantes. Si vous utilisez un portefeuille de garde, le fournisseur peut voir **tout** ce que vous faites ; si vous utilisez un portefeuille "léger" dans lequel le fournisseur conserve votre clé privée, il peut voir presque tout ce que vous faites. Parmi les portefeuilles non gardiens, on peut citer : + +- [le client Monero officiel](https://getmonero.org/downloads) (bureau) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet prend en charge plusieurs crypto-monnaies. Une version de Cake Wallet réservée aux utilisateurs de Monero est disponible sur [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (bureau) +- [Monerujo](https://www.monerujo.io/) (Android) + +Pour une confidentialité maximale (même avec un portefeuille sans garde), vous devriez utiliser votre propre nœud Monero. L'utilisation du nœud d'une autre personne expose certaines informations, telles que l'adresse IP à partir de laquelle vous vous connectez, les heures auxquelles vous synchronisez votre portefeuille et les transactions que vous envoyez à partir de votre portefeuille (mais pas d'autres détails sur ces transactions). Vous pouvez également vous connecter au nœud Monero de quelqu'un d'autre via Tor ou i2p. + +En août 2021, CipherTrace [a annoncé](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) des capacités de traçage de Monero améliorées pour les agences gouvernementales. Des publications publiques montrent que le Financial Crimes Enforcement Network du département du Trésor américain [a accordé une licence à](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace pour son "module Monero" à la fin de l'année 2022. + +La confidentialité du graphe des transactions Monero est limitée par son cercle de signatures relativement petit, en particulier contre les attaques ciblées. Les caractéristiques de confidentialité de Monero ont également été [remises en question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) par certains chercheurs en sécurité, et un certain nombre de vulnérabilités graves ont été trouvées et corrigées dans le passé, de sorte que les affirmations faites par des organisations comme CipherTrace ne sont pas hors de question. S'il est peu probable qu'il existe des outils de surveillance de masse de Monero comme il en existe pour le Bitcoin et d'autres, il est certain que les outils de traçage facilitent les enquêtes ciblées. + +En fin de compte, Monero est la crypto-monnaie la plus respectueuse de la vie privée, mais ses revendications en matière de confidentialité **n'ont pas** été prouvées de manière définitive. Plus de temps et de recherche sont nécessaires pour évaluer si le Monero est suffisamment résistant aux attaques pour toujours offrir une protection adéquate de la vie privée. + +## Critères + +**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous. + +!!! example "Cette section est récente" + + Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours. + +- La crypto-monnaie doit offrir des transactions privées/intraçables par défaut. diff --git a/i18n/fr/data-redaction.md b/i18n/fr/data-redaction.md index 9854f3598..753659249 100644 --- a/i18n/fr/data-redaction.md +++ b/i18n/fr/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Rédaction de données et de métadonnées" icon: material/tag-remove +description: Utilisez ces outils pour supprimer les métadonnées telles que la position GPS et d'autres informations d'identification des photos et des fichiers que vous partagez. --- Lorsque vous partagez des fichiers, veillez à supprimer les métadonnées associées. Les fichiers d'image comprennent généralement des données [Exif](https://en.wikipedia.org/wiki/Exif) . Les photos comportent parfois même des coordonnées GPS dans les métadonnées du fichier. @@ -142,5 +143,3 @@ L'application offre plusieurs façons d'effacer les métadonnées des images. À - Les applications développées pour les systèmes d'exploitation open source doivent être open source. - Les applications doivent être gratuites et ne doivent pas comporter de publicités ou d'autres limitations. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/desktop-browsers.md b/i18n/fr/desktop-browsers.md index 62913c4c9..d1befa49a 100644 --- a/i18n/fr/desktop-browsers.md +++ b/i18n/fr/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Navigateurs de bureau" icon: material/laptop +description: Firefox et Brave sont nos recommandations pour la navigation standard/non anonyme. --- Ce sont les navigateurs web de bureau et les configurations que nous recommandons actuellement pour une navigation classique/non anonyme. Si vous avez besoin de naviguer anonymement sur Internet, vous devriez plutôt utiliser [Tor](tor.md). D'une manière générale, nous vous recommandons de limiter au maximum les extensions de votre navigateur ; elles ont un accès privilégié dans votre navigateur, vous obligent à faire confiance au développeur, peuvent vous faire [sortir du lot](https://fr.wikipedia.org/wiki/Empreinte_digitale_d%27appareil), et [affaiblir](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) l'isolation des sites. @@ -189,7 +190,7 @@ Dans le menu *Système* La [Synchronisation Brave](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) permet à vos données de navigation (historique, signets, etc.) d'être accessibles sur tous vos appareils sans nécessiter de compte et les protège avec E2EE. -## Ressources Supplémentaires +## Ressources supplémentaires Nous ne recommandons généralement pas l'installation d'extensions, car elles augmentent votre surface d'attaque. Cependant, uBlock Origin peut s'avérer utile si vous appréciez la fonctionnalité de blocage de contenu. @@ -257,6 +258,4 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Ne doit pas dupliquer une fonctionnalité intégrée dans le navigateur ou dans le système d'exploitation. - Doit avoir un impact direct sur la vie privée des utilisateurs, c'est-à-dire qu'il ne doit pas simplement fournir des informations. ---8<-- "includes/abbreviations.fr.txt" - [^1]: L'implémentation de Brave est détaillée dans [Mises à jour de la confidentialité de Brave : Partitionnement de l'état du réseau pour la confidentialité](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/fr/desktop.md b/i18n/fr/desktop.md index c72388f7c..69a17a787 100644 --- a/i18n/fr/desktop.md +++ b/i18n/fr/desktop.md @@ -1,6 +1,7 @@ --- title: "Bureau/PC" icon: simple/linux +description: Les distributions Linux sont généralement recommandées pour la protection de la vie privée et la liberté logicielle. --- Les distributions Linux sont généralement recommandées pour la protection de la vie privée et la liberté logicielle. Si vous n'utilisez pas encore Linux, vous trouverez ci-dessous quelques distributions que nous vous suggérons d'essayer, ainsi que des conseils généraux d'amélioration de la sécurité et de la confidentialité qui s'appliquent à de nombreuses distributions Linux. @@ -179,5 +180,3 @@ Nos systèmes d'exploitation recommandés : - Doitvent prendre en charge le chiffrement complet du disque pendant l'installation. - Ne doivent pas geler les mises à jour régulières pendant plus d'un an. Nous [ne recommandons pas](os/linux-overview.md#release-cycle) "Long Term Support" ou les versions "stables" de distro pour une utilisation domestique. - Doivent prendre en charge une grande variété de matériel. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/dns.md b/i18n/fr/dns.md index 5bb60e9d9..ce6c32b44 100644 --- a/i18n/fr/dns.md +++ b/i18n/fr/dns.md @@ -1,15 +1,14 @@ --- title: "Résolveurs DNS" icon: material/dns +description: Voici quelques fournisseurs de DNS chiffrés que nous vous recommandons d'utiliser pour remplacer la configuration par défaut de votre FAI. --- -!!! question "Devrais-je utiliser un DNS chiffré ?" +Les DNS cryptés avec des serveurs tiers ne doivent être utilisés que pour contourner le blocage DNS de base [](https://en.wikipedia.org/wiki/DNS_blocking) lorsque vous pouvez être sûr qu'il n'y aura pas de conséquences. Le DNS chiffré ne vous aidera pas à dissimuler vos activités de navigation. - Le DNS chiffré avec des serveurs tiers ne doit être utilisé que pour contourner le [blocage DNS](https://en.wikipedia.org/wiki/DNS_blocking) de base lorsque vous êtes certain qu'il n'y aura pas de conséquences. Le DNS chiffré ne vous aidera pas à dissimuler vos activités de navigation. - - [En savoir plus sur le DNS](advanced/dns-overview.md){ .md-button } +[En savoir plus sur DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} -## Fournisseurs Recommandés +## Fournisseurs recommandés | Fournisseur DNS | Politique de confidentialité | Protocoles | Journalisation | ECS | Filtrage | | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | --------------- | --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -132,8 +131,6 @@ Une solution DNS auto-hébergée est utile pour assurer le filtrage sur les plat [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Code source" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribuer } ---8<-- "includes/abbreviations.fr.txt" - [^1]: AdGuard stocke des mesures de performance agrégées de ses serveurs DNS, à savoir le nombre de demandes complètes adressées à un serveur particulier, le nombre de demandes bloquées et la vitesse de traitement des demandes. Ils conservent et stockent également la base de données des domaines demandés dans les dernières 24 heures. "Nous avons besoin de ces informations pour identifier et bloquer les nouveaux traqueurs et menaces." "Nous enregistrons également le nombre de fois où tel ou tel traqueur a été bloqué. Nous avons besoin de ces informations pour supprimer les règles obsolètes de nos filtres." [https://adguard.com/fr/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare ne collecte et ne stocke que les données limitées des requêtes DNS qui sont envoyées au résolveur 1.1.1.1. Le service de résolution 1.1.1.1 n'enregistre pas de données personnelles, et la majeure partie des données de requête limitées et non personnellement identifiables n'est stockée que pendant 25 heures. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D n'enregistre que les résolveurs Premium avec des profils DNS personnalisés. Les résolveurs libres n'enregistrent pas de données. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/fr/email-clients.md b/i18n/fr/email-clients.md index f51236666..8ce295764 100644 --- a/i18n/fr/email-clients.md +++ b/i18n/fr/email-clients.md @@ -1,6 +1,7 @@ --- title: "Logiciels de messagerie électronique" icon: material/email-open +description: Ces clients d'email respectent la vie privée et prennent en charge le chiffrement OpenPGP. --- Notre liste de recommandations contient des clients de messagerie qui prennent en charge à la fois [OpenPGP](encryption.md#openpgp) et l'authentification forte telle que [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth vous permet d'utiliser l'[Authentification à Multi-Facteurs](multi-factor-authentication) et d'empêcher le vol de compte. @@ -235,5 +236,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Ne doit pas collecter de télémétrie par défaut. - Doit prendre en charge OpenPGP nativement, c'est-à-dire sans extensions. - Doit prendre en charge le stockage local de courriels chiffrés par OpenPGP. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/email.md b/i18n/fr/email.md index 09b04fe2a..f52c3fcfd 100644 --- a/i18n/fr/email.md +++ b/i18n/fr/email.md @@ -1,23 +1,36 @@ --- -title: "Services de messagerie électronique" +title: "Services d'email" icon: material/email +description: Ces fournisseurs d'email constituent un excellent moyen de stocker vos emails en toute sécurité, et nombre d'entre eux proposent un système de chiffrement OpenPGP interopérable avec d'autres fournisseurs. --- -Le courriel est pratiquement une nécessité pour utiliser n'importe quel service en ligne, mais nous ne le recommandons pas pour les conversations de personne à personne. Plutôt que d'utiliser le courriel pour contacter d'autres personnes, envisagez d'utiliser un support de messagerie instantanée qui prend en charge le secret de transfert. +L'email est pratiquement une nécessité pour utiliser n'importe quel service en ligne, mais nous ne le recommandons pas pour les conversations de particulier à particulier. Plutôt que d'utiliser l'email pour contacter d'autres personnes, envisagez d'utiliser un support de messagerie instantanée qui prend en charge la confidentialité persistante. [Messageries instantanées recommandées](real-time-communication.md ""){.md-button} -Pour tout le reste, nous recommandons une variété de fournisseurs de messagerie électronique en fonction de la viabilité de leur modèle économique et de leurs fonctions intégrées de sécurité et de confidentialité. +Pour tout le reste, nous recommandons une variété de fournisseurs d'email en fonction de la viabilité de leur modèle économique et de leurs fonctions intégrées de sécurité et de confidentialité. -## Fournisseurs recommandés +- [Fournisseurs d'emails compatibles avec OpenPGP :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Autres fournisseurs chiffrés :material-arrow-right-drop-circle:](#more-providers) +- [Services d'alias d'email :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Options d'auto-hébergement :material-arrow-right-drop-circle:](#self-hosting-email) -Ces fournisseurs prennent en charge le chiffrement/déchiffrement OpenPGP nativement, ce qui permet d'envoyer des e-mails chiffrés de bout en bout (E2EE) indépendamment du fournisseur. Par exemple, un utilisateur de Proton Mail peut envoyer un message E2EE à un utilisateur de Mailbox.org, ou vous pouvez recevoir des notifications chiffrées par OpenPGP de la part de services internet qui le supportent. +## Services compatibles avec OpenPGP + +Ces fournisseurs prennent en charge de manière native le chiffrement/déchiffrement par OpenPGP et la norme WKD (Web Key Directory), ce qui permet d'obtenir des emails E2EE indépendamment du fournisseur. Par exemple, un utilisateur de Proton Mail peut envoyer un message E2EE à un utilisateur de Mailbox.org, ou vous pouvez recevoir des notifications chiffrées par OpenPGP de la part de services internet qui le supportent. + +
+ +- ![Logo Proton Mail](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Logo Mailbox.org](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning "Avertissement" - Lors de l'utilisation d'une technologie E2EE telle que OpenPGP, le courrier électronique contiendra toujours certaines métadonnées non chiffrées dans l'en-tête du courrier. En savoir plus sur les [métadonnées de messagerie](basics/email-security.md#email-metadata-overview). + Lors de l'utilisation d'une technologie E2EE telle que OpenPGP, l'email contiendra toujours certaines métadonnées non chiffrées dans l'en-tête. En savoir plus sur les [métadonnées des emails](basics/email-security.md#email-metadata-overview). - OpenPGP ne prend pas non plus en charge le secret de transfert, ce qui signifie que si votre clé privée ou celle du destinataire est volée, tous les messages précédents chiffrés avec elle seront exposés. [Comment protéger mes clés privées ?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP ne prend pas non plus en charge la confidentialité persistante, ce qui signifie que si votre clé privée ou celle du destinataire est volée, tous les messages précédents chiffrés avec elle seront exposés. [Comment protéger mes clés privées ?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail @@ -25,7 +38,7 @@ Ces fournisseurs prennent en charge le chiffrement/déchiffrement OpenPGP native ![Logo Proton Mail](assets/img/email/protonmail.svg){ align=right } - **Proton Mail** est un service de messagerie électronique qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Ils sont en activité depuis **2013**. Proton AG a son siège à Genève, en Suisse. Les comptes commencent avec 500 Mo de stockage avec leur offre gratuite. + **Proton Mail** est un service d'email qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Il est en activité depuis **2013**. Proton AG a son siège à Genève, en Suisse. Les comptes commencent avec 500 Mo de stockage avec leur offre gratuite. [:octicons-home-16: Page d'accueil](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Service onion" } @@ -43,47 +56,47 @@ Ces fournisseurs prennent en charge le chiffrement/déchiffrement OpenPGP native - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Les comptes gratuits présentent certaines limitations, comme le fait de ne pas pouvoir effectuer de recherche dans le corps du texte et de ne pas avoir accès à [Proton Mail Bridge](https://proton.me/mail/bridge), qui est nécessaire pour utiliser un [client de messagerie de bureau recommandé](email-clients.md) (par exemple Thunderbird). check "Modes de paiement privés" check "Modes de paiement privés" Une [lettre d'attestation](https://proton.me/blog/security-audit-all-proton-apps) a été fournie pour les applications de Proton Mail le 9 novembre 2021 par [Securitum](https://research.securitum.com). +Les comptes gratuits présentent certaines limitations, comme le fait de ne pas pouvoir effectuer de recherche dans le corps du texte et de ne pas avoir accès à [Proton Mail Bridge](https://proton.me/mail/bridge), qui est nécessaire pour utiliser un [client d'email de bureau recommandé](email-clients.md) (par exemple Thunderbird). Les comptes payants comprennent des fonctionnalités telles que Proton Mail Bridge, un espace de stockage supplémentaire et la prise en charge de domaines personnalisés. Une [lettre d'attestation](https://proton.me/blog/security-audit-all-proton-apps) a été fournie pour les applications de Proton Mail le 9 novembre 2021 par [Securitum](https://research.securitum.com). -Si vous avez l'offre Proton Illimité, entreprise ou Visionnaire, vous obtenez également [SimpleLogin](#simplelogin) Premium gratuitement. +Si vous avez l'offre Proton Illimité, Entreprise ou Visionnaire, vous obtenez également [SimpleLogin](#simplelogin) Premium gratuitement. Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** avec des tiers. Ils peuvent être désactivés dans : **Paramètres** > **Aller à Paramètres** > **Compte** > **Sécurité et confidentialité** > **Envoyer des rapports de crash**. -??? success "Domaines personnalisés et alias" +#### :material-check:{ .pg-green } Domaines personnalisés et alias - Les abonnés payants à Proton Mail peuvent utiliser leur propre domaine avec le service ou une adresse [fourre-tout](https://proton.me/support/catch-all). Proton Mail prend également en charge le [sous-adressage](https://proton.me/support/creating-aliases), ce qui est utile pour les personnes qui ne souhaitent pas acheter un domaine. +Les abonnés payants à Proton Mail peuvent utiliser leur propre domaine avec le service ou une adresse [fourre-tout](https://proton.me/support/catch-all). Proton Mail prend également en charge le [sous-adressage](https://proton.me/support/creating-aliases), ce qui est utile pour les personnes qui ne souhaitent pas acheter un domaine. -??? success "Modes de paiement privés" +#### :material-check:{ .pg-green } Modes de paiement privés - Proton Mail [accepte](https://proton.me/support/payment-options) le Bitcoin et l'argent liquide par courrier en plus des paiements standards par carte de crédit/débit et PayPal. +Proton Mail [accepte](https://proton.me/support/payment-options) les paiements en espèces par courrier, ainsi que les paiements par carte de crédit/débit, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc)et PayPal. -??? success "Sécurité du compte" +#### :material-check:{ .pg-green } Sécurité du compte - Proton Mail ne prend en charge que l'[authentification à deux facteurs](https://proton.me/support/two-factor-authentication-2fa) TOTP. L'utilisation d'une clé de sécurité U2F n'est pas encore prise en charge. Proton Mail prévoit d'implémenter U2F dès l'achèvement de son système d'[Authentification unique (SSO - Single Sign On)](https://reddit.com/comments/cheoy6/comment/feh2lw0/). +Proton Mail prend en charge l'[authentification à deux facteurs](https://proton.me/support/two-factor-authentication-2fa) TOTP uniquement. L'utilisation d'une clé de sécurité U2F n'est pas encore prise en charge. Proton Mail prévoit d'implémenter U2F dès l'achèvement de son système d'[Authentification unique (SSO - Single Sign On)](https://reddit.com/comments/cheoy6/comment/feh2lw0/). -??? success "Sécurité des données" +#### :material-check:{ .pg-green } Sécurité des données - Proton Mail dispose d'un [chiffrement à accès zéro](https://proton.me/blog/zero-access-encryption) au repos pour vos e-mails et [calendriers](https://proton.me/news/protoncalendar-security-model). Les données sécurisées par un chiffrmeent à accès zéro ne sont accessibles que par vous. - - Certaines informations stockées dans [Proton Contacts](https://proton.me/support/proton-contacts), telles que les noms et les adresses e-mail, ne sont pas sécurisées par un chiffrement à accès zéro. Les champs de contact qui prennent en charge le chiffrement à accès zéro, comme les numéros de téléphone, sont indiqués par une icône de cadenas. +Proton Mail dispose d'un [chiffrement à accès zéro](https://proton.me/blog/zero-access-encryption) au repos pour vos emails et [calendriers](https://proton.me/news/protoncalendar-security-model). Les données sécurisées par un chiffrement à accès zéro ne sont accessibles que par vous. -??? success "Chiffrement des e-mails" +Certaines informations stockées dans [Proton Contacts](https://proton.me/support/proton-contacts), telles que les noms et les adresses email, ne sont pas sécurisées par un chiffrement à accès zéro. Les champs de contact qui prennent en charge le chiffrement à accès zéro, comme les numéros de téléphone, sont indiqués par une icône de cadenas. - Proton Mail a [intégré le chiffrement OpenPGP](https://proton.me/support/how-to-use-pgp) dans son webmail. Les e-mails destinés à d'autres comptes Proton Mail sont chiffrés automatiquement, et le chiffrement vers des adresses autres que Proton Mail avec une clé OpenPGP peut être activé facilement dans les paramètres de votre compte. Ils vous permettent également de [chiffrer les messages destinés à des adresses autres que celles de Proton Mail](https://proton.me/support/password-protected-emails) sans qu'ils aient besoin de s'inscrire à un compte Proton Mail ou d'utiliser un logiciel comme OpenPGP. - - Proton Mail prend également en charge la découverte de clés publiques via HTTP à partir de son [Répertoire de Clés Web (WKD - Web Key Directory)](https://wiki.gnupg.org/WKD). Cela permet aux personnes qui n'utilisent pas Proton Mail de trouver facilement les clés OpenPGP des comptes Proton Mail, pour un E2EE inter-fournisseurs. +#### :material-check:{ .pg-green } Chiffrement des emails -??? warning "Héritage numérique" +Proton Mail a [du chiffrement OpenPGP intégré](https://proton.me/support/how-to-use-pgp) dans son webmail. Les emails destinés à d'autres comptes Proton Mail sont chiffrés automatiquement, et le chiffrement vers des adresses autres que Proton Mail avec une clé OpenPGP peut être activé facilement dans les paramètres de votre compte. Ils vous permettent également d'[envoyer des messages chiffrés à des adresses non Proton Mail](https://proton.me/support/password-protected-emails) sans qu'ils aient besoin de s'inscrire à un compte Proton Mail ou d'utiliser un logiciel comme OpenPGP. - Proton Mail ne propose pas de fonction d'héritage numérique. +Proton Mail prend également en charge la découverte de clés publiques via HTTP à partir de leur [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Cela permet aux personnes qui n'utilisent pas Proton Mail de trouver facilement les clés OpenPGP des comptes Proton Mail, pour un E2EE inter-fournisseurs. -??? info "Résiliation du compte" +#### :material-alert-outline:{ .pg-orange } Héritage numérique - Si vous avez un compte payant et que votre [facture est impayée](https://proton.me/support/delinquency) après 14 jours, vous ne pourrez pas accéder à vos données. Après 30 jours, votre compte sera en impayé et ne recevra plus d'e-mail entrant. Vous continuerez à être facturé pendant cette période. +Proton Mail ne propose pas de fonction d'héritage numérique. -??? info "Fonctionnalités supplémentaires" +#### :material-information-outline:{ .pg-blue } Résiliation du compte - Proton Mail propose un compte "Illimité" pour 9,99 €/mois, qui permet également d'accéder à Proton VPN en plus de fournir plusieurs comptes, domaines, alias et 500 Go de stockage. +Si vous avez un compte payant et que votre [facture est impayée](https://proton.me/support/delinquency) après 14 jours, vous ne pourrez pas accéder à vos données. Après 30 jours, votre compte sera en impayé et ne recevra plus d'email entrant. Vous continuerez à être facturé pendant cette période. + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Proton Mail propose un compte "Illimité" pour 9,99 €/mois, qui permet également d'accéder à Proton VPN en plus de fournir plusieurs comptes, domaines, alias et 500 Go de stockage. ### Mailbox.org @@ -91,7 +104,7 @@ Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** a ![Logo de Mailbox.org](assets/img/email/mailboxorg.svg){ align=right } - **Mailbox.org** est un service de messagerie électronique qui se veut sécurisé, sans publicité et alimenté par une énergie 100% écologique. Ils sont en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Les comptes commencent avec 2 Go de stockage, qui peuvent être mis à niveau si nécessaire. + **Mailbox.org** est un service d'email qui se veut sécurisé, sans publicité et alimenté par une énergie 100% écologique. Il est en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Les comptes commencent avec 2 Go de stockage, qui peuvent être mis à niveau si nécessaire. [:octicons-home-16: Page d'accueil](https://mailbox.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Politique de confidentialité" } @@ -101,43 +114,54 @@ Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** a - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Domaines personnalisés et alias" +#### :material-check:{ .pg-green } Domaines personnalisés et alias - Mailbox.org vous permet d'utiliser votre propre domaine et prend en charge les adresses [fourre-tout](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+avec+propre+domaine). Mailbox.org prend également en charge le [sous-adressage](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), ce qui est utile pour les personnes qui ne souhaitent pas acheter un domaine. +Mailbox.org vous permet d'utiliser votre propre domaine et prend en charge les adresses [fourre-tout](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org prend également en charge le [sous-adressage](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), ce qui est utile pour les personnes qui ne souhaitent pas acheter un domaine. -??? info "Modes de paiement privés" +#### :material-check:{ .pg-green } Modes de paiement privés - Mailbox.org n'accepte pas les bitcoins ni les autres crypto-monnaies en raison de la suspension des opérations de leur processeur de paiement BitPay en Allemagne. Cependant, ils acceptent les paiements par courrier, les paiements en espèces sur compte bancaire, les virements bancaires, les cartes de crédit, PayPal et quelques processeurs spécifiques à l'Allemagne : paydirekt et Sofortüberweisung. +Mailbox.org n'accepte aucune crypto-monnaie en raison de la suspension des activités de son processeur de paiement BitPay en Allemagne. Cependant, ils acceptent les paiements en espèces par courrier, les paiements en espèces sur compte bancaire, les virements bancaires, les cartes de crédit, PayPal et quelques processeurs spécifiques à l'Allemagne : paydirekt et Sofortüberweisung. -??? success "Sécurité du compte" +#### :material-check:{ .pg-green } Sécurité du compte - Mailbox.org prend en charge [l'authentification à deux facteurs](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) pour son webmail uniquement. Vous pouvez utiliser soit TOTP soit un [Yubikey](https://fr.wikipedia.org/wiki/YubiKey) via le [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Les normes web telles que [WebAuthn](https://fr.wikipedia.org/wiki/WebAuthn) ne sont pas encore prises en charge. +Mailbox.org prend en charge l'[authentification à deux facteurs](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) pour son webmail uniquement. Vous pouvez utiliser soit TOTP, soit une [Yubikey](https://fr.wikipedia.org/wiki/YubiKey) via le [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Les normes web telles que [WebAuthn](https://fr.wikipedia.org/wiki/WebAuthn) ne sont pas encore prises en charge. -??? info "Sécurité des données" +#### :material-information-outline:{ .pg-blue } Sécurité des données - Mailbox.org permet de chiffrer les e-mails entrants en utilisant leur [boîte mail chiffrée](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Les nouveaux messages que vous recevrez seront alors immédiatement chiffrés avec votre clé publique. - - Toutefois, [Open-Exchange](https://fr.wikipedia.org/wiki/Open-Xchange), la plate-forme logicielle utilisée par Mailbox.org, [ne prend pas en charge](https://kb.mailbox.org/display/BMBOKBEN/Encryption+de+calendrier+et+carnet+d'adresses) le chiffrement de votre carnet d'adresses et de votre calendrier. Une [option dissociée](calendar.md) peut être plus appropriée pour ces informations. +Mailbox.org permet le chiffrement des emails entrant à l'aide de sa [boîte mails chiffrée](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Les nouveaux messages que vous recevrez seront alors immédiatement chiffrés avec votre clé publique. -??? success "Chiffrement des e-mails" +Cependant, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), la plateforme logicielle utilisée par Mailbox.org, [ne prend pas en charge](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) le chiffrement de votre carnet d'adresses et de votre calendrier. Une [option tierce](calendar.md) pourrait être plus appropriée pour ces informations. - Mailbox.org a [intégré le chiffrement](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) dans son webmail, ce qui simplifie l'envoi de messages aux personnes disposant de clés OpenPGP publiques. Ils permettent également [aux destinataires distants de déchiffrer un e-mail](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) sur les serveurs de Mailbox.org. Cette fonction est utile lorsque le destinataire distant ne dispose pas d'OpenPGP et ne peut pas déchiffrer une copie de l'e-mail dans sa propre boîte mail. - - Mailbox.org supporte également la découverte de clés publiques via HTTP à partir de leur [Répertoire de Clés Web (WKD - Web Key Directory)](https://wiki.gnupg.org/WKD). Cela permet aux personnes extérieures à Mailbox.org de trouver facilement les clés OpenPGP des comptes Mailbox.org, pour un E2EE inter-fournisseurs. +#### :material-check:{ .pg-green } Chiffrement des emails -??? sucess "Héritage numérique" +Mailbox.org a [du chiffrement intégré](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) dans son webmail, ce qui simplifie l'envoi de messages à des personnes possédant des clés OpenPGP publiques. Ils permettent également aux [destinataires distants de déchiffrer un email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) sur les serveurs de Mailbox.org. Cette fonction est utile lorsque le destinataire distant ne dispose pas d'OpenPGP et ne peut pas déchiffrer une copie de l'email dans sa propre boîte mail. - Mailbox.org dispose d'une fonction d'héritage numérique pour toutes les offres. Vous pouvez choisir de transmettre certaines de vos données à vos héritiers, à condition d'en faire la demande et de fournir votre testament. Vous pouvez également désigner une personne par son nom et son adresse. +Mailbox.org prend également en charge la découverte de clés publiques via HTTP à partir de leur [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Cela permet aux personnes extérieures à Mailbox.org de trouver facilement les clés OpenPGP des comptes Mailbox.org, pour un E2EE inter-fournisseurs. -??? info "Résiliation du compte" +#### :material-check:{ .pg-green } Héritage numérique - Votre compte sera défini comme un compte d'utilisateur restreint lorsque votre contrat prendra fin, après [30 jours, il sera irrévocablement supprimé](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org dispose d'une fonction d'héritage numérique pour toutes les offres. Vous pouvez choisir de transmettre certaines de vos données à vos héritiers, à condition d'en faire la demande et de fournir votre testament. Vous pouvez également désigner une personne par son nom et son adresse. -??? info "Fonctionnalités supplémentaires" +#### :material-information-outline:{ .pg-blue } Résiliation du compte - Vous pouvez accéder à votre compte Mailbox.org via IMAP/SMTP en utilisant leur [service .onion](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+de+mailbox.org). Cependant, leur interface webmail n'est pas accessible via leur service .onion et vous pouvez rencontrer des erreurs de certificat TLS. - - Tous les comptes sont dotés d'un espace de stockage cloud limité qui [peut être chiffré](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+sur+votre+Drive). Mailbox.org propose également l'alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely) qui impose le chiffrement TLS sur la connexion entre les serveurs de messagerie, sinon le message ne sera pas envoyé du tout. Mailbox.org supporte également [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) en plus des protocoles d'accès standard comme IMAP et POP3. +Votre compte sera défini comme un compte d'utilisateur restreint à la fin de votre contrat, après [30 jours, il sera irrévocablement supprimé](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Vous pouvez accéder à votre compte Mailbox.org via IMAP/SMTP en utilisant leur [service .onion](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Cependant, leur interface webmail n'est pas accessible via leur service .onion et vous pouvez rencontrer des erreurs de certificat TLS. + +Tous les comptes sont assortis d'un espace de stockage cloud limité qui [peut être chiffré](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org propose également l'alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), qui applique le chiffrement TLS à la connexion entre les serveurs mail, faute de quoi le message ne sera pas envoyé. Mailbox.org prend également en charge [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) en plus des protocoles d'accès standard comme IMAP et POP3. + +## D'autres fournisseurs + +Ces fournisseurs stockent vos emails avec un chiffrement à connaissance zéro, ce qui en fait d'excellentes options pour assurer la sécurité de vos emails stockés. Cependant, ils ne prennent pas en charge les normes de chiffrement interopérables pour des communications E2EE entre fournisseurs. + +
+ +- ![Logo StartMail](assets/img/email/startmail.svg#only-light){ .twemoji }![Logo StartMail](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Logo Tutanota](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -146,7 +170,7 @@ Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** a ![Logo de StartMail](assets/img/email/startmail.svg#only-light){ align=right } ![Logo de StartMail](assets/img/email/startmail-dark.svg#only-dark){ align=right } - **StartMail** est un service de messagerie électronique qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du standard de chiffrement OpenPGP. StartMail est en activité depuis 2014 et est basé à Boulevard 11, Zeist Pays-Bas. Les comptes commencent avec 10 Go. Ils offrent un essai de 30 jours. + **StartMail** est un service d'email qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du standard de chiffrement OpenPGP. StartMail est en activité depuis 2014 et est basé à Boulevard 11, Zeist Pays-Bas. Les comptes commencent avec 10 Go. Ils offrent un essai de 30 jours. [:octicons-home-16: Page d'accueil](https://www.startmail.com/){ .md-button .md-button--primary } [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Politique de confidentialité" } @@ -156,43 +180,39 @@ Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** a - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Domaines personnalisés et alias" +#### :material-check:{ .pg-green } Domaines personnalisés et alias - Les comptes personnels peuvent utiliser des alias [Personnalisés ou Rapides](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). Des [domaines personnalisés](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) sont également disponibles. +Les comptes personnels peuvent utiliser des alias [Personnalisés ou Rapides](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) . Des [domaines personnalisés](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) sont également disponibles. -??? warning "Modes de paiement privés" +#### :material-alert-outline:{ .pg-orange } Modes de paiement privés - StartMail accepte Visa, MasterCard, American Express et Paypal. StartMail propose également d'autres [options de paiement](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) telles que le Bitcoin (actuellement uniquement pour les comptes personnels) et le prélèvement SEPA pour les comptes de plus d'un an. +StartMail accepte Visa, MasterCard, American Express et Paypal. StartMail a aussi d'autres [options de paiement](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) comme [le Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (actuellement seulement pour les comptes personnels) et le prélèvement direct SEPA pour les comptes de plus d'un an. -??? success "Sécurité du compte" +#### :material-check:{ .pg-green } Sécurité du compte - StartMail supporte l'authentification TOTP à deux facteurs [pour le webmail uniquement](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Ils ne permettent pas l'authentification par clé de sécurité U2F. +StartMail prend en charge l'authentification à deux facteurs TOTP [pour le webmail seulement](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Ils ne permettent pas l'authentification par clé de sécurité U2F. -??? info "Sécurité des données" +#### :material-information-outline:{ .pg-blue } Sécurité des données - StartMail dispose d'un [chiffrement à accès zéro au repos](https://www.startmail.com/en/whitepaper/#_Toc458527835), utilisant leur système de "coffre-fort utilisateur". Lorsque vous vous connectez, le coffre-fort est ouvert, et le courriel est alors déplacé dans le coffre-fort hors de la file d'attente où il est déchiffré par la clé privée correspondante. - - StartMail supporte l'import de [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts), cependant, ils ne sont accessibles que dans le webmail et non par des protocoles tels que [CalDAV](https://fr.wikipedia.org/wiki/CalDAV). Les contacts ne sont pas non plus stockés à l'aide d'un chiffrement à connaissance zéro. +StartMail a du [chiffrement à accès zéro au repos](https://www.startmail.com/en/whitepaper/#_Toc458527835), en utilisant leur système "coffre-fort utilisateur". Lorsque vous vous connectez, le coffre-fort est ouvert, et l'email est alors déplacé dans le coffre-fort hors de la file d'attente où il est déchiffré par la clé privée correspondante. -??? success "Chiffrement des e-mails" +StartMail permet d'importer des [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) mais ceux-ci ne sont accessibles que dans le webmail et non via des protocoles tels que [CalDAV](https://fr.wikipedia.org/wiki/CalDAV). Les contacts ne sont pas non plus stockés à l'aide d'un chiffrement à connaissance zéro. - StartMail dispose d'un [chiffrement intégré](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) dans son webmail, ce qui simplifie l'envoi de messages chiffrés avec des clés OpenPGP publiques. +#### :material-check:{ .pg-green } Chiffrement des emails -??? warning "Héritage numérique" +StartMail a [du chiffrement intégré](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) dans son webmail, ce qui simplifie l'envoi de messages chiffrés avec des clés publiques OpenPGP. Cependant, ils ne supportent pas la norme Web Key Directory, ce qui rend la découverte de la clé publique d'une boîte mail Startmail plus difficile pour d'autres fournisseurs ou clients email. - StartMail ne propose pas de fonction d'héritage numérique. +#### :material-alert-outline:{ .pg-orange } Héritage numérique -??? info "Résiliation du compte" +StartMail ne propose pas de fonction d'héritage numérique. - À l'expiration du compte, StartMail supprimera définitivement votre compte après [6 mois en 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Résiliation du compte -??? info "Fonctionnalités supplémentaires" +A l'expiration du compte, StartMail supprimera définitivement votre compte après [6 mois en 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail permet de faire passer les images des e-mails par leur serveur proxy. Si vous autorisez le chargement de l'image distante, l'expéditeur ne saura pas quelle est votre adresse IP. +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires -## D'autres fournisseurs - -Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro, ce qui en fait d'excellentes options pour assurer la sécurité de vos courriels stockés. check "Sécurité du compte" +StartMail permet de faire passer les images des emails par leur serveur proxy. Si vous autorisez le chargement de l'image distante, l'expéditeur ne saura pas quelle est votre adresse IP. ### Tutanota @@ -200,7 +220,7 @@ Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro, ![Logo Tutanota](assets/img/email/tutanota.svg){ align=right } - **Tutanota** est un service de messagerie électronique qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du chiffrement. Tutanota est en activité depuis **2011** et est basée à Hanovre, en Allemagne. Les comptes commencent avec 1 Go de stockage avec leur offre gratuite. + **Tutanota** est un service d'email qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du chiffrement. Tutanota est en activité depuis **2011** et est basée à Hanovre, en Allemagne. Les comptes commencent avec 1 Go de stockage avec leur offre gratuite. [:octicons-home-16: Page d'accueil](https://tutanota.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Politique de confidentialité" } @@ -218,62 +238,69 @@ Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro, - [:simple-linux: Linux](https://tutanota.com/#download) - [:octicons-browser-16: Web](https://mail.tutanota.com/) -Tutanota ne prend pas en charge le [protocole IMAP](https://tutanota.com/faq/#imap) ni l'utilisation de [clients de messagerie](email-clients.md) tiers, et vous ne pourrez pas non plus ajouter [des comptes de messagerie externes](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) à l'application Tutanota. Ni [l'import d'e-mails](https://github.com/tutao/tutanota/issues/630) ni [les sous-dossiers](https://github.com/tutao/tutanota/issues/927) ne sont actuellement pris en charge, bien que cela soit [amené à changer](https://tutanota.com/blog/posts/kickoff-import). Les e-mails peuvent être exportés [individuellement ou par sélection groupée](https://tutanota.com/howto#generalMail) par dossier, ce qui peut s'avérer peu pratique si vous avez de nombreux dossiers. +Tutanota ne prend pas en charge le [protocole IMAP](https://tutanota.com/faq/#imap) ni l'utilisation de [clients email](email-clients.md) tiers, et vous ne pourrez pas non plus ajouter [des comptes email externes](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) à l'application Tutanota. Ni [l'import d'emails](https://github.com/tutao/tutanota/issues/630) ni [les sous-dossiers](https://github.com/tutao/tutanota/issues/927) ne sont actuellement pris en charge, bien que cela soit [amené à changer](https://tutanota.com/blog/posts/kickoff-import). Les emails peuvent être exportés [individuellement ou par sélection groupée](https://tutanota.com/howto#generalMail) par dossier, ce qui peut s'avérer peu pratique si vous avez de nombreux dossiers. -??? success "Domaines personnalisés et alias" +#### :material-check:{ .pg-green } Domaines personnalisés et alias - Les comptes Tutanota payants peuvent utiliser jusqu'à 5 [aliases](https://tutanota.com/faq#alias) et [domaines personnalisés](https://tutanota.com/faq#custom-domain). Tutanota ne permet pas le [sous-adressage (adresses plus)](https://tutanota.com/faq#plus), mais vous pouvez utiliser un [fourre-tout](https://tutanota.com/howto#settings-global) avec un domaine personnalisé. +Les comptes Tutanota payants peuvent utiliser jusqu'à 5 [alias](https://tutanota.com/faq#alias) et [domaines personnalisés](https://tutanota.com/faq#custom-domain). Tutanota ne permet pas le [sous-adressage (adresses plus)](https://tutanota.com/faq#plus), mais vous pouvez utiliser une adresse [fourre-tout](https://tutanota.com/howto#settings-global) avec un domaine personnalisé. -??? warning "Modes de paiement privés" +#### :material-information-outline:{ .pg-blue } Modes de paiement privés - Tutanota n'accepte directement que les cartes de crédit et PayPal, mais les Bitcoin et Monero peuvent être utilisés pour acheter des cartes-cadeaux via leur [partenariat](https://tutanota.com/faq/#cryptocurrency) avec Proxystore. +Tutanota n'accepte directement que les cartes de crédit et PayPal, mais [les crypto-monnaies](cryptocurrency.md) peuvent être utilisées pour acheter des cartes-cadeaux grâce à leur [partenariat](https://tutanota.com/faq/#cryptocurrency) avec Proxystore. -??? success "Sécurité du compte" +#### :material-check:{ .pg-green } Sécurité du compte - Tutanota prend en charge l'[authentification à deux facteurs](https://tutanota.com/faq#2fa) avec TOTP ou U2F. +Tutanota prend en charge l'[authentification à deux facteurs](https://tutanota.com/faq#2fa) avec TOTP ou U2F. -??? success "Sécurité des données" +#### :material-check:{ .pg-green } Sécurité des données - Tutanota dispose d'un [chiffrement à accès zéro au repos](https://tutanota.com/faq#what-encrypted) pour vos e-mails, [contacts du carnet d'adresses](https://tutanota.com/faq#encrypted-address-book) et [calendriers](https://tutanota.com/faq#calendar). Cela signifie que les messages et autres données stockés dans votre compte ne sont lisibles que par vous. +Tutanota dispose d'un [chiffrement accès zéro au repos](https://tutanota.com/faq#what-encrypted) pour vos emails, vos [contacts de carnet d'addresse](https://tutanota.com/faq#encrypted-address-book), et vos [calendars](https://tutanota.com/faq#calendar). Cela signifie que les messages et autres données stockés dans votre compte ne sont lisibles que par vous. -??? warning "Chiffrement des e-mails" +#### :material-information-outline:{ .pg-blue } Chiffrement des emails - Tutanota [n'utilise pas OpenPGP](https://www.tutanota.com/faq/#pgp). Les comptes Tutanota peuvent uniquement recevoir des e-mails chiffrés provenant de comptes de messagerie non Tutanota lorsqu'ils sont envoyés via une [boîte aux lettres temporaire Tutanota] (https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [n'utilise pas OpenPGP](https://www.tutanota.com/faq/#pgp). Les comptes Tutanota ne peuvent recevoir des emails chiffrés provenant de comptes email non Tutanota que s'ils sont envoyés via une [boîte mail temporaire Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Héritage numérique" +#### :material-alert-outline:{ .pg-orange } Héritage numérique - Tutanota ne propose pas de fonction d'héritage numérique. +Tutanota ne propose pas de fonction d'héritage numérique. -??? info "Résiliation du compte" +#### :material-information-outline:{ .pg-blue } Résiliation du compte - Tutanota [supprimera les comptes gratuits inactifs](https://tutanota.com/faq#inactive-accounts) après six mois. Vous pouvez réutiliser un compte gratuit désactivé si vous payez. +Tutanota supprimera [les comptes gratuits inactifs](https://tutanota.com/faq#inactive-accounts) après six mois. Vous pouvez réutiliser un compte gratuit désactivé si vous payez. -??? info "Fonctionnalités supplémentaires" +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires - Tutanota propose la version professionnelle de [Tutanota pour les organisations à but non lucratif](https://tutanota.com/blog/posts/secure-email-for-non-profit) gratuitement ou avec une grosse réduction. - - Tutanota dispose également d'une fonction commerciale appelée [Secure Connect](https://tutanota.com/secure-connect/). Cela garantit que le contact du client avec l'entreprise utilise E2EE. La fonctionnalité coûte 240 €/an. +Tutanota offre la version professionnelle de [Tutanota aux organisations à but non lucratif](https://tutanota.com/blog/posts/secure-email-for-non-profit) gratuitement ou avec une forte réduction. -## Services d'alias d'e-mails +Tutanota dispose également d'une fonction commerciale appelée [Secure Connect](https://tutanota.com/secure-connect/). Cela garantit que le contact du client avec l'entreprise utilise E2EE. La fonctionnalité coûte 240 €/an. -Un service d'alias d'e-mails vous permet de générer facilement une nouvelle adresse e-mail pour chaque site web auquel vous vous inscrivez. Les alias que vous créez sont ensuite transférés vers une adresse électronique de votre choix, ce qui permet de masquer à la fois votre adresse électronique "principale" et l'identité de votre fournisseur de messagerie. Un véritable alias d'e-mail est mieux que l'adressage plus, couramment utilisé et pris en charge par de nombreux fournisseurs, qui vous permet de créer des alias tels que votrenom+[nimportequoiici]@exemple.fr, car les sites web, les annonceurs et les réseaux de pistage peuvent trivialement supprimer tout ce qui suit le signe + pour connaître votre véritable adresse e-mail. +## Services d'alias d'emails -L'alias d'e-mail peut servir de protection au cas où votre fournisseur d'e-mail cesserait de fonctionner. Dans ce cas, vous pouvez facilement rediriger vos alias vers une nouvelle adresse électronique. En revanche, vous faites confiance au service d'aliasing pour qu'il continue de fonctionner. +Un service d'alias d'emails vous permet de générer facilement une nouvelle adresse email pour chaque site web auquel vous vous inscrivez. Les alias que vous créez sont ensuite transférés vers une adresse email de votre choix, ce qui permet de masquer à la fois votre adresse email "principale" et l'identité de votre fournisseur d'email. Un véritable alias d'email est mieux que l'adressage plus, couramment utilisé et pris en charge par de nombreux fournisseurs, qui vous permet de créer des alias tels que votrenom+[nimportequoiici]@exemple.fr, car les sites web, les annonceurs et les réseaux de pistage peuvent trivialement supprimer tout ce qui suit le signe + pour connaître votre véritable adresse email. -L'utilisation d'un service d'alias d'e-mail dédié présente également un certain nombre d'avantages par rapport à un alias fourre-tout sur un domaine personnalisé : +
-- Les alias peuvent être activés et désactivés individuellement lorsque vous en avez besoin, ce qui empêche les sites web de vous envoyer des messages électroniques de façon aléatoire. -- Les réponses sont envoyées à partir de l'adresse alias, qui masque votre véritable adresse électronique. +- ![Logo AnonAddy](assets/img/email/anonaddy.svg#only-light){ .twemoji }![Logo AnonAddy](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![Logo SimpleLogin](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) -Ils présentent également un certain nombre d'avantages par rapport aux services qui fournissent des "e-mails temporaires" : +
+ +L'alias d'email peut servir de protection au cas où votre fournisseur d'email cesserait de fonctionner. Dans ce cas, vous pouvez facilement rediriger vos alias vers une nouvelle adresse email. En revanche, vous faites confiance au service d'alias pour qu'il continue de fonctionner. + +L'utilisation d'un service d'alias d'email dédié présente également un certain nombre d'avantages par rapport à un alias fourre-tout sur un domaine personnalisé : + +- Les alias peuvent être activés et désactivés individuellement lorsque vous en avez besoin, ce qui empêche les sites web de vous envoyer des emails de façon aléatoire. +- Les réponses sont envoyées à partir de l'adresse alias, qui masque votre véritable adresse email. + +Ils présentent également un certain nombre d'avantages par rapport aux services qui fournissent des "emails temporaires" : - Les alias sont permanents et peuvent être réactivés si vous devez recevoir quelque chose comme une réinitialisation de mot de passe. -- Les courriels sont envoyés à votre boîte mails de confiance plutôt que d'être stockés par le fournisseur d'alias. -- Les services d'e-mails temporaires proposent généralement des boîtes mail publiques auxquelles peuvent accéder tous ceux qui connaissent l'adresse, tandis que les alias sont privés. +- Les emails sont envoyés à votre boîte mail de confiance plutôt que d'être stockés par le fournisseur d'alias. +- Les services d'emails temporaires proposent généralement des boîtes mail publiques auxquelles peuvent accéder tous ceux qui connaissent l'adresse, tandis que les alias sont privés. -Nos recommandations en matière d'alias d'e-mail sont des fournisseurs qui vous permettent de créer des alias sur des domaines qu'ils contrôlent, ainsi que sur votre ou vos propres domaine(s) personnalisé(s), pour un coût annuel modeste. Ils peuvent également être auto-hébergés si vous souhaitez un contrôle maximal. Toutefois, l'utilisation d'un domaine personnalisé peut présenter des inconvénients en matière de confidentialité : Si vous êtes la seule personne à utiliser votre domaine personnalisé, vos actions peuvent être facilement suivies sur les sites web en regardant simplement le nom de domaine dans l'adresse électronique et en ignorant tout ce qui se trouve avant le signe arobase (@). +Nos recommandations en matière d'alias d'email sont des fournisseurs qui vous permettent de créer des alias sur des domaines qu'ils contrôlent, ainsi que sur votre ou vos propres domaine(s) personnalisé(s), pour un coût annuel modeste. Ils peuvent également être auto-hébergés si vous souhaitez un contrôle maximal. Toutefois, l'utilisation d'un domaine personnalisé peut présenter des inconvénients en matière de confidentialité : Si vous êtes la seule personne à utiliser votre domaine personnalisé, vos actions peuvent être facilement suivies sur les sites web en regardant simplement le nom de domaine dans l'adresse email et en ignorant tout ce qui se trouve avant le signe arobase (@). -L'utilisation d'un service d'alias nécessite de faire confiance à la fois à votre fournisseur de messagerie et à votre fournisseur d'alias pour vos messages non chiffrés. Certains fournisseurs atténuent légèrement ce problème grâce au chiffrement automatique PGP, qui réduit le nombre de services auxquels vous devez faire confiance de deux à un en chiffrant les e-mails entrants avant qu'ils ne soient remis à votre fournisseur de boîte mail final. +L'utilisation d'un service d'alias nécessite de faire confiance à la fois à votre fournisseur d'email et à votre fournisseur d'alias pour vos messages non chiffrés. Certains fournisseurs atténuent légèrement ce problème grâce au chiffrement automatique PGP, qui réduit le nombre de services auxquels vous devez faire confiance de deux à un en chiffrant les emails entrants avant qu'ils ne soient remis à votre fournisseur de boîte mail final. ### AnonAddy @@ -313,7 +340,7 @@ Fonctions gratuites notables : ![Logo Simplelogin](assets/img/email/simplelogin.svg){ align=right } - **SimpleLogin** est un service gratuit qui fournit des alias d'e-mail sur une variété de noms de domaine partagés, et offre en option des fonctionnalités payantes comme des alias illimités et des domaines personnalisés. + **SimpleLogin** est un service gratuit qui fournit des alias d'email sur une variété de noms de domaine partagés, et offre en option des fonctionnalités payantes comme des alias illimités et des domaines personnalisés. [:octicons-home-16: Page d'accueil](https://simplelogin.io/fr/){ .md-button .md-button--primary } [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Politique de confidentialité" } @@ -330,7 +357,7 @@ Fonctions gratuites notables : - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff) - [:simple-safari: Safari](https://apps.apple.com/app/id1494051017) -SimpleLogin a été [acquis par Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) à compter du 8 avril 2022. Si vous utilisez Proton Mail pour votre boîte mail principale, SimpleLogin est un excellent choix. Les deux produits étant désormais détenus par la même société, vous ne devez plus faire confiance qu'à une seule entité. Nous supposons également que SimpleLogin sera plus étroitement intégré aux offres de Proton à l'avenir. SimpleLogin continue de prendre en charge la redirection vers le fournisseur de messagerie de votre choix. Securitum [a audité](https://simplelogin.io/blog/security-audit/) SimpleLogin début 2022 et tous les problèmes [ont été résolus](https://simplelogin.io/audit2022/web.pdf). +SimpleLogin a été [acquis par Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) à compter du 8 avril 2022. Si vous utilisez Proton Mail pour votre boîte mail principale, SimpleLogin est un excellent choix. Les deux produits étant désormais détenus par la même société, vous ne devez plus faire confiance qu'à une seule entité. Nous supposons également que SimpleLogin sera plus étroitement intégré aux offres de Proton à l'avenir. SimpleLogin continue de prendre en charge la redirection vers le fournisseur d'email de votre choix. Securitum [a audité](https://simplelogin.io/blog/security-audit/) SimpleLogin début 2022 et tous les problèmes [ont été résolus](https://simplelogin.io/audit2022/web.pdf). Vous pouvez lier votre compte SimpleLogin avec votre compte Proton dans les paramètres de SimpleLogin. Si vous avez l'offre Proton Illimité, Entreprise, ou Visionnaire, vous aurez SimpleLogin Premium gratuitement. @@ -340,9 +367,9 @@ Fonctions gratuites notables : - [x] Réponses illimitées - [x] 1 Boîte mail de réception -## E-mail auto-hébergé +## Email auto-hébergé -Les administrateurs système peuvent envisager de mettre en place leur propre serveur de messagerie. Les serveurs de messagerie requièrent une attention et une maintenance permanente afin de garantir la sécurité et la fiabilité de la distribution des e-mails. +Les administrateurs système peuvent envisager de mettre en place leur propre serveur mail. Les serveurs mail requièrent une attention et une maintenance permanente afin de garantir la sécurité et la fiabilité de la distribution des emails. ### Solutions logicielles combinées @@ -350,7 +377,7 @@ Les administrateurs système peuvent envisager de mettre en place leur propre se ![Logo Mailcow](assets/img/email/mailcow.svg){ align=right } - **Mailcow** est un serveur de messagerie plus avancé, parfait pour ceux qui ont un peu plus d'expérience de Linux. Il possède tout ce dont vous avez besoin dans un conteneur Docker : Un serveur de messagerie avec prise en charge de DKIM, une surveillance antivirus et spam, un webmail et ActiveSync avec SOGo, et une administration basée sur le web avec prise en charge de 2FA. + **Mailcow** est un serveur mail plus avancé, parfait pour ceux qui ont un peu plus d'expérience de Linux. Il possède tout ce dont vous avez besoin dans un conteneur Docker : un serveur mail avec prise en charge de DKIM, une surveillance antivirus et spam, un webmail et ActiveSync avec SOGo, et une administration basée sur le web avec prise en charge de 2FA. [:octicons-home-16: Page d'accueil](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation} @@ -361,63 +388,63 @@ Les administrateurs système peuvent envisager de mettre en place leur propre se ![Logo Mail-in-a-Box](assets/img/email/mail-in-a-box.svg){ align=right } - **Mail-in-a-Box** est un script de configuration automatisé pour le déploiement d'un serveur de messagerie sur Ubuntu. Son objectif est de faciliter la mise en place d'un serveur de courrier électronique. + **Mail-in-a-Box** est un script de configuration automatisé pour le déploiement d'un serveur mail sur Ubuntu. Son objectif est de faciliter la mise en place de son propre serveur mail. [:octicons-home-16: Page d'accueil](https://mailinabox.email){ .md-button .md-button--primary } [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Code source" } -Nous préférons que nos prestataires recommandés collectent le moins de données possible. +Pour une approche plus manuelle, nous avons choisi ces deux articles : -- [Configuration d'un serveur de messagerie avec OpenSMTPD, Dovecot et Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) -- [Comment gérer votre propre serveur de messagerie](https://www.c0ffee.net/blog/mail-server-guide/) (août 2017) +- [Configuration d'un serveur mail avec OpenSMTPD, Dovecot et Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) +- [Comment gérer votre propre serveur mail](https://www.c0ffee.net/blog/mail-server-guide/) (août 2017) ## Critères -**Veuillez noter que nous ne sommes affiliés à aucun des fournisseurs que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour tout fournisseur d'email souhaitant être recommandé, y compris la mise en place des bonnes pratiques du secteur, une technologie moderne et bien plus. Nous vous suggérons de vous familiariser avec cette liste avant de choisir un fournisseur d'e-mails, et de mener vos propres recherches pour vous assurer que le fournisseur d'e-mails que vous choisissez est le bon choix pour vous. +**Veuillez noter que nous ne sommes affiliés à aucun des fournisseurs que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour tout fournisseur d'email souhaitant être recommandé, y compris la mise en place des bonnes pratiques du secteur, une technologie moderne et bien plus. Nous vous suggérons de vous familiariser avec cette liste avant de choisir un fournisseur d'email, et de mener vos propres recherches pour vous assurer que le fournisseur d'email que vous choisissez est le bon choix pour vous. ### Technologie Nous considérons ces caractéristiques comme importantes afin de fournir un service sûr et optimal. Vous devez vous demander si le fournisseur possède les caractéristiques dont vous avez besoin. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** -- Chiffre les données du compte de messagerie au repos avec un chiffrement à accès zéro. -- Capacité d'export en tant que [Mbox](https://fr.wikipedia.org/wiki/Mbox) ou .eml individuel avec standard [RFC5322](https://datatracker.ietf.org/doc/rfc5322/). -- Permet aux utilisateurs d'utiliser leur propre [nom de domaine](https://fr.wikipedia.org/wiki/Nom_de_domaine). Les noms de domaine personnalisés sont importants pour les utilisateurs car ils leur permettent de conserver leur indépendance du service, au cas où celui-ci tournerait mal ou serait racheté par une autre société qui ne donne pas priorité à la vie privée. -- Fonctionne sur sa propre infrastructure, c'est-à-dire qu'elle ne repose pas sur des fournisseurs de services de messagerie tiers. +- Chiffre les données du compte email au repos avec un chiffrement à accès zéro. +- Capacité d'export en tant que [Mbox](https://en.wikipedia.org/wiki/Mbox) ou .eml individuel avec standard [RFC5322](https://datatracker.ietf.org/doc/rfc5322/). +- Permet aux utilisateurs d'utiliser leur propre [nom de domaine](https://en.wikipedia.org/wiki/Domain_name). Les noms de domaine personnalisés sont importants pour les utilisateurs car ils leur permettent de conserver leur indépendance du service, au cas où celui-ci tournerait mal ou serait racheté par une autre société qui ne donne pas priorité à la vie privée. +- Fonctionne sur sa propre infrastructure, c'est-à-dire qu'elle ne repose pas sur des fournisseurs de services d'email tiers. **Dans le meilleur des cas :** - Chiffre toutes les données du compte (contacts, calendriers, etc.) au repos avec un chiffrement à accès zéro. - Un webmail intégré avec chiffrement E2EE/PGP est fourni à titre de commodité. - Prise en charge de [WKD](https://wiki.gnupg.org/WKD) pour permettre une meilleure découverte des clés publiques OpenPGP via HTTP. Les utilisateurs de GnuPG peuvent obtenir une clé en tapant : `gpg --locate-key utilisateur_exemple@exemple.fr` -- Prise en charge d'une boîte mail temporaire pour les utilisateurs externes. Cette fonction est utile lorsque vous souhaitez envoyer un e-mail chiffré, sans envoyer une copie réelle à votre destinataire. Ces e-mails ont généralement une durée de vie limitée et sont ensuite automatiquement supprimés. Ils n'obligent pas non plus le destinataire à configurer un système de chiffrement comme OpenPGP. -- Disponibilité des services du fournisseur de courrier électronique via un [service onion](https://en.wikipedia.org/wiki/.onion). +- Prise en charge d'une boîte mail temporaire pour les utilisateurs externes. Cette fonction est utile lorsque vous souhaitez envoyer un email chiffré, sans envoyer une copie réelle à votre destinataire. Ces emails ont généralement une durée de vie limitée et sont ensuite automatiquement supprimés. Ils n'obligent pas non plus le destinataire à configurer un système de chiffrement comme OpenPGP. +- Disponibilité des services du fournisseur d'email via un [service onion](https://en.wikipedia.org/wiki/.onion). - Prise en charge du [sous-adressage](https://en.wikipedia.org/wiki/Email_address#Subaddressing). - Fonctionnalité fourre-tout ou alias pour ceux qui possèdent leurs propres domaines. -- Utilisation de protocoles standard d'accès au e-mails tels que IMAP, SMTP ou [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Les protocoles d'accès standard garantissent que les clients peuvent facilement télécharger l'ensemble de leur courrier électronique, s'ils souhaitent changer de fournisseur. +- Utilisation de protocoles standard d'accès au emails tels que IMAP, SMTP ou [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Les protocoles d'accès standard garantissent que les clients peuvent facilement télécharger l'ensemble de leurs emails, s'ils souhaitent changer de fournisseur. ### Confidentialité Nous préférons que nos prestataires recommandés collectent le moins de données possible. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Protéger l'adresse IP de l'expéditeur. Filtrez-la pour qu'elle n'apparaisse pas dans le champ d'en-tête `Received`. -- Ne demandez pas d'Informations Personnelles Identifiables (PII) en plus d'un nom d'utilisateur et d'un mot de passe. +- Ne demandez pas de Données à Caractère Personnel (DCP) en plus d'un nom d'utilisateur et d'un mot de passe. - Politique de confidentialité répondant aux exigences définies par le RGPD. - Ne doit pas être hébergé aux États-Unis en raison de [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) qui doit [encore être réformé](https://epic.org/ecpa/). **Dans le meilleur des cas :** -- Accepte le Bitcoin, les espèces et d'autres formes de crypto-monnaies et/ou options de paiement anonymes (cartes-cadeaux, etc.). +- Accepte des [options de paiement anonymes](advanced/payments.md) ([crypto-monnaie](cryptocurrency.md), argent liquide, cartes cadeaux, etc.) ### Sécurité -Les serveurs de courrier électronique traitent un grand nombre de données très sensibles. Nous nous attendons à ce que les prestataires adoptent les meilleures pratiques du secteur afin de protéger leurs membres. +Les serveurs mail traitent un grand nombre de données très sensibles. Nous nous attendons à ce que les prestataires adoptent les meilleures pratiques du secteur afin de protéger leurs membres. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Protection du webmail avec 2FA, tel que TOTP. - Le chiffrement à accès zéro, qui complète le chiffrement au repos. Le fournisseur ne dispose pas des clés de déchiffrement des données qu'il détient. Cela permet d'éviter qu'un employé malhonnête ne divulgue les données auxquelles il a accès ou qu'un adversaire distant ne divulgue les données qu'il a volées en obtenant un accès non autorisé au serveur. @@ -428,28 +455,28 @@ Les serveurs de courrier électronique traitent un grand nombre de données trè - Des enregistrements [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) valides. - Des enregistrements [SPF](https://fr.wikipedia.org/wiki/Sender_Policy_Framework) et [DKIM](https://fr.wikipedia.org/wiki/DomainKeys_Identified_Mail) valides. - Disposer d'un enregistrement et d'une politique [DMARC](https://fr.wikipedia.org/wiki/DMARC) appropriés ou utiliser [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) pour l'authentification. Si l'authentification DMARC est utilisée, la politique doit être définie comme suit : `reject` ou `quarantine`. -- Une préférence pour les serveurs avec TLS 1.2 ou plus et un plan pour [retirer TLSv1.0 et TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- Une préférence pour une suite de serveur TLS 1.2 ou plus récente et un plan pour [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - Une soumission [SMTPS](https://en.wikipedia.org/wiki/SMTPS), en supposant que le SMTP est utilisé. - Des normes de sécurité des sites web telles que : - - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) + - [HTTP Strict Transport Security](https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - Une [Intégrité des sous-ressources](https://en.wikipedia.org/wiki/Subresource_Integrity) si des éléments sont chargés depuis des domaines externes. -- Doit prendre en charge l'affichage des [en-têtes de message](https://en.wikipedia.org/wiki/Email#Message_header), car il s'agit d'une fonction d'analyse scientifique essentielle pour déterminer si un e-mail est une tentative de hammeçonnage. +- Doit prendre en charge l'affichage des [en-têtes de message](https://en.wikipedia.org/wiki/Email#Message_header), car il s'agit d'une fonction d'analyse scientifique essentielle pour déterminer si un email est une tentative de hammeçonnage. **Dans le meilleur des cas :** -- Prise en charge de l'authentification matérielle, à savoir Prise en charge de l'authentification matérielle, à savoir U2F et [WebAuthn](https://fr.wikipedia.org/wiki/WebAuthn). U2F et WebAuthn sont plus sûrs car ils utilisent une clé privée stockée sur un dispositif matériel côté client pour authentifier les personnes, par opposition à un secret partagé qui est stocké sur le serveur web et côté client lors de l'utilisation de TOTP. De plus, U2F et WebAuthn sont plus résistants au phishing car leur réponse d'authentification est basée sur le [nom de domaine](https://fr.wikipedia.org/wiki/Nom_de_domaine) authentifié. +- Prise en charge de l'authentification matérielle, à savoir U2F et [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F et WebAuthn sont plus sûrs car ils utilisent une clé privée stockée sur un dispositif matériel côté client pour authentifier les personnes, par opposition à un secret partagé qui est stocké sur le serveur web et côté client lors de l'utilisation de TOTP. De plus, U2F et WebAuthn sont plus résistants au phishing car leur réponse d'authentification est basée sur le [nom de domaine](https://en.wikipedia.org/wiki/Domain_name) authentifié. - Un [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) en plus de la prise en charge de DANE. - Prise en charge de [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), utile pour les personnes qui publient sur des listes de diffusion [RFC8617](https://tools.ietf.org/html/rfc8617). - Des programmes de primes aux bugs et/ou un processus coordonné de divulgation des vulnérabilités. - Des normes de sécurité des sites web telles que : - - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [Content Security Policy (CSP)](https://fr.wikipedia.org/wiki/Content_Security_Policy) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Confiance -Vous ne confieriez pas vos finances à une personne ayant une fausse identité, alors pourquoi lui confier vos e-mails ? Nous exigeons de nos fournisseurs recommandés qu'ils rendent public leur propriété ou leur direction. Nous aimerions également voir des rapports de transparence fréquents, notamment en ce qui concerne la manière dont les demandes de gouvernement sont traitées. +Vous ne confieriez pas vos finances à une personne ayant une fausse identité, alors pourquoi lui confier vos emails ? Nous exigeons de nos fournisseurs recommandés qu'ils rendent public leur propriété ou leur direction. Nous aimerions également voir des rapports de transparence fréquents, notamment en ce qui concerne la manière dont les demandes de gouvernement sont traitées. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Une direction ou un propriétaire public. @@ -460,9 +487,9 @@ Vous ne confieriez pas vos finances à une personne ayant une fausse identité, ### Marketing -Avec les fournisseurs de courrier électronique que nous recommandons, nous aimons voir un marketing responsable. +Avec les fournisseurs d'email que nous recommandons, nous aimons voir un marketing responsable. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Doit héberger lui-même ses outils d'analyse de traffic (pas de Google Analytics, Adobe Analytics, etc.). Le site du fournisseur doit également se conformer à [DNT (Do Not Track)](https://fr.wikipedia.org/wiki/Do_Not_Track) pour ceux qui souhaitent refuser. @@ -472,14 +499,12 @@ Ne doit pas avoir de marketing irresponsable : - Garantir la protection de l'anonymat à 100%. Lorsque quelqu'un prétend que quelque chose est à 100%, cela signifie qu'il n'y a aucune certitude d'échec. Nous savons que les gens peuvent assez facilement se désanonymiser de plusieurs façons, par exemple : - Réutiliser des informations personnelles (comptes de messagerie, pseudonymes uniques, etc.) auxquelles ils ont eu accès sans logiciel d'anonymat (Tor, VPN, etc.). -- [Empreinte digitale des navigateurs](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- [Empreinte numérique des navigateurs](https://fr.wikipedia.org/wiki/Empreinte_digitale_d%27appareil) **Dans le meilleur des cas :** -- Une documentation claire et facile à lire. Notamment pour la mise en place du 2FA, des clients de messagerie, d'OpenPGP, etc. +- Une documentation claire et facile à lire. Notamment pour la mise en place du 2FA, des clients d'email tiers, d'OpenPGP, etc. -### Fonctionnalités Supplémentaires +### Fonctionnalités supplémentaires Bien qu'il ne s'agisse pas d'exigences strictes, nous avons pris en compte d'autres facteurs liés à la commodité ou à la confidentialité pour déterminer les fournisseurs à recommander. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/encryption.md b/i18n/fr/encryption.md index b7ca5f860..279134815 100644 --- a/i18n/fr/encryption.md +++ b/i18n/fr/encryption.md @@ -1,9 +1,10 @@ --- title: "Logiciels de chiffrement" icon: material/file-lock +description: Le chiffrement des données est le seul moyen de contrôler qui peut y accéder. Ces outils vous permettent de chiffrer vos emails et tout autre fichier. --- -Le chiffrement des données est le seul moyen de contrôler de qui peut y accéder. Si vous n'utilisez pas actuellement de logiciel de chiffrement pour votre disque dur, vos e-mails ou vos fichiers, vous devriez choisir une option ici. +Le chiffrement des données est le seul moyen de contrôler qui peut y accéder. Si vous n'utilisez pas actuellement de logiciel de chiffrement pour votre disque dur, vos e-mails ou vos fichiers, vous devriez choisir une option ici. ## Multi-plateforme @@ -353,5 +354,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Les applications de chiffrement du système d'exploitation (FDE) devraient utiliser une sécurité matérielle telle qu'un TPM ou Secure Enclave. - Les applications de chiffrement de fichiers doivent bénéficier d'une prise en charge native ou tierce pour les plateformes mobiles. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/file-sharing.md b/i18n/fr/file-sharing.md index 23c93be78..35afc507f 100644 --- a/i18n/fr/file-sharing.md +++ b/i18n/fr/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Partage et synchronisation de fichiers" icon: material/share-variant +description: Découvrez comment partager vos fichiers en toute confidentialité entre vos appareils, avec vos amis et votre famille, ou de manière anonyme en ligne. --- Découvrez comment partager vos fichiers en toute confidentialité entre vos appareils, avec vos amis et votre famille, ou de manière anonyme en ligne. @@ -144,5 +145,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Dispose de clients mobiles pour iOS et Android, qui permettent au moins de prévisualiser les documents. - Prend en charge la sauvegarde des photos à partir d'iOS et d'Android et, en option, la synchronisation des fichiers/dossiers sur Android. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/financial-services.md b/i18n/fr/financial-services.md new file mode 100644 index 000000000..cd0982afb --- /dev/null +++ b/i18n/fr/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Services financiers +icon: material/bank +--- + +Effectuer des paiements en ligne est l'un des plus grands défis en matière de protection de la vie privée. Ces services peuvent vous aider à protéger votre vie privée contre les marchands et autres traqueurs, à condition que vous ayez une bonne compréhension de la façon d'effectuer des paiements privés de manière efficace. Nous vous encourageons vivement à lire notre article sur les paiements avant d'effectuer tout achat : + +[Effectuer des paiements privés :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Services de masquage des paiements + +Il existe un certain nombre de services qui fournissent des "cartes de débit virtuelles" que vous pouvez utiliser avec les commerçants en ligne sans révéler vos informations bancaires ou de facturation réelles dans la plupart des cas. Il est important de noter que ces services financiers ne sont **pas** anonymes et qu'ils sont soumis aux lois relatives à la connaissance du client (KYC) et peuvent nécessiter une pièce d'identité ou d'autres informations d'identification. Ces services sont principalement utiles pour vous protéger contre les fuites de données des commerçants, le pistage peu sophistiqué ou la corrélation des achats par les agences de marketing, et le vol de données en ligne ; et **non pas** pour effectuer un achat de manière totalement anonyme. + +!!! tip "Vérifiez votre banque" + + De nombreuses banques et fournisseurs de cartes de crédit proposent une fonctionnalité native de carte virtuelle. Si vous en utilisez une qui offre déjà cette option, vous devriez, dans la plupart des cas, l'utiliser plutôt que de suivre les recommandations suivantes. De cette manière, vous ne confiez pas vos informations personnelles à plusieurs personnes. + +### Privacy.com (États-Unis) + +!!! recommendation + + ![logo Privacy.com](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![logo Privacy.com](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + L'offre gratuite de **Privacy.com** vous permet de créer jusqu'à 12 cartes virtuelles par mois, de fixer des limites de dépenses pour ces cartes et de les arrêter instantanément. Son offre payante vous permet de créer jusqu'à 36 cartes par mois, d'obtenir 1 % de remise en argent sur vos achats et de masquer les informations relatives aux transactions à votre banque. + + [:octicons-home-16: Page d'accueil](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com transmet par défaut à votre banque des informations sur les commerçants auprès desquels vous effectuez des achats. La fonction payante "marchands discrets" cache les informations relatives aux marchands à votre banque, de sorte que votre banque voit seulement qu'un achat a été effectué auprès de Privacy.com, mais pas où l'argent a été dépensé, mais ce n'est pas infaillible et, bien sûr, Privacy.com a toujours connaissance des marchands auprès desquels vous dépensez de l'argent. + +### MySudo (États-Unis, payant) + +!!! recommendation + + ![logo MySudo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![logo MySudo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** fournit jusqu'à 9 cartes virtuelles en fonction de l'offre que vous prenez. Leurs offres payantes comprennent en outre des fonctionnalités qui peuvent être utiles pour effectuer des achats de façon privée, telles que des numéros de téléphone et des adresses email virtuels, bien que nous recommandions généralement d'autres [fournisseurs d'alias d'email](email.md) pour une utilisation plus poussée des alias d'email. + + [:octicons-home-16: Page d'accueil](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Critères + +**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous. + +!!! example "Cette section est récente" + + Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours. + +- Permet de créer plusieurs cartes qui servent de bouclier entre le commerçant et vos finances personnelles. +- Les cartes ne doivent pas vous obliger à fournir au commerçant des informations exactes sur l'adresse de facturation. + +## Marchés de cartes-cadeaux + +Ces services vous permettent d'acheter des cartes-cadeaux pour une variété de marchands en ligne avec de la [crypto-monnaie](cryptocurrency.md). Certains de ces services proposent des options de vérification d'identité pour des limites plus élevées, mais ils permettent également d'ouvrir des comptes avec une simple adresse email. Les limites de base commencent généralement à 5 000 - 10 000 $ par jour pour les comptes de base, et des limites nettement plus élevées sont proposées pour les comptes à identité vérifiée (le cas échéant). + +### Cake Pay + +!!! recommendation + + ![Logo CakePay](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** vous permet d'acheter des cartes-cadeaux et des produits connexes avec du Monero. Les achats auprès de commerçants américains sont disponibles dans l'application mobile Cake Wallet, tandis que l'application web Cake Pay comprend une large sélection de commerçants internationaux. + + [:octicons-home-16: Page d'accueil](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![Logo CakePay](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (disponible aux États-Unis, au Canada et au Royaume-Uni) vous permet d'acheter des cartes-cadeaux auprès d'un grand nombre de commerçants. + + [:octicons-home-16: Page d'accueil](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Critères + +**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous. + +!!! example "Cette section est récente" + + Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours. + +- Accepte les paiements dans [une crypto-monnaie recommandée](cryptocurrency.md). +- Pas d'obligation d'identification. diff --git a/i18n/fr/frontends.md b/i18n/fr/frontends.md index 98d9e33bb..1e24dce26 100644 --- a/i18n/fr/frontends.md +++ b/i18n/fr/frontends.md @@ -1,6 +1,7 @@ --- title: "Clients applicatifs" icon: material/flip-to-front +description: Ces clients applicatifs open source pour divers services internet vous permettent d'accéder au contenu sans JavaScript ou d'autres inconvénients. --- Parfois, des services tentent de vous obliger à créer un compte en bloquant l'accès au contenu par des fenêtres pop-up gênantes. Ils peuvent également ne pas fonctionner sans JavaScript activé. Ces interfaces client peuvent vous permettre de contourner ces restrictions. @@ -264,5 +265,3 @@ Clients recommandés... Nous ne prenons en compte que les clients des sites web qui sont... - Normalement non accessible sans JavaScript. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/index.md b/i18n/fr/index.md index 4da48675f..bd62f85d1 100644 --- a/i18n/fr/index.md +++ b/i18n/fr/index.md @@ -40,5 +40,3 @@ Essayer de protéger toutes vos données contre tout le monde, tout le temps, es [:material-hand-coin-outline:](about/donate.md){ title="Soutenir le projet" } Il est important pour un site web comme Privacy Guides de toujours rester à jour. Nous avons besoin que notre public garde un œil sur les mises à jour logicielles des applications répertoriées sur notre site et suive l'actualité récente des fournisseurs que nous recommandons. Internet évolue à une vitesse telle, qu'il est difficile de suivre le rythme, mais nous faisons de notre mieux. Si vous repérez une erreur, que vous pensez qu'un fournisseur ne devrait pas figurer dans la liste, remarquez l'absence d'un fournisseur qualifié, pensez qu'un plugin de navigateur n'est plus le meilleur choix ou si vous découvrez tout autre problème, veuillez nous en informer. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/kb-archive.md b/i18n/fr/kb-archive.md index 7e0712064..a5e91e879 100644 --- a/i18n/fr/kb-archive.md +++ b/i18n/fr/kb-archive.md @@ -1,6 +1,7 @@ --- title: Archives icon: material/archive +description: Certaines pages qui se trouvaient auparavant dans notre base de connaissances peuvent désormais être consultées sur notre blog. --- # Pages déplacées vers le blog @@ -14,5 +15,3 @@ Certaines pages qui se trouvaient auparavant dans notre base de connaissances pe - [Effacement sécurisé des données](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Intégration de la suppression des métadonnées](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [Guide de configuration iOS](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/meta/brand.md b/i18n/fr/meta/brand.md index 898a9fc05..9b1297725 100644 --- a/i18n/fr/meta/brand.md +++ b/i18n/fr/meta/brand.md @@ -1,8 +1,8 @@ --- -title: Branding Guidelines +title: Consignes relatives à la marque --- -The name of the website is **Privacy Guides** and should **not** be changed to: +Le nom du site web est **Privacy Guides** et ne devrait **pas** être changé en :
- PrivacyGuides @@ -11,14 +11,12 @@ The name of the website is **Privacy Guides** and should **not** be changed to: - PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. +Le nom du subreddit est **r/PrivacyGuides** ou **the Privacy Guides Subreddit**. -Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) +D'autres directives relatives à l'image de marque sont disponibles à l'adresse [github.com/privacyguides/brand](https://github.com/privacyguides/brand) -## Trademark +## Marque déposée -"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. +"Privacy Guides" et le logo du bouclier sont des marques déposées appartenant à Jonah Aragon, l'utilisation illimitée est accordée au projet Privacy Guides. -Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.fr.txt" +Sans renoncer à aucun de ses droits, Privacy Guides ne conseille pas les autres sur l'étendue de ses droits de propriété intellectuelle. Privacy Guides ne permet ni ne consent à aucune utilisation de ses marques déposées d'une manière qui est susceptible de causer une confusion en impliquant une association avec ou un parrainage par Privacy Guides. Si vous avez connaissance d'une telle utilisation, veuillez contacter Jonah Aragon à l'adresse jonah@privacyguides.org. Consultez votre conseiller juridique si vous avez des questions. diff --git a/i18n/fr/meta/git-recommendations.md b/i18n/fr/meta/git-recommendations.md index 68a5f9fb0..93590d9ca 100644 --- a/i18n/fr/meta/git-recommendations.md +++ b/i18n/fr/meta/git-recommendations.md @@ -1,48 +1,46 @@ --- -title: Git Recommendations +title: Recommandations Git --- -If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. +Si vous apportez des modifications à ce site web directement sur l'éditeur web de GitHub.com, vous ne devriez pas avoir à vous en soucier. Si vous développez localement et/ou êtes un éditeur du site web à long terme (qui devrait probablement développer localement !), tenez compte de ces recommandations. -## Enable SSH Key Commit Signing +## Activer la signature de commit par clé SSH -You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). +Vous pouvez utiliser une clé SSH existante pour la signature, ou [en créer une nouvelle](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). -1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo): +1. Configurez votre client Git pour signer les commits et les tags par défaut (supprimez `--global` pour ne signer par défaut que pour ce dépôt) : ``` git config --global commit.gpgsign true git config --global gpg.format ssh git config --global tag.gpgSign true ``` -2. Copy your SSH public key to your clipboard, for example: +2. Copiez votre clé publique SSH dans votre presse-papiers, par exemple : ``` pbcopy < ~/.ssh/id_ed25519.pub # Copies the contents of the id_ed25519.pub file to your clipboard ``` -3. Set your SSH key for signing in Git with the following command, replacing the last string in quotes with the public key in your clipboard: +3. Définissez votre clé SSH pour la signature dans Git avec la commande suivante, en remplaçant la dernière chaîne entre guillemets par la clé publique dans votre presse-papiers : ``` git config --global user.signingkey 'ssh-ed25519 AAAAC3(...) user@example.com' ``` -Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key). +Assurez-vous que vous [ajoutez votre clé SSH à votre compte GitHub](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **en tant que clé de signature** (par opposition ou en plus qu'en tant que clé d'authentification). ## Rebase on Git pull -Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo). +Utilisez `git pull --rebase` au lieu de `git pull` pour transférer les modifications de GitHub vers votre machine locale. De cette façon, vos modifications locales seront toujours "au dessus" des dernières modifications sur GitHub, et vous évitez les commits de merge (qui sont interdits dans ce dépôt). -You can set this to be the default behavior: +Vous pouvez définir cette option comme étant le comportement par défaut : ``` git config --global pull.rebase true ``` -## Rebase from `main` before submitting a PR +## Rebase depuis `main` avant de soumettre une PR -If you are working on your own branch, run these commands before submitting a PR: +Si vous travaillez sur votre propre branche, exécutez ces commandes avant de soumettre une PR : ``` git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/meta/uploading-images.md b/i18n/fr/meta/uploading-images.md index f219f108c..fa2bf8992 100644 --- a/i18n/fr/meta/uploading-images.md +++ b/i18n/fr/meta/uploading-images.md @@ -1,23 +1,23 @@ --- -title: Uploading Images +title: Envoi d'images --- -Here are a couple of general rules for contributing to Privacy Guides: +Voici quelques règles générales pour contribuer à Privacy Guides : ## Images -- We **prefer** SVG images, but if those do not exist we can use PNG images +- Nous **préférons** des images SVG, mais si celles-ci n'existent pas, nous pouvons utiliser des images PNG -Company logos have canvas size of: +Les logos d'entreprise ont une taille canvas de : - 128x128px - 384x128px -## Optimization +## Optimisation ### PNG -Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image: +Utilisez le logiciel [OptiPNG](https://sourceforge.net/projects/optipng/) pour optimiser l'image PNG : ```bash optipng -o7 file.png @@ -27,51 +27,51 @@ optipng -o7 file.png #### Inkscape -[Scour](https://github.com/scour-project/scour) all SVG images. +[Scour](https://github.com/scour-project/scour) toutes les images SVG. -In Inkscape: +Dans Inkscape : -1. File Save As.. -2. Set type to Optimized SVG (*.svg) +1. Fichier Enregistrer sous.. +2. Définir le type à SVG optimisé (*.svg) -In the **Options** tab: +Dans l'onglet **Options** : -- **Number of significant digits for coordinates** > **5** -- [x] Turn on **Shorten color values** -- [x] Turn on **Convert CSS attributes to XML attributes** -- [x] Turn on **Collapse groups** -- [x] Turn on **Create groups for similar attributes** -- [ ] Turn off **Keep editor data** -- [ ] Turn off **Keep unreferenced definitions** -- [x] Turn on **Work around renderer bugs** +- **Nombre de chiffres significatifs pour les coordonnées** > **5** +- [x] Activez **Raccourcir les valeurs de couleur** +- [x] Activez **Convertir les attributs CSS en attributs XML** +- [x] Activez **Réduire les groupes** +- [x] Activez **Créer des groupes pour des attributs similaires** +- [ ] Désactivez **Conserver les données de l'éditeur** +- [ ] Désactivez **Conserver les définitions non référencées** +- [x] Activez **Contourner les bugs du moteur de rendu** -In the **SVG Output** tab under **Document options**: +Dans l'onglet **Sortie SVG** sous **Options du document** : -- [ ] Turn off **Remove the XML declaration** -- [x] Turn on **Remove metadata** -- [x] Turn on **Remove comments** -- [x] Turn on **Embeded raster images** -- [x] Turn on **Enable viewboxing** +- [ ] Désactivez **Supprimer la déclaration XML** +- [x] Activez **Supprimer les métadonnées** +- [x] Activez **Supprimer les commentaires** +- [x] Activez **Images matricielles incorporées** +- [x] Activez **Activer le viewboxing** -In the **SVG Output** under **Pretty-printing**: +Dans le document **Sortie SVG** sous **Pretty-printing** : -- [ ] Turn off **Format output with line-breaks and indentation** -- **Indentation characters** > Select **Space** -- **Depth of indentation** > **1** -- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element** +- [ ] Désactivez **Formatage de la sortie avec sauts de ligne et indentation** +- **Caractères d'indentation** > Sélectionnez **Espace** +- **Profondeur de l'indentation** > **1** +- [ ] Désactivez **Supprimer l'attribut "xml:space" de l'élément SVG racine** -In the **IDs** tab: +Dans l'onglet **identifiants** : -- [x] Turn on **Remove unused IDs** -- [ ] Turn off **Shorten IDs** -- **Prefix shortened IDs with** > `leave blank` -- [x] Turn on **Preserve manually created IDs not ending with digits** -- **Preserve the following IDs** > `leave blank` -- **Preserve IDs starting with** > `leave blank` +- [x] Activez **Supprimer les identifiants inutilisés** +- [ ] Désactivez **Raccourcir les identifiants** +- **Préfixer les identifiants raccourcis avec** > `leave blank` +- [x] Activez **Préserver les identifiants créés manuellement ne se terminant pas par des chiffres** +- **Conserver les identifiants suivants** > `leave blank` +- **Préserver les identifiants commençant par** > `leave blank` -#### CLI +#### Invite de commande -The same can be achieved with the [Scour](https://github.com/scour-project/scour) command: +La même chose peut être réalisée avec la commande [Scour](https://github.com/scour-project/scour) : ```bash scour --set-precision=5 \ @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/meta/writing-style.md b/i18n/fr/meta/writing-style.md index b41434222..949175c45 100644 --- a/i18n/fr/meta/writing-style.md +++ b/i18n/fr/meta/writing-style.md @@ -1,89 +1,87 @@ --- -title: Writing Style +title: Style d'écriture --- -Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt. +Privacy Guides est rédigé en anglais américain, et vous devez vous référer aux directives de [style APA](https://apastyle.apa.org/style-grammar-guidelines/grammar) en cas de doute. -In general the [United States federal plain language guidelines](https://www.plainlanguage.gov/guidelines/) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below. +En général, les [directives fédérales américaines en matière de langage clair](https://www.plainlanguage.gov/guidelines/) fournissent un bon aperçu de la manière d'écrire de façon claire et concise. Nous soulignons ci-dessous quelques notes importantes de ces directives. -## Writing for our audience +## Écrire pour notre public -Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. +Le [public](https://www.plainlanguage.gov/guidelines/audience/) visé par Privacy Guides est principalement constitué d'adultes moyens, utilisant la technologie. Ne simplifiez pas le contenu comme si vous vous adressiez à une classe d'école primaire, mais n'abusez pas d'une terminologie compliquée concernant des concepts que l'utilisateur moyen d'un ordinateur ne connaît pas. -### Address only what people want to know +### N'aborder que ce que les gens veulent savoir -People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details. +Les gens n'ont pas besoin d'articles trop complexes et peu pertinents pour eux. Déterminez ce que vous voulez que les gens accomplissent en écrivant un article, et n'incluez que ces détails. -> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.” +> Expliquez à votre public pourquoi le contenu est important pour lui. Dites : "Si vous voulez une bourse de recherche, voici ce que vous devez faire." Ou, "Si vous voulez exploiter le charbon fédéral, voici ce que vous devez savoir." Ou, "Si vous prévoyez un voyage au Rwanda, lisez ça d'abord." -### Address people directly +### S'adresser directement aux gens -We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly. +Nous écrivons *pour* une grande variété de personnes, mais nous écrivons *à* la personne qui le lit. Utilisez le "vous" pour vous adresser directement au lecteur. -> More than any other single technique, using “you” pulls users into the information and makes it relevant to them. +> Plus que toute autre technique, l'utilisation du "vous" attire les utilisateurs vers l'information et la rend pertinente pour eux. > -> When you use “you” to address users, they are more likely to understand what their responsibility is. +> Lorsque vous utilisez le "vous" pour vous adresser aux utilisateurs, ceux-ci sont plus susceptibles de comprendre quelle est leur responsabilité. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) -### Avoid "users" +### Évitez les "utilisateurs" -Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for. +Évitez d'appeler les gens "utilisateurs", en faveur de "personnes", ou d'une description plus spécifique du groupe de personnes pour lequel vous écrivez. -## Organizing content +## Organiser le contenu -Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. +L'organisation est clé. Le contenu doit aller de l'information la plus importante à l'information la moins importante, et utiliser les en-têtes autant que nécessaire pour séparer logiquement les différentes idées. -- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages. -- Mark important ideas with **bold** or *italics*. +- Limitez le document à environ cinq ou six sections. Les documents longs devraient probablement être divisés en pages séparées. +- Marquez les idées importantes avec **du gras** ou *de l'italique*. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) -### Begin with a topic sentence +### Commencez par une phrase sujet -> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details. +> Si vous indiquez à votre lecteur le sujet qu'il va lire, il est moins susceptible de devoir relire votre paragraphe. Les titres sont utiles, mais ils ne suffisent pas. Établissez un contexte pour votre public avant de lui fournir les détails. > -> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. +> Nous écrivons souvent de la même manière que nous pensons, en mettant nos prémisses en premier et ensuite notre conclusion. C'est peut-être la façon naturelle de développer des pensées, mais nous nous retrouvons avec la phrase sujet à la fin du paragraphe. Déplacez-la au début et laissez les utilisateurs savoir où vous allez. N'obligez pas les lecteurs à retenir un grand nombre d'informations dans leur tête avant d'en venir au fait. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) -## Choose your words carefully +## Choisissez vos mots avec soin -> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. +> Les mots sont importants. Ils constituent les éléments de base de la communication écrite et orale. Ne compliquez pas les choses en utilisant du jargon, des termes techniques ou des abréviations que les gens ne comprendront pas. -We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly. +Nous devrions essayer d'éviter les abréviations dans la mesure du possible, mais la technologie est pleine d'abréviations. En général, il faut épeler l'abréviation/acronyme la première fois qu'elle est utilisée sur une page, et l'ajouter au fichier du glossaire des abréviations lorsqu'elle est utilisée à plusieurs reprises. -> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: +> Kathy McGinty propose des instructions ironiques pour étoffer vos phrases simples et directes : > -> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends. +> > On ne peut échapper au fait qu'il est considéré comme très important de noter qu'un certain nombre d'études disponibles applicables ont ipso facto généralement identifié le fait que des emplois nocturnes supplémentaires appropriés pourraient généralement empêcher les adolescents mineurs de circuler sur les voies publiques pendant les heures de nuit, y compris, mais sans s'y limiter, avant minuit les soirs de semaine et/ou 2 heures du matin. Les week-ends. > -> And the original, using stronger, simpler words: +> Et l'original, en utilisant des mots plus forts et plus simples : > -> > More night jobs would keep youths off the streets. +> > La multiplication des emplois de nuit éloignerait les jeunes de la rue. -## Be concise +## Soyez concis -> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective. +> Les mots inutiles font perdre du temps à votre public. Une bonne écriture est comme une conversation. Omettez les informations que le public n'a pas besoin de connaître. Cela peut s'avérer difficile pour un expert en la matière. Il est donc important que quelqu'un examine les informations du point de vue du public. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) -## Keep text conversational +## Garder le texte conversationnel -> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting. +> Les verbes sont le carburant de l'écriture. Ils donnent à vos phrases un pouvoir et une direction. Ils animent vos écrits et les rendent plus intéressants. > -> Verbs tell your audience what to do. Make sure it’s clear who does what. +> Les verbes indiquent à votre public ce qu'il doit faire. Ils veillent à ce que la répartition des tâches soit claire. -### Use active voice +### Utilisez la voix active -> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.” +> La voix active indique clairement qui est censé faire quoi. Il élimine toute ambiguïté quant aux responsabilités. Pas "Il faut le faire", mais "Vous devez le faire" -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) -### Use "must" for requirements +### Utilisez "doit" pour les exigences -> - “must” for an obligation -> - “must not” for a prohibition -> - “may” for a discretionary action -> - “should” for a recommendation - ---8<-- "includes/abbreviations.fr.txt" +> - "doit" pour une obligation +> - "ne doit pas" pour une interdiction +> - "peut" pour une action discrétionnaire +> - "devrait" pour une recommandation diff --git a/i18n/fr/mobile-browsers.md b/i18n/fr/mobile-browsers.md index 247af1e0b..275fcb3f7 100644 --- a/i18n/fr/mobile-browsers.md +++ b/i18n/fr/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Navigateurs mobiles" icon: material/cellphone-information +description: Ces navigateurs sont ceux que nous recommandons actuellement pour la navigation internet standard/non anonyme sur votre téléphone. --- Il s'agit des navigateurs web mobiles et des configurations que nous recommandons actuellement. Si vous avez besoin de naviguer anonymement sur Internet, vous devriez plutôt utiliser [Tor](tor.md). D'une manière générale, nous vous recommandons de limiter au maximum les extensions ; elles ont un accès privilégié dans votre navigateur, vous obligent à faire confiance au développeur, peuvent vous faire sortir du lot [](https://fr.wikipedia.org/wiki/Empreinte_digitale_d%27appareil), et [affaiblissent l'isolation du site](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) . @@ -189,5 +190,3 @@ Les listes de filtres supplémentaires ralentissent la navigation et peuvent aug - Ne doit pas dupliquer une fonctionnalité intégrée dans le navigateur ou dans le système d'exploitation. - Doit avoir un impact direct sur la vie privée des utilisateurs, c'est-à-dire qu'il ne doit pas simplement fournir des informations. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/multi-factor-authentication.md b/i18n/fr/multi-factor-authentication.md index 13cf896cd..ec7754710 100644 --- a/i18n/fr/multi-factor-authentication.md +++ b/i18n/fr/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Outils d'authentification multi-facteurs" icon: 'material/two-factor-authentication' +description: Ces outils vous aident à sécuriser vos comptes internet grâce à l'authentification multifactorielle sans transmettre vos secrets à un tiers. --- ## Clés de sécurité matérielles @@ -140,5 +141,3 @@ Nous vous recommandons vivement d'utiliser des applications TOTP mobiles plutôt - Ne doit pas nécessiter de connexion à internet. - Ne doit pas se synchroniser avec un service tiers de synchronisation/sauvegarde cloud. - La prise en charge **facultative** de la synchronisation E2EE avec des outils natifs du système d'exploitation est acceptable, par exemple la synchronisation chiffrée via iCloud. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/news-aggregators.md b/i18n/fr/news-aggregators.md index ec5f41206..ecbf72c69 100644 --- a/i18n/fr/news-aggregators.md +++ b/i18n/fr/news-aggregators.md @@ -1,6 +1,7 @@ --- title: "Agrégateurs d'actualités" icon: material/rss +description: Ces clients agrégateurs d'actualités vous permettent de suivre vos blogs et sites d'information préférés en utilisant des normes internet telles que RSS. --- Un [agrégateur d'actualités](https://en.wikipedia.org/wiki/News_aggregator) est un moyen de suivre vos blogs et sites d'actualités préférés. @@ -169,5 +170,3 @@ Vous pouvez vous abonner aux chaînes YouTube sans vous connecter et sans associ ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/notebooks.md b/i18n/fr/notebooks.md index 553be8ccb..a3ef7a228 100644 --- a/i18n/fr/notebooks.md +++ b/i18n/fr/notebooks.md @@ -1,6 +1,7 @@ --- title: "Bloc-notes" icon: material/notebook-edit-outline +description: Ces applications de prise de notes chiffrées vous permettent de garder une trace de vos notes sans les transmettre à un tiers. --- Gardez une trace de vos notes et de vos journaux sans les donner à un tiers. @@ -111,5 +112,3 @@ Cryptee offre 100 Mo de stockage gratuit, avec des options payantes si vous avez - La fonctionnalité de sauvegarde/synchronisation locale doit prendre en charge le chiffrement. - Les plateformes basées sur le cloud doivent permettre le partage de documents. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/os/android-overview.md b/i18n/fr/os/android-overview.md index ddd6a9521..39605b621 100644 --- a/i18n/fr/os/android-overview.md +++ b/i18n/fr/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Introduction à Android icon: simple/android +description: Android est un système d'exploitation open source doté de solides protections de sécurité, ce qui en fait notre premier choix pour les téléphones. --- Android est un système d'exploitation sécurisé qui dispose d'un [sandboxing](https://source.android.com/security/app-sandbox) solide, du [Démarrage Vérifié](https://source.android.com/security/verifiedboot) (AVB), et d'un système de contrôle des [autorisations](https://developer.android.com/guide/topics/permissions/overview) robuste. @@ -53,9 +54,44 @@ Il est important de ne pas utiliser une version d'Android [en fin de vie](https: ## Autorisations d'Android -Les [autorisations sur Android](https://developer.android.com/guide/topics/permissions/overview) vous permettent de contrôler ce que les applications ont le droit d'accéder. Google apporte régulièrement des [améliorations](https://developer.android.com/about/versions/11/privacy/permissions) sur le système d'autorisations à chaque nouvelle version d'Android. Toutes les applications que vous installez sont strictement [isolées](https://source.android.com/security/app-sandbox), il n'est donc pas nécessaire d'installer des applications antivirus. Un smartphone avec la dernière version d'Android sera toujours plus sécurisé qu'un ancien smartphone muni d'un antivirus que vous aurez payé. Il est plutôt conseillé de ne pas payer pour ces antivirus et d'économiser pour acheter un smartphone neuf tel qu'un Google Pixel. +Les [autorisations sur Android](https://developer.android.com/guide/topics/permissions/overview) vous permettent de contrôler ce que les applications ont le droit d'accéder. Google apporte régulièrement des [améliorations](https://developer.android.com/about/versions/11/privacy/permissions) sur le système d'autorisations à chaque nouvelle version d'Android. Toutes les applications que vous installez sont strictement [isolées](https://source.android.com/security/app-sandbox), il n'est donc pas nécessaire d'installer des applications antivirus. -Si vous souhaitez utiliser une application dont vous n'êtes pas sûr, envisagez d'utiliser un profil utilisateur ou professionnel. +Un smartphone équipé de la dernière version d'Android sera toujours plus sûr qu'un vieux smartphone équipé d'un antivirus que vous avez payé. Il est préférable de ne pas payer pour un logiciel antivirus et d'économiser pour acheter un nouveau smartphone, comme un Google Pixel. + +Android 10 : + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) vous donne plus de contrôle sur vos fichiers et peut limiter ce qui peut [accéder au stockage externe](https://developer.android.com/training/data-storage?hl=fr#permissions). Les applications peuvent avoir un répertoire spécifique dans le stockage externe ainsi que la possibilité d'y stocker des types de médias spécifiques. +- Un acès plus strict à l'emplacement du dispositif [](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) en introduisant la permission `ACCESS_BACKGROUND_LOCATION` . Cela empêche les applications d'accéder à l'emplacement lorsqu'elles fonctionnent en arrière-plan sans l'autorisation expresse de l'utilisateur. + +Android 11 : + +- [Permissions uniques](https://developer.android.com/about/versions/11/privacy/permissions#one-time) qui vous permet d'accorder une permission à une application une seule fois. +- [Réinitialisation automatique des autorisations](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), qui réinitialise [les autorisations d'exécution](https://developer.android.com/guide/topics/permissions/overview#runtime) accordées lors de l'ouverture de l'application. +- Autorisations granulaires pour accéder aux fonctions liées au numéro de téléphone [](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers). + +Android 12 : + +- Une permission d'accorder uniquement l'emplacement approximatif [](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Réinitialisation automatique des [applications en hibernation](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Audit de l'accès aux données](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) qui permet de déterminer plus facilement quelle partie d'une application effectue un type spécifique d'accès aux données. + +Android 13 : + +- Une autorisation pour [un accès wifi à proximité](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). Les adresses MAC des points d'accès WiFi à proximité étaient un moyen populaire pour les applications de suivre la localisation d'un utilisateur. +- Plus d'[autorisations granulaires pour les médias](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), ce qui signifie que vous pouvez accorder l'accès uniquement aux images, aux vidéos ou aux fichiers audio. +- L'utilisation de capteurs en arrière-plan nécessite désormais l'autorisation [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) . + +Une application peut demander une autorisation pour une fonction spécifique qu'elle possède. Par exemple, toute application permettant de scanner des codes QR nécessitera l'autorisation de l'appareil photo. Certaines applications peuvent demander plus de permissions qu'elles n'en ont besoin. + +[Exodus](https://exodus-privacy.eu.org/fr//) peut être utile pour comparer des applications ayant des objectifs similaires. Si une application nécessite de nombreuses autorisations et comporte beaucoup de publicité et d'analyses, c'est probablement un mauvais signe. **Nous vous recommandons de regarder les trackers individuels et de lire leurs descriptions plutôt que de vous contenter de compter le total** et de supposer que tous les éléments énumérés sont égaux. + +!!! warning "Avertissement" + + Si une application est principalement un service web, le suivi peut se faire du côté du serveur. [Facebook](https://reports.exodus-privacy.eu.org/fr/reports/com.facebook.katana/latest/) n'affiche "aucun traceur" mais suit certainement les intérêts et le comportement des utilisateurs sur le site. Les applications peuvent échapper à la détection en n'utilisant pas les bibliothèques de code standard produites par le secteur de la publicité, bien que cela soit peu probable. + +!!! note "À noter" + + Les applications respectueuses de la vie privée telles que [Bitwarden](https://reports.exodus-privacy.eu.org/fr/reports/com.x8bit.bitwarden/latest/) peuvent afficher certains traceurs tels que [Google Firebase Analytics] (https://reports.exodus-privacy.eu.org/fr/trackers/49/). Cette bibliothèque comprend [Firebase Cloud Messaging] (https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) qui peut fournir des [notifications push] (https://fr.wikipedia.org/wiki/Server_push) dans les applications. C'est le cas (https://fosstodon.org/@bitwarden/109636825700482007) avec Bitwarden. Cela ne signifie pas que Bitwarden utilise toutes les fonctionnalités d'analyse fournies par Google Firebase Analytics. ## Accès aux médias @@ -131,5 +167,3 @@ Vous aurez la possibilité de supprimer votre identifiant publicitaire ou de *re [SafetyNet](https://developer.android.com/training/safetynet/attestation) et les [API Play Integrity](https://developer.android.com/google/play/integrity) sont généralement utilisés pour des [applications bancaires](https://grapheneos.org/usage#banking-apps). De nombreuses applications bancaires fonctionneront sans problème sur GrapheneOS avec les services Google Play en sandbox, mais certaines applications non financières ont leurs propres mécanismes anti-tampering rudimentaires qui peuvent échouer. GrapheneOS passe le contrôle `basicIntegrity`, mais pas le contrôle de certification `ctsProfileMatch`. Les appareils équipés d'Android 8 ou d'une version ultérieure sont dotés d'un système d'attestation matérielle qui ne peut être contourné qu'en cas de fuite de clés ou de vulnérabilité grave. Quant à Google Wallet, nous ne le recommandons pas en raison de sa [politique de confidentialité](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), qui stipule que vous devez manuellement refuser si vous ne voulez pas que votre note de crédit et vos informations personnelles soient partagées avec des services de marketing affilié. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/os/linux-overview.md b/i18n/fr/os/linux-overview.md index 1fde57f75..aa9fc776b 100644 --- a/i18n/fr/os/linux-overview.md +++ b/i18n/fr/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Introduction à Linux icon: simple/linux +description: Linux est un système d'exploitation de bureau alternatif open source, axé sur la protection de la vie privée, mais toutes les distributions ne sont pas créées égales. --- -On croit souvent que les logiciels [open-source](https://en.wikipedia.org/wiki/Open-source_software) sont intrinsèquement sûrs parce que le code source est disponible. On s'attend à ce que la vérification de la communauté ait lieu régulièrement ; cependant, ce n'est pas toujours [le cas](https://seirdy.one/posts/2022/02/02/floss-security/). Cela dépend d'un certain nombre de facteurs, tels que l'activité du projet, l'expérience du développeur, le niveau de rigueur appliqué aux [revues de code](https://en.wikipedia.org/wiki/Code_review), et la fréquence de l'attention accordée à certaines parties spécifiques du [codebase](https://en.wikipedia.org/wiki/Codebase) qui peuvent rester à l'abandon pendant des années. +On croit souvent que les logiciels [open source](https://en.wikipedia.org/wiki/Open-source_software) sont intrinsèquement sûrs parce que le code source est disponible. On s'attend à ce que la vérification de la communauté ait lieu régulièrement ; cependant, ce n'est pas toujours [le cas](https://seirdy.one/posts/2022/02/02/floss-security/). Cela dépend d'un certain nombre de facteurs, tels que l'activité du projet, l'expérience du développeur, le niveau de rigueur appliqué aux [revues de code](https://en.wikipedia.org/wiki/Code_review), et la fréquence de l'attention accordée à certaines parties spécifiques du [codebase](https://en.wikipedia.org/wiki/Codebase) qui peuvent rester à l'abandon pendant des années. À l'heure actuelle, les systèmes GNU/Linux de bureau ont certains domaines qui pourraient être améliorés par rapport à leurs homologues propriétaires, par exemple : @@ -139,5 +140,3 @@ Le projet Fedora [compte](https://fedoraproject.org/wiki/Changes/DNF_Better_Coun Cette [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) est actuellement désactivée par défaut. Nous recommandons d'ajouter `countme=false` à `/etc/dnf/dnf.conf` juste au cas où il serait activé dans le futur. Sur les systèmes qui utilisent `rpm-ostree` tels que Silverblue, l'option countme est désactivée en masquant le compteur [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/). openSUSE utilise également un [identifiant unique](https://en.opensuse.org/openSUSE:Statistics) pour compter les systèmes, qui peut être désactivé en supprimant le fichier `/var/lib/zypp/AnonymousUniqueId`. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/os/qubes-overview.md b/i18n/fr/os/qubes-overview.md index 5abc6712b..e9a260735 100644 --- a/i18n/fr/os/qubes-overview.md +++ b/i18n/fr/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction à Qubes" icon: simple/qubesos +description: Qubes est un système d'exploitation conçu pour isoler les applications au sein de machines virtuelles afin de renforcer la sécurité. --- [**Qubes OS**](../desktop.md#qubes-os) est un système d'exploitation qui utilise l'hyperviseur [Xen](https://en.wikipedia.org/wiki/Xen) pour fournir une sécurité forte pour l'informatique de bureau par le biais de machines virtuelles isolées. Chaque VM est appelée un *Qube* et vous pouvez attribuer à chaque Qube un niveau de confiance en fonction de son objectif. Étant donné que le système d'exploitation Qubes assure la sécurité en utilisant l'isolation et en n'autorisant des actions qu'au cas par cas, il est à l'opposé de [l'énumération de méchanceté](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -44,7 +45,7 @@ Pour copier et coller des fichiers et des répertoires (dossiers) d'une VM à l' L'[environnement qrexec](https://www.qubes-os.org/doc/qrexec/) est une partie essentielle de Qubes qui permet la communication des machines virtuelles entre les domaines. Il est construit sur la bibliothèque Xen *vchan*, qui facilite [l'isolation de par le biais de politiques](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/). -## Ressources Supplémentaires +## Ressources supplémentaires Pour de plus amples informations, nous vous encourageons à consulter les pages de documentation complètes de Qubes OS, situées sur le [site web de Qubes OS](https://www.qubes-os.org/doc/). Des copies hors ligne peuvent être téléchargées à partir du [dépôt de documentationde](https://github.com/QubesOS/qubes-doc) Qubes OS. @@ -52,5 +53,3 @@ Pour de plus amples informations, nous vous encourageons à consulter les pages - J. Rutkowska : [*Compartimentage logiciel vs. séparation physique*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska : [*Partitionnement de ma vie numérique en domaines de sécurité*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS : [*Articles connexes*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/passwords.md b/i18n/fr/passwords.md index 1fa032065..d4e74b157 100644 --- a/i18n/fr/passwords.md +++ b/i18n/fr/passwords.md @@ -1,9 +1,10 @@ --- title: "Gestionnaires de mots de passe" icon: material/form-textbox-password +description: Les gestionnaires de mots de passe vous permettent de stocker et de gérer en toute sécurité des mots de passe et autres informations d'identification. --- -Les gestionnaires de mots de passe vous permettent de stocker et de gérer en toute sécurité les mots de passe et autres informations d'identification à l'aide d'un mot de passe principal. +Les gestionnaires de mots de passe vous permettent de stocker et de gérer en toute sécurité des mots de passe et autres informations d'identification à l'aide d'un mot de passe principal. [Introduction aux mots de passe :material-arrow-right-drop-circle:](./basics/passwords-overview.md) @@ -226,5 +227,3 @@ Ces produits sont des gestionnaires de mots de passe minimaux qui peuvent être Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours. - Doit être multiplateforme. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/productivity.md b/i18n/fr/productivity.md index 7b9646c15..e4f01b4a4 100644 --- a/i18n/fr/productivity.md +++ b/i18n/fr/productivity.md @@ -1,6 +1,7 @@ --- title: "Outils de productivité" icon: material/file-sign +description: La plupart des suites bureautiques en ligne ne prennent pas en charge l'E2EE, ce qui signifie que le fournisseur de cloud a accès à tout ce que vous faites. --- La plupart des suites bureautiques en ligne ne prennent pas en charge l'E2EE, ce qui signifie que le fournisseur de cloud a accès à tout ce que vous faites. La politique de confidentialité peut protéger légalement vos droits, mais elle ne fournit pas de contraintes techniques d'accès. @@ -152,5 +153,3 @@ En général, nous définissons les suites bureautiques comme des applications q [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Instances publiques"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Code source" } - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/real-time-communication.md b/i18n/fr/real-time-communication.md index 84941a279..6ab9be2c2 100644 --- a/i18n/fr/real-time-communication.md +++ b/i18n/fr/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Communication en temps réel" icon: material/chat-processing +description: Les autres messageries instantanées mettent toutes vos conversations privées à la disposition de la société qui les gère. --- Voici nos recommandations pour de la communication en temps réel chiffrée. @@ -191,5 +192,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Devrait être décentralisé, c'est-à-dire fédéré ou P2P. - Devrait utiliser E2EE pour tous les messages par défaut. - Devrait prendre en charge Linux, macOS, Windows, Android et iOS. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/router.md b/i18n/fr/router.md index 7c96ad4c4..a4eeba72d 100644 --- a/i18n/fr/router.md +++ b/i18n/fr/router.md @@ -1,6 +1,7 @@ --- title: "Micrologiciel de routeur" icon: material/router-wireless +description: Ces systèmes d'exploitation alternatifs peuvent être utilisés pour sécuriser votre routeur ou votre point d'accès Wi-Fi. --- Vous trouverez ci-dessous quelques systèmes d'exploitation alternatifs, qui peuvent être utilisés sur des routeurs, des points d'accès Wi-Fi, etc. @@ -47,5 +48,3 @@ OPNsense a été développé à l'origine comme un fork de [pfSense](https://fr. - Doit être open-source. - Doit recevoir des mises à jour régulières. - Doivent prendre en charge une grande variété de matériel. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/search-engines.md b/i18n/fr/search-engines.md index f96d0f122..2139625b7 100644 --- a/i18n/fr/search-engines.md +++ b/i18n/fr/search-engines.md @@ -1,6 +1,7 @@ --- title: "Moteurs de recherche" icon: material/search-web +description: Ces moteurs de recherche respectueux de la vie privée n'établissent pas de profil publicitaire sur la base de vos recherches. --- Utilisez un moteur de recherche qui ne construit pas un profil publicitaire en fonction de vos recherches. @@ -105,5 +106,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Doit être basé sur des logiciels open-source. - Ne doit pas bloquer les adresses IP des nœuds de sortie Tor. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/tools.md b/i18n/fr/tools.md index 227aeddc8..c75999ce4 100644 --- a/i18n/fr/tools.md +++ b/i18n/fr/tools.md @@ -3,6 +3,7 @@ title: "Outils de protection de la vie privée" icon: material/tools hide: - toc +description: Privacy Guides est le site web le plus transparent et le plus fiable pour trouver des logiciels, des applications et des services qui protègent vos données personnelles des programmes de surveillance de masse et d'autres menaces internet. --- Si vous cherchez une solution spécifique à un problème, voici les outils matériels et logiciels que nous recommandons dans diverses catégories. Les outils de protection de la vie privée que nous recommandons sont principalement choisis en fonction de leurs fonctionnalités de sécurité, tout en mettant l'accent sur les outils décentralisés et à code source ouvert. Ils sont applicables à divers modèles de menaces, allant de la protection contre les programmes mondiaux de surveillance de masse à l'atténuation des attaques en passant par l'évitement des grandes entreprises technologiques, mais vous seul pouvez déterminer ce qui répondra le mieux à vos besoins. @@ -36,7 +37,7 @@ Pour plus de détails sur chaque projet, les raisons pour lesquelles ils ont ét [En savoir plus :material-arrow-right-drop-circle:](desktop-browsers.md) -### Ressources Supplémentaires +### Ressources supplémentaires
@@ -57,7 +58,7 @@ Pour plus de détails sur chaque projet, les raisons pour lesquelles ils ont ét [En savoir plus :material-arrow-right-drop-circle:](mobile-browsers.md) -### Ressources Supplémentaires +### Ressources supplémentaires
@@ -84,10 +85,10 @@ Pour plus de détails sur chaque projet, les raisons pour lesquelles ils ont ét
-- ![Logo Aurora Store](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) -- ![Logo Shelter](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) -- ![Logo Auditeur](assets/img/android/auditor.svg#only-light){ .twemoji }![Logo GrapheneOS](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditeur (Appareils pris en charge)](android.md#auditor) -- ![Logo caméra sécurisée](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Logo caméra sécurisée](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Caméra sécurisée](android.md#secure-camera) +- ![Logo Aurora Store](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (client Google Play)](android.md#aurora-store) +- ![Logo Shelter](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Profils de travail)](android.md#shelter) +- ![Logo Auditor](assets/img/android/auditor.svg#only-light){ .twemoji }![Logo GrapheneOS](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Appareils pris en charge)](android.md#auditor) +- ![Logo Secure Camera](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Logo Secure Camera](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) - ![Logo Secure PDF Viewer](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![Logo Secure PDF Viewer](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
@@ -170,14 +171,14 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs - ![Logo Proton Mail](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) - ![Logo Mailbox.org](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) -- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji } ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) -- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) +- ![logo StartMail](assets/img/email/startmail.svg#only-light){ .twemoji } ![logo StartMail](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![logo Tutanota](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
[En savoir plus :material-arrow-right-drop-circle:](email.md) -#### Services d'alias d'e-mails +#### Services d'alias d'email
@@ -188,7 +189,7 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs [En savoir plus :material-arrow-right-drop-circle:](email.md#email-aliasing-services) -#### E-mail auto-hébergé +#### Email auto-hébergé
@@ -199,6 +200,29 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs [En savoir plus :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Services financiers + +#### Services de masquage des paiements + +
+ +- ![Logo Privacy.com](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Logo Privacy.com](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![Logo MySudo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![Logo MySudo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[En savoir plus :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Marchés de cartes-cadeaux en ligne + +
+ +- ![Logo Cake Pay](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![Logo CoinCards](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[En savoir plus :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Moteurs de Recherche
@@ -226,9 +250,9 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs
+- ![Logo IVPN](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Logo Mullvad](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) - ![Logo Proton VPN](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) -- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) -- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
@@ -247,6 +271,16 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs [En savoir plus :material-arrow-right-drop-circle:](calendar.md) +### Crypto-monnaie + +
+ +- ![Logo Monero](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[En savoir plus :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Rédaction de données et de métadonnées
@@ -438,5 +472,3 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs
[En savoir plus :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/tor.md b/i18n/fr/tor.md index 205054a67..4a1bb665e 100644 --- a/i18n/fr/tor.md +++ b/i18n/fr/tor.md @@ -1,6 +1,7 @@ --- title: "Réseau Tor" icon: simple/torproject +description: Protégez votre navigation sur internet des regards indiscrets en utilisant le réseau Tor, un réseau sécurisé qui contourne la censure. --- ![Logo Tor](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ Le réseau **Tor** est un groupe de serveurs gérés par des bénévoles qui vou Tor fonctionne en acheminant votre trafic Internet via ces serveurs gérés par des volontaires, au lieu d'établir une connexion directe avec le site que vous essayez de visiter. Cela permet de masquer la provenance du trafic, et aucun serveur sur le chemin de la connexion n'est en mesure de voir le chemin complet de la provenance et de la destination du trafic, ce qui signifie que même les serveurs que vous utilisez pour vous connecter ne peuvent pas briser votre anonymat. -
- ![Chemin de Tor](assets/img/how-tor-works/tor-path.svg#only-light) - ![Chemin de Tor](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Chemin du circuit de Tor - Les nœuds du chemin ne peuvent voir que les serveurs auxquels ils sont directement connectés, par exemple le nœud "d'Entrée" indiqué peut voir votre adresse IP, et l'adresse du nœud "Central", mais n'a aucun moyen de voir quel site Web vous visitez.
-
- -- [Plus d'informations sur le fonctionnement de Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Introduction détaillée de Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Se connecter à Tor @@ -120,5 +115,3 @@ Pour résister aux attaques par analyse de trafic, pensez à activer l'option *I Snowflake n'améliore en rien votre vie privée et n'est pas utilisé pour se connecter au réseau Tor dans votre navigateur personnel. Toutefois, si votre connexion Internet n'est pas censurée, vous devriez envisager de l'utiliser pour aider les personnes se trouvant sur des réseaux censurés à améliorer elles-mêmes leur vie privée. Il n'y a pas besoin de s'inquiéter des sites web auxquels les gens accèdent via votre proxy - leur adresse IP de navigation visible correspondra à leur nœud de sortie Tor, pas à la vôtre. Faire fonctionner un proxy Snowflake est peu risqué, encore moins que de faire fonctionner un relais ou un pont Tor qui ne sont déjà pas des entreprises particulièrement risquées. Toutefois, il achemine le trafic par le biais de votre réseau, ce qui peut avoir un impact à certains égards, surtout si votre réseau a une bande passante limitée. Assurez-vous de comprendre [le fonctionnement de Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) avant de décider de faire tourner un proxy. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/video-streaming.md b/i18n/fr/video-streaming.md index cc500bc7d..51ad22f6a 100644 --- a/i18n/fr/video-streaming.md +++ b/i18n/fr/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Streaming vidéo" icon: material/video-wireless +description: Ces réseaux vous permettent de consommer du contenu internet sans établir de profil publicitaire basé sur vos centres d'intérêt. --- La principale menace liée à l'utilisation d'une plateforme de streaming vidéo est que vos habitudes de streaming et vos listes d'abonnement pourraient être utilisées pour établir votre profil. Vous devriez combiner ces outils avec un [VPN](vpn.md) ou [Tor](https://www.torproject.org/) pour rendre plus difficile le profilage de votre utilisation. @@ -48,5 +49,3 @@ Vous pouvez désactiver l'option *Enregistrer les données d'hébergement pour a - Ne doit pas nécessiter un compte centralisé pour visionner les vidéos. - L'authentification décentralisée, par exemple via la clé privée d'un portefeuille mobile, est acceptable. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/vpn.md b/i18n/fr/vpn.md index cddfdfd7f..ad83dbe9f 100644 --- a/i18n/fr/vpn.md +++ b/i18n/fr/vpn.md @@ -1,94 +1,34 @@ --- title: "Services VPN" icon: material/vpn +description: Voici les meilleurs services VPN pour protéger votre vie privée et votre sécurité en ligne. Trouvez ici un fournisseur qui ne cherche pas à vous espionner. --- -Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou lire votre trafic Web. +Si vous recherchez à protéger votre **vie privée** vis-à-vis de votre FAI, sur un réseau Wi-Fi public ou lorsque vous téléchargez des fichiers en torrent, un VPN peut être la solution pour vous, à condition que vous compreniez les risques encourus. Nous pensons que ces fournisseurs se distinguent des autres : -??? danger "Les VPN ne fournissent pas l'anonymat" +
+ +- ![Logo IVPN](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Logo Mullvad](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Logo Proton VPN](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "Les VPN ne fournissent pas l'anonymat" L'utilisation d'un VPN ne rendra **pas** votre navigation anonyme et n'ajoutera pas de sécurité supplémentaire à un trafic non sécurisé (HTTP). - Si vous recherchez l' **anonymat**, vous devriez utiliser le navigateur Tor **au lieu** d'un VPN. + Si vous recherchez l'**anonymat**, vous devriez utiliser le navigateur Tor **au lieu** d'un VPN. Si vous recherchez plus de **sécurité**, vous devez toujours vous assurer que vous vous connectez aux sites web en utilisant HTTPS. Un VPN ne remplace pas les bonnes pratiques de sécurité. - [Télécharger Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mythes sur Tor & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button } + [Télécharger Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mythes sur Tor & FAQ](advanced/tor-overview.md){ .md-button } -??? question "Quand les VPN sont-ils utiles ?" +[Présentation détaillée des VPNs :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} - Si vous recherchez à protéger votre **vie privé** vis-à-vis de votre fournisseur d'accès internet, sur un réseau Wi-Fi public ou lors du torrenting de fichiers, un VPN peut être la solution pour vous, à condition que vous compreniez les risques encourus. - - [Plus d'infos](#vpn-overview){ .md-button } +## Fournisseurs recommandés -## Fournisseurs Recommandés - -!!! abstract "Citères" - - Les fournisseurs que nous recommandons utilisent le chiffrement, acceptent le Monero, prennent en charge WireGuard & OpenVPN, et ont une politique de non journalisation. Lisez notre [liste complète de critères](#our-criteria) pour plus d'informations. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** est un concurrent solide dans l'espace VPN, et ils sont en service depuis 2016. Proton AG est basé en Suisse et propose une offre gratuite limitée, ainsi qu'une option premium plus complète. - - [:octicons-home-16: Page d'accueil](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Politique de confidentialité" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Code source" } - - ??? downloads "Téléchargements" - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Pays" - - Proton VPN a [des serveurs dans 63 pays](https://protonvpn.com/vpn-servers) (1). En choisissant un fournisseur de VPN dont le serveur est le plus proche de vous vous réduirez la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. - - Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur de VPN qu'il utilise des [serveurs dédiés](https://en.wikipedia.org/wiki/Dedicated_hosting_service), plutôt que des solutions partagées moins chères (avec d'autres clients) telles que les [serveurs privés virtuels](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. En date du 2022-09-16 - -??? success "Audités de manière indépendante" - - Depuis janvier 2020, Proton VPN a fait l'objet d'un audit indépendant réalisé par SEC Consult. SEC Consult a trouvé quelques vulnérabilités à risque moyen et faible dans les applications Windows, Android et iOS de Proton VPN, qui ont toutes été "correctement corrigées" par Proton VPN avant la publication des rapports. Aucun des problèmes identifiés n'aurait permis à un attaquant d'accéder à distance à votre appareil ou à votre trafic. Vous pouvez consulter les rapports individuels pour chaque plateforme à l'adresse [protonvpn.com](https://protonvpn.com/blog/open-source/). En avril 2022, Proton VPN a fait l'objet d'un [autre audit](https://protonvpn.com/blog/no-logs-audit/) et le rapport a été [produit par Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Une [lettre d'attestation](https://proton.me/blog/security-audit-all-proton-apps) a été fournie pour les applications de Proton VPN le 9 novembre 2021 par [Securitum](https://research.securitum.com). - -??? success "Clients Open Source" - - Proton VPN fournit le code source de ses clients de bureau et mobiles dans son [organisation GitHub](https://github.com/ProtonVPN). - -??? check "Accepte l'Argent Liquide" - - Proton VPN, en plus d'accepter les cartes de crédit/débit et PayPal, accepte le Bitcoin, et **l'argent liquide/la monnaie locale** comme formes anonymes de paiement. - -??? success "Supporte WireGuard" - - Proton VPN supporte le protocole WireGuard® la plupart du temps. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise de la [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. - - Proton VPN [recommande](https://protonvpn.com/blog/wireguard/) l'utilisation de WireGuard avec leur service. Sur les applications Windows, macOS, iOS, Android, ChromeOS et Android TV de Proton VPN, WireGuard est le protocole par défaut ; cependant, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) pour le protocole n'est pas présent dans leur application Linux. - -??? warning "Redirection de Port Distant" - - Proton VPN ne supporte actuellement que la [redirection de ports](https://protonvpn.com/support/port-forwarding/) distants sur Windows, ce qui peut avoir un impact sur certaines applications. En particulier les applications Peer-to-Peer comme les clients Torrent. - -??? success "Clients Mobile" - - En plus de fournir des fichiers de configuration OpenVPN standard, Proton VPN dispose de clients mobiles pour [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), et [GitHub](https://github.com/ProtonVPN/android-app/releases) permettant de se connecter facilement à leurs serveurs. - -??? info "Fonctionnalités supplémentaires" - - Les clients VPN de Proton prennent en charge l'authentification à deux facteurs sur toutes les plateformes, sauf Linux pour le moment. Proton VPN possède ses propres serveurs et centres de données en Suisse, en Islande et en Suède. Ils proposent le blocage des publicités et des domaines de logiciels malveillants connus avec leur service DNS. De plus, Proton VPN propose également des serveurs "Tor" vous permettant de vous connecter facilement aux sites oignon, mais nous vous recommandons toujours fortement d'utiliser [le navigateur officiel Tor](https://www.torproject.org/fr/) à cet effet. - -!!! danger "La fonction Killswitch ne fonctionne pas sur les Macs à processeur Intel". - - Des crashs système [peuvent se produire](https://protonvpn.com/support/macos-t2-chip-kill-switch/) sur les Macs basés sur Intel lors de l'utilisation du killswitch VPN. Si vous avez besoin de cette fonction, et que vous utilisez un Mac avec un chipset Intel, vous devriez envisager d'utiliser un autre service VPN. +Les fournisseurs que nous recommandons utilisent le chiffrement, acceptent le Monero, prennent en charge WireGuard & OpenVPN, et ont une politique de non journalisation. Lisez notre [liste complète de critères](#criteria) pour plus d'informations. ### IVPN @@ -96,7 +36,7 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l ![Logo IVPN](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** est un autre fournisseur de VPN premium, et il est en activité depuis 2009. IVPN est basé à Gibraltar. + **IVPN** est un autre fournisseur de VPN haut de gamme, et il est en activité depuis 2009. IVPN est basé à Gibraltar. [:octicons-home-16: Page d'accueil](https://www.ivpn.net/){ .md-button .md-button--primary } [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Politique de confidentialité" } @@ -111,43 +51,44 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Pays" +#### :material-check:{ .pg-green } 35 pays - IVPN possède [des serveurs dans 35 pays](https://www.ivpn.net/server-locations) (1). En choisissant un fournisseur de VPN dont le serveur est le plus proche de vous vous réduirez la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. - - Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur de VPN qu'il utilise des [serveurs dédiés](https://en.wikipedia.org/wiki/Dedicated_hosting_service), plutôt que des solutions partagées moins chères (avec d'autres clients) telles que les [serveurs privés virtuels](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN a ses [serveurs dans 35 pays](https://www.ivpn.net/server-locations).(1) Choisir un fournisseur VPN avec un serveur le plus proche de vous réduira la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. +{ .annotate } -1. En date du 2022-09-16 +1. En date du : 2022-09-16 -??? success "Audités de manière indépendante" +Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur VPN d'utiliser des [serveurs dédiés](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9), plutôt que des solutions partagées (avec d'autres clients) moins chères telles que les [serveurs privés virtuels](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9_virtuel). - IVPN a fait l'objet d'un [audit de non-journalisation de Cure53](https://cure53.de/audit-report_ivpn.pdf) qui s'est conclu en accord avec la déclaration de non-journalisation d'IVPN. IVPN a également réalisé un [rapport complet de tests de pénétration par Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) en janvier 2020. IVPN a également déclaré qu'il prévoyait de publier des [rapports annuels](https://www.ivpn.net/blog/independent-security-audit-concluded) à l'avenir. Une autre étude a été réalisée [en avril 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) et a été fournie par Cure53 [sur leur site web](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Audit indépendant -??? success "Clients Open Source" +IVPN a fait l'objet d'un [audit de non-journalisation par Cure53](https://cure53.de/audit-report_ivpn.pdf) qui a conclu à la validité de l'affirmation d'IVPN concernant l'absence d'enregistrement. IVPN a également terminé un [rapport complet de test d'intrusion par Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) en janvier 2020. IVPN a également indiqué qu'elle prévoyait à l'avenir de mettre à disposition les [rapports annuels](https://www.ivpn.net/blog/independent-security-audit-concluded). Une nouvelle étude a été réalisée [en avril 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) et a été mise à disposition par Cure53 sur [leur site web](https://cure53.de/pentest-report_IVPN_2022.pdf). - Depuis février 2020 [les applications IVPN sont désormais open source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Le code source peut être obtenu auprès de leur [organisation GitHub](https://github.com/ivpn). +#### :material-check:{ .pg-green } Clients open source -??? success "Accepte l'Argent Liquide et le Monero" +Depuis février 2020, [les applications IVPN sont désormais open source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Le code source peut être obtenu auprès de leur [organisation GitHub](https://github.com/ivpn). - En plus d'accepter les cartes de crédit/débit et PayPal, IVPN accepte le Bitcoin, le **Monero** et **l'argent liquide/la monnaie locale** (sur les plans annuels) comme formes de paiement anonymes. +#### :material-check:{ .pg-green } Accepte l'argent liquide et le Monero -??? success "Supporte WireGuard" +En plus d'accepter les cartes de crédit/débit et PayPal, IVPN accepte le Bitcoin, **le Monero** et **les espèces/la monnaie locale** (sur les abonnements annuels) comme formes de paiement anonymes. - IVPN supporte le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise de la [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. - - IVPN [recommande](https://www.ivpn.net/wireguard/) l'utilisation de WireGuard avec leur service et, de ce fait, ce protocole est le protocole par défaut sur toutes les applications d'IVPN. IVPN propose également un générateur de configuration WireGuard à utiliser avec l'[application](https://www.wireguard.com/install/) officielle WireGuard. +#### :material-check:{ .pg-green } Prise en charge de WireGuard -??? success "Redirection de Port Distant" +IVPN prend en charge le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise une [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. - La [redirection de port](https://fr.wikipedia.org/wiki/Redirection_de_port) distants est possible avec une offre Pro. La redirection de port [peut être activée](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via l'espace client. La redirection de port n'est disponible sur IVPN que lorsque l'on utilise les protocoles WireGuard ou OpenVPN et est [désactivée sur les serveurs US](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommande](https://www.ivpn.net/wireguard/) l'utilisation de WireGuard avec leur service et, en tant que tel, le protocole est par défaut sur toutes les applications d'IVPN. IVPN propose également un générateur de configuration WireGuard à utiliser avec les [applications](https://www.wireguard.com/install/) officielles WireGuard. -??? success "Clients Mobile" +#### :material-check:{ .pg-green } Redirection de port - En plus de fournir des fichiers de configuration OpenVPN standard, IVPN dispose de clients mobiles pour [App Store] (https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play] (https://play.google.com/store/apps/details?id=net.ivpn.client), et [GitHub](https://github.com/ivpn/android-app/releases) permettant de se connecter facilement à leurs serveurs. +La [redirection de port](https://fr.wikipedia.org/wiki/Redirection_de_port) est possible avec une offre Pro. La redirection de port [peut être activée](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via l'espace client. La redirection de port n'est disponible sur IVPN que lorsque l'on utilise les protocoles WireGuard ou OpenVPN et est [désactivée sur les serveurs américains](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Fonctionnalités supplémentaires" +#### :material-check:{ .pg-green } Clients mobiles - Les clients IVPN prennent en charge l'authentification à deux facteurs (les clients de Mullvad ne le font pas). IVPN offre également la fonctionnalité "[AntiTraqueurs](https://www.ivpn.net/antitracker)", qui bloque les réseaux publicitaires et les trackers au niveau du réseau. +En plus de fournir des fichiers de configuration OpenVPN standard, IVPN a des clients mobiles pour l'[App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), le [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), et [GitHub](https://github.com/ivpn/android-app/releases) permettant des connexions faciles à leurs serveurs. + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Les clients IVPN prennent en charge l'authentification à deux facteurs (les clients de Mullvad ne le font pas). IVPN propose également la fonctionnalité "[AntiTracker](https://www.ivpn.net/antitracker)", qui bloque les réseaux publicitaires et les traqueurs au niveau du réseau. ### Mullvad @@ -155,10 +96,10 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l ![Logo Mullvad](assets/img/vpn/mullvad.svg){ align=right } - **Mullvad** est un VPN rapide et peu coûteux qui met l'accent sur la transparence et la sécurité. Ils sont en activité depuis **2009**. Mullvad est basé en Suède et n'a pas de période d'essai gratuit. + **Mullvad** est un VPN rapide et peu coûteux qui met l'accent sur la transparence et la sécurité. Il est en activité depuis **2009**. Mullvad est basé en Suède et n'a pas de période d'essai gratuit. [:octicons-home-16: Page d'accueil](https://mullvad.net){ .md-button .md-button--primary } - [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Service onion" } [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Politique de confidentialité" } [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Code source" } @@ -172,55 +113,120 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Pays" +#### :material-check:{ .pg-green } 41 pays - Mullvad possède [des serveurs dans 41 pays](https://mullvad.net/servers/) (1). En choisissant un fournisseur de VPN dont le serveur est le plus proche de vous vous réduirez la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. +Mullvad a des [serveurs dans 41 pays](https://mullvad.net/servers/).(1) Choisir un fournisseur VPN avec un serveur le plus proche de vous réduira la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. +{ .annotate } + +1. En date du : 2023-01-19 + +Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur VPN d'utiliser des [serveurs dédiés](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9), plutôt que des solutions partagées (avec d'autres clients) moins chères telles que les [serveurs privés virtuels](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9_virtuel). + +#### :material-check:{ .pg-green } Audit indépendant + +Les clients VPN de Mullvad ont été audités par Cure53 et Assured AB dans un rapport de test d'intrusion [publié sur cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Les chercheurs en sécurité ont conclu : + +> Cure53 et Assured AB sont satisfaits des résultats de l'audit et le logiciel laisse une impression générale positive. Grâce au dévouement de l'équipe interne du complexe du VPN Mullvad, les testeurs n'ont aucun doute sur le fait que le projet est sur la bonne voie du point de vue de la sécurité. + +En 2020, un deuxième audit [a été annoncé](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) et le [rapport d'audit final](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) a été publié sur le site web de Cure53 : + +> Les résultats de ce projet de mai-juin 2020 ciblant le complexe de Mullvad sont assez positifs. [...] L'écosystème applicatif utilisé par Mullvad laisse une impression solide et structurée. La structure globale de l'application permet de déployer facilement des correctifs et corrections de manière structurée. Plus que tout, les résultats repérés par Cure53 montrent l'importance d'un audit et d'une réévaluation constante des vecteurs de fuite actuels, afin de toujours garantir la confidentialité des utilisateurs finaux. Ceci étant dit, Mullvad fait un excellent travail en protégeant l'utilisateur final contre les fuites courantes de DCP et les risques liés à la confidentialité. + +En 2021, un audit des infrastructures [a été annoncé](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) et le [rapport d'audit final](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) a été publié sur le site web de Cure53. Un autre rapport a été commandé [en juin 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) et est disponible sur le [site web d'Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Clients open source + +Mullvad fournit le code source pour leurs clients de bureau et mobiles dans leur [organisation GitHub](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepte l'argent liquide et le Monero + +Mullvad, en plus d'accepter les cartes de crédit/débit et PayPal, accepte le Bitcoin, le Bitcoin Cash, **le Monero** et **les espèces/la monnaie locale** comme formes de paiement anonymes. Ils acceptent également Swish et les virements bancaires. + +#### :material-check:{ .pg-green } Prise en charge de WireGuard + +Mullvad prend en charge le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise une [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. + +Mullvad [recommande](https://mullvad.net/en/help/why-wireguard/) l'utilisation de WireGuard avec leur service. C'est le protocole par défaut ou le seul sur les applications Android, iOS, macOS et Linux de Mullvad, mais sur Windows, vous devez [activer manuellement](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad propose également un générateur de configuration WireGuard à utiliser avec les [applications](https://www.wireguard.com/install/) officielles WireGuard. + +#### :material-check:{ .pg-green } Prise en charge de l'IPv6 + +Mullvad soutient l'avenir des réseaux [IPv6](https://fr.wikipedia.org/wiki/IPv6). Leur réseau vous permet d'accéder aux [services hébergés sur IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/), contrairement à d'autres fournisseurs qui bloquent les connexions IPv6. + +#### :material-check:{ .pg-green } Redirection de port + +La [redirection de port](https://en.wikipedia.org/wiki/Port_forwarding) est autorisée pour les personnes qui effectuent des paiements ponctuels, mais pas pour les comptes ayant un mode de paiement récurrent ou par abonnement. Ceci afin d'empêcher Mullvad de pouvoir vous identifier sur la base de votre utilisation du port et des informations d'abonnement stockées. Voir [Redirection de port avec Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) pour plus d'informations. + +#### :material-check:{ .pg-green } Clients mobiles + +Mullvad a publié des clients [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) et [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), tous deux avec une interface simple à utiliser plutôt que nécessiter de votre part une configuration manuelle de votre connexion WireGuard. Le client Android est également disponible sur [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Mullvad est très transparent quant aux nœuds qu'il possède [ou qu'il loue](https://mullvad.net/en/servers/). Ils utilisent [ShadowSocks](https://shadowsocks.org/) dans leur configuration ShadowSocks + OpenVPN, ce qui les rend plus résistants aux pare-feux avec de l'[inspection profonde de paquets](https://fr.wikipedia.org/wiki/Deep_packet_inspection) qui tentent de bloquer les VPNs. Il semblerait que [la Chine utilise une méthode différente pour bloquer les serveurs ShadowSocks](https://github.com/net4people/bbs/issues/22). Le site web de Mullvad est également accessible via Tor à l'adresse suivante [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur de VPN qu'il utilise des [serveurs dédiés](https://en.wikipedia.org/wiki/Dedicated_hosting_service), plutôt que des solutions partagées moins chères (avec d'autres clients) telles que les [serveurs privés virtuels](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. En date du 2023-01-19 - -??? success "Audités de manière indépendante" - - Les clients VPN de Mullvad ont été audités par Cure53 et Assured AB dans un rapport de test de pénétration [publié sur cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Les chercheurs en sécurité ont conclu : + **Proton VPN** est un concurrent de poids dans l'espace VPN, et il est en service depuis 2016. Proton AG est basé en Suisse et propose une offre gratuite limitée, ainsi qu'une option premium plus complète. - > Cure53 et Assured AB sont satisfaits des résultats de l'audit et le logiciel laisse une impression globalement positive. Grâce au dévouement de l'équipe interne du complexe du VPN Mullvad, les testeurs n'ont aucun doute sur le fait que le projet est sur la bonne voie du point de vue de la sécurité. + [:octicons-home-16: Page d'accueil](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Code source" } - En 2020, un deuxième audit [a été annoncé](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) et le [rapport d'audit final](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) a été mis à disposition sur le site internet de Cure53 : + ??? downloads "Téléchargements" - > Les résultats de ce projet de mai-juin 2020 ciblant le complexe Mullvad sont plutôt positifs. [...] L'écosystème applicatif utilisé par Mullvad laisse une impression solide et structurée. La structure globale de l'application permet de déployer facilement des correctifs et corrections de manière structurée. Plus que tout, les résultats repérés par Cure53 montrent l'importance d'un audit et d'une réévaluation constante des vecteurs de fuite actuels, afin de toujours garantir la confidentialité des utilisateurs finaux. Ceci étant dit, Mullvad fait un excellent travail en protégeant l'utilisateur final contre les fuites courantes de DCP et les risques liés à la confidentialité. - - En 2021, un audit des infrastructures [a été annoncé] (https://mullvad.net/fr/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) et le [rapport d'audit final] (https://cure53.de/pentest-report_mullvad_2021_v1.pdf) a été mis à disposition sur le site web de Cure53. Un autre rapport a été commandé [en juin 2022](https://mullvad.net/fr/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) et est disponible sur [le site web d'Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Clients Open Source" +#### :material-check:{ .pg-green } 67 pays - Mullvad fournit le code source de ses clients de bureau et mobiles dans son [organisation GitHub](https://github.com/mullvad/mullvadvpn-app). +Proton VPN a des [serveurs dans 67 pays](https://protonvpn.com/vpn-servers).(1) Choisir un fournisseur VPN avec un serveur le plus proche de vous réduira la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. +{ .annotate } -??? success "Accepte l'Argent Liquide et le Monero" +1. En date du : 2022-09-16 - Mullvad, en plus d'accepter les cartes de crédit/débit et PayPal, accepte le Bitcoin, le Bitcoin Cash, le **Monero** et le **liquide/monnaie locale** comme formes de paiement anonyme. Ils acceptent également Swish et les virements bancaires. +Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur VPN d'utiliser des [serveurs dédiés](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9), plutôt que des solutions partagées (avec d'autres clients) moins chères telles que les [serveurs privés virtuels](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9_virtuel). -??? success "Supporte WireGuard" +#### :material-check:{ .pg-green } Audit indépendant - Mullvad prend en charge le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise de la [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. - - Mullvad [recommande](https://mullvad.net/fr/help/why-wireguard/) l'utilisation de WireGuard avec leur service. Il s'agit du seul protocole ou celui par défaut sur les applications Android, iOS, macOS et Linux de Mullvad, mais sous Windows, vous devez l'[activer manuellement](https://mullvad.net/fr/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad propose également un générateur de configuration WireGuard à utiliser avec l'[application](https://www.wireguard.com/install/) officielle WireGuard. +Depuis janvier 2020, Proton VPN a fait l'objet d'un audit indépendant réalisé par SEC Consult. SEC Consult a trouvé quelques vulnérabilités à risque moyen et faible dans les applications Windows, Android et iOS de Proton VPN, qui ont toutes été "correctement corrigées" par Proton VPN avant la publication des rapports. Aucun des problèmes identifiés n'aurait permis à un attaquant d'accéder à distance à votre appareil ou à votre trafic. Vous pouvez consulter les rapports individuels pour chaque plateforme sur [protonvpn.com](https://protonvpn.com/blog/open-source/). En avril 2022, Proton VPN a fait l'objet d'un [autre audit](https://protonvpn.com/blog/no-logs-audit/) et le rapport a été [produit par Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Une [lettre d'attestation](https://proton.me/blog/security-audit-all-proton-apps) a été fournie pour les applications de Proton VPN le 9 novembre 2021 par [Securitum](https://research.securitum.com). -??? success "Supporte IPv6" +#### :material-check:{ .pg-green } Clients open source - Mullvad soutient l'avenir du réseau [IPv6](https://en.wikipedia.org/wiki/IPv6). Leur réseau vous permet [d'accéder à des services hébergés sur IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/), contrairement à d'autres fournisseurs qui bloquent les connexions IPv6. +Proton VPN fournit le code source de ses clients bureau et mobile dans son [organisation GitHub](https://github.com/ProtonVPN). -??? success "Redirection de Port Distant" +#### :material-check:{ .pg-green } Accepte l'argent liquide - La [redirection de port] à distance (https://en.wikipedia.org/wiki/Port_forwarding) est autorisée pour les personnes qui effectuent des paiements ponctuels, mais pas pour les comptes ayant un mode de paiement récurrent ou par abonnement. Ceci afin d'empêcher Mullvad de pouvoir vous identifier sur la base de votre utilisation du port et des informations d'abonnement stockées. Voir [Redirection de port avec Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) pour plus d'informations. +Proton VPN, en plus d'accepter les cartes de crédit/débit, PayPal, et [le Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), accepte également **les espèces/la monnaie locale** comme forme de paiement anonyme. -??? success "Clients Mobile" +#### :material-check:{ .pg-green } Prise en charge de WireGuard - Mullvad a publié des clients [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) et [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), qui prennent tous deux en charge une interface facile à utiliser, au lieu de vous demander de configurer manuellement votre connexion WireGuard. Le client Android est également disponible sur [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN prend principalement en charge le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise une [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. -??? info "Fonctionnalités supplémentaires" +Proton VPN [recommande](https://protonvpn.com/blog/wireguard/) l'utilisation de WireGuard avec leur service. Sur les applications Windows, macOS, iOS, Android, ChromeOS et Android TV de Proton VPN, WireGuard est le protocole par défaut ; cependant, la [prise en charge](https://protonvpn.com/support/how-to-change-vpn-protocols/) du protocole n'est pas présente dans leur application Linux. - Mullvad est très transparent quant aux nœuds qu'il [possède ou loue](https://mullvad.net/en/servers/). Ils utilisent [ShadowSocks](https://shadowsocks.org) dans leur configuration ShadowSocks OpenVPN, ce qui les rend plus résistants aux pare-feu avec l'[Inspection Approfondie des Paquets](https://en.wikipedia.org/wiki/Deep_packet_inspection) qui tentent de bloquer les VPN. Supposément, [la Chine doit utiliser une méthode différente pour bloquer les serveurs ShadowSocks](https://github.com/net4people/bbs/issues/22). Le site web de Mullvad est également accessible via Tor à l'adresse [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Redirection de port + +Proton VPN ne prend actuellement en charge que la [redirection de port](https://protonvpn.com/support/port-forwarding/) sous Windows, ce qui peut avoir un impact sur certaines applications. En particulier les applications pair à pair comme les clients Torrent. + +#### :material-check:{ .pg-green } Clients mobiles + +En plus de fournir des fichiers de configuration OpenVPN standard, Proton VPN a des clients mobiles pour l'[App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), le [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), et [GitHub](https://github.com/ProtonVPN/android-app/releases) permettant des connexions faciles à leurs serveurs. + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Les clients VPN de Proton prennent en charge l'authentification à deux facteurs sur toutes les plateformes, sauf Linux pour le moment. Proton VPN possède ses propres serveurs et centres de données en Suisse, en Islande et en Suède. Ils proposent le blocage des publicités et des domaines de logiciels malveillants connus avec leur service DNS. En outre, Proton VPN propose également des serveurs "Tor" vous permettant de vous connecter facilement aux sites onion, mais nous recommandons fortement d'utiliser [le navigateur officiel Tor](https://www.torproject.org/) à cette fin. + +#### :material-alert-outline:{ .pg-orange } La fonction d'arrêt d'urgence ne fonctionne pas sur les Macs à processeur Intel + +Des pannes du système [peuvent se produire](https://protonvpn.com/support/macos-t2-chip-kill-switch/) sur les Mac basés sur Intel lors de l'utilisation de l'arrêt d'urgence du VPN. Si vous avez besoin de cette fonction, et que vous utilisez un Mac avec un chipset Intel, vous devriez envisager d'utiliser un autre service VPN. ## Critères @@ -228,48 +234,48 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l Il est important de noter que l'utilisation d'un fournisseur VPN ne vous rendra pas anonyme, mais qu'elle vous permettra de mieux protéger votre vie privée dans certaines situations. Un VPN n'est pas un outil pour des activités illégales. Ne vous fiez pas à une politique de "non-journalisation". -Nous exigeons de tous nos fournisseurs VPN recommandés qu'ils fournissent des fichiers de configuration OpenVPN utilisables dans n'importe quel client. **Si** un VPN fournit son propre client personnalisé, nous exigeons un killswitch pour bloquer les fuites de données du réseau lors de la déconnexion. Nous vous suggérons de vous familiariser avec cette liste avant de choisir un fournisseur VPN, et de mener vos propres recherches pour vous assurer que le fournisseur VPN que vous choisissez est le plus digne de confiance possible. +**Veuillez noter que nous ne sommes affiliés à aucun des fournisseurs que nous recommandons. Cela nous permet de fournir des recommandations totalement objectives.** En plus de [nos critères standards](about/criteria.md), nous avons développé un ensemble d'exigences claires pour tout fournisseur de VPN souhaitant être recommandé, y compris un chiffrement fort, des audits de sécurité indépendants, une technologie moderne, et plus encore. Nous vous suggérons de vous familiariser avec cette liste avant de choisir un fournisseur VPN, et de mener vos propres recherches pour vous assurer que le fournisseur VPN que vous choisissez est le plus digne de confiance possible. ### Technologie Nous exigeons de tous nos fournisseurs VPN recommandés qu'ils fournissent des fichiers de configuration OpenVPN utilisables dans n'importe quel client. **Si** un VPN fournit son propre client personnalisé, nous exigeons un killswitch pour bloquer les fuites de données du réseau lors de la déconnexion. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Prise en charge de protocoles forts tels que WireGuard & OpenVPN. -- Killswitch intégré dans les clients. -- Support multi-sauts. Le multi-sauts est important pour garder les données privées en cas de compromission d'un seul noeud. +- Arrêt d'urgence intégré dans les clients. +- Prise en charge du multi-sauts. Le multi-sauts est important pour garder les données privées en cas de compromission d'un seul noeud. - Si des clients VPN sont fournis, ils doivent être [open source](https://en.wikipedia.org/wiki/Open_source), comme le logiciel VPN qui y est généralement intégré. Nous pensons que la disponibilité du [code source](https://en.wikipedia.org/wiki/Source_code) offre une plus grande transparence sur ce que fait réellement votre appareil. **Dans le meilleur des cas :** - Prise en charge de WireGuard et d'OpenVPN. -- Killswitch avec des options hautement configurables (activer/désactiver sur certains réseaux, au démarrage, etc.) +- Un arrêt d'urgence avec des options hautement configurables (activer/désactiver sur certains réseaux, au démarrage, etc.) - Clients VPN faciles à utiliser -- Supporte [IPv6](https://en.wikipedia.org/wiki/IPv6). Nous nous attendons à ce que les serveurs autorisent les connexions entrantes via IPv6 et vous permettent d'accéder aux services hébergés sur des adresses IPv6. -- La capacité de [redirection de port à distance](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) aide à créer des connexions lors de l'utilisation de logiciels de partage de fichiers P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)), de Freenet ou de l'hébergement d'un serveur (par exemple, Mumble). +- Prend en charge [IPv6](https://en.wikipedia.org/wiki/IPv6). Nous nous attendons à ce que les serveurs autorisent les connexions entrantes via IPv6 et vous permettent d'accéder aux services hébergés sur des adresses IPv6. +- La capacité de [redirection de port](https://fr.wikipedia.org/wiki/Redirection_de_port) aide à créer des connexions lors de l'utilisation de logiciels de partage de fichiers P2P ( $100) של מטבע מוצפן, אנא צור קשר עם [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/index.md b/i18n/he/about/index.md index 5e70b81c8..c37c0da36 100644 --- a/i18n/he/about/index.md +++ b/i18n/he/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "אודות Privacy Guides" +description: Privacy Guides הוא אתר בעל מוטיבציה חברתית המספק מידע להגנה על אבטחת הנתונים ופרטיותך. --- -**Privacy Guides** הוא אתר בעל מוטיבציה חברתית המספק מידע להגנה על אבטחת הנתונים ופרטיותך. אנחנו קולקטיב ללא מטרות רווח המופעל כולו על ידי [חברי צוות](https://discuss.privacyguides.net/g/team) מתנדבים ותורמים. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: תמכו בפרויקט](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** הוא אתר בעל מוטיבציה חברתית המספק [מידע](/kb) להגנה על אבטחת הנתונים ופרטיותך. אנחנו קולקטיב ללא מטרות רווח המופעל כולו על ידי [חברי צוות](https://discuss.privacyguides.net/g/team) מתנדבים ותורמים. האתר שלנו נקי מפרסומות ואינו מזוהה עם ספקים רשומים. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=דף הבית } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="קוד מקור" } +[:octicons-heart-16:](donate.md){ .card-link title=לתרומה } + +מטרת Privacy Guides היא ללמד את הקהילה שלנו על החשיבות של פרטיות מקוונת ותוכניות ממשלתיות בינלאומיות שנועדו לנטר את כל הפעילויות המקוונות שלך. + +> כדי למצוא אפליקציות [אלטרנטיביות ממוקדות פרטיות], בדוק אתרים כמו Good Reports ו-**Privacy Guides**, המפרטים אפליקציות ממוקדות פרטיות במגוון קטגוריות, כולל ספקי אימייל (בדרך כלל בתוכניות בתשלום) שאינן מנוהלות על ידי הגדולים חברות טכנולוגיה. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) [תורגם מאנגלית] + +> אם אתה מחפש VPN חדש, אתה יכול ללכת לקוד ההנחה של כמעט כל פודקאסט. אם אתה מחפש VPN **טוב**, אתה צריך עזרה מקצועית. אותו דבר לגבי לקוחות אימייל, דפדפנים, מערכות הפעלה ומנהלי סיסמאות. איך אתה יודע איזו מבין אלה היא האפשרות הטובה והידידותית ביותר לפרטיות? בשביל זה יש **Privacy Guides**, פלטפורמה שבה מספר מתנדבים מחפשים מדי יום ביומו את הכלים הידידותיים לפרטיות הטובים ביותר לשימוש באינטרנט. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [תורגם מהולנדית] + +מוצג גם ב: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], ו- [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## היסטוריה + +מדריכי הפרטיות הושקו בספטמבר 2021 כהמשך לפרויקט החינוכי "PrivacyTools" [שהוצא](privacytools.md) משימוש בקוד פתוח. זיהינו את החשיבות של המלצות מוצר עצמאיות, ממוקדות קריטריונים וידע כללי במרחב הפרטיות, ולכן היינו צריכים לשמר את העבודה שנוצרה על ידי תורמים רבים מאז 2015 ולוודא כי למידע יש בית יציב באינטרנט ללא הגבלת זמן. + +בשנת 2022, השלמנו את המעבר של מסגרת האתר הראשית שלנו מ-Jekyll ל-MkDocs, באמצעות תוכנת התיעוד `mkdocs-material`. השינוי הזה הפך את תרומות הקוד הפתוח לאתר שלנו לקלות משמעותית עבור זרים, מכיוון שבמקום צורך לדעת תחביר מסובך כדי לכתוב פוסטים בצורה יעילה, התרומה קלה כעת כמו כתיבת מסמך Markdown סטנדרטי. + +בנוסף השקנו את פורום הדיון החדש שלנו בכתובת [discuss.privacyguides.net](https://discuss.privacyguides.net/) כפלטפורמה קהילתית לחלוק רעיונות ולשאול שאלות על המשימה שלנו. זה מגדיל את הקהילה הקיימת שלנו ב-Matrix, והחליף את פלטפורמת הדיונים הקודמת של GitHub שלנו, מה שמפחית את ההסתמכות שלנו על פלטפורמות דיון קנייניות. + +עד כה בשנת 2023 השקנו תרגומים בינלאומיים של האתר שלנו ב[צרפתית](/fr/), [עברית](/he/), וגם [הולנדית](/nl/), שפות נוספות בדרך, התאפשרה על ידי צוות התרגום המצוין שלנו ב-[Crowdin](https://crowdin.com/project/privacyguides). אנו מתכננים להמשיך ולקדם את משימתנו של הסברה וחינוך, למצוא דרכים להדגיש בצורה ברורה יותר את הסכנות של חוסר מודעות לפרטיות בעידן הדיגיטלי המודרני ואת השכיחות והנזקים של פרצות אבטחה בכל תעשיית הטכנולוגיה. ## הצוות שלנו @@ -48,7 +76,7 @@ title: "אודות Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -בנוסף, [אנשים רבים](https://github.com/privacyguides/privacyguides.org/graphs/contributors) תרמו לפרויקט. גם אתה יכול, אנחנו בקוד פתוח ב-GitHub! +בנוסף, [אנשים רבים](https://github.com/privacyguides/privacyguides.org/graphs/contributors) תרמו לפרויקט. גם אתה יכול, אנחנו בקוד פתוח ב-GitHub ומקבלים הצעות תרגום ב-[Crowdin](https://crowdin.com/project/privacyguides). חברי הצוות שלנו בודקים את כל השינויים שבוצעו באתר ומטפלים בתפקידים אדמיניסטרטיביים כגון אירוח אתרים ופיננסים, אולם הם אינם מרוויחים באופן אישי מכל תרומה כלשהי לאתר זה. הדוחות הכספיים שלנו מתארחים באופן שקוף על ידי Open Collective Foundation 501(c)( 3) בכתובת [opencollective.com/privacyguides](https://opencollective.com/privacyguides). תרומות ל-Privacy Guides ניתנות לניכוי מס בדרך כלל בארצות הברית. @@ -59,5 +87,3 @@ title: "אודות Privacy Guides" :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: אלא אם צוין אחרת, התוכן המקורי באתר זה זמין תחת [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). משמעות הדבר היא שאתה חופשי להעתיק ולהפיץ מחדש את החומר בכל מדיום או פורמט לכל מטרה, אפילו מסחרית; כל עוד אתה נותן קרדיט מתאים ל`Privacy Guides (www.privacyguides.org)` ומספק קישור לרישיון. אתה רשאי לעשות זאת בכל דרך סבירה, אך לא בכל דרך שמציעה שPrivacy Guides מאשרים אותך או את השימוש שלך. אם תערבב מחדש, תשנה או תבנה על התוכן של אתר זה, אינך רשאי להפיץ את החומר שהשתנה. רישיון זה נועד למנוע מאנשים לחלוק את עבודתנו מבלי לתת קרדיט מתאים, וכדי למנוע מאנשים לשנות את העבודה שלנו באופן שעלול לשמש כדי להטעות אנשים. אם אתה מוצא את התנאים של רישיון זה מגבילים מדי עבור הפרויקט שאתה עובד עליו, אנא פנה אלינו בכתובת `jonah@privacyguides.org`. אנו שמחים לספק אפשרויות רישוי חלופיות לפרויקטים בעלי כוונות טובות במרחב הפרטיות! - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/notices.md b/i18n/he/about/notices.md index 6046549bf..e07a37510 100644 --- a/i18n/he/about/notices.md +++ b/i18n/he/about/notices.md @@ -41,5 +41,3 @@ Privacy Guides בנוסף אינם מתחייבים כי אתר זה יהיה ז * גירוד * כריית נתונים * 'מסגור' (IFrames) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/privacy-policy.md b/i18n/he/about/privacy-policy.md index d04ce5ffa..5571577e6 100644 --- a/i18n/he/about/privacy-policy.md +++ b/i18n/he/about/privacy-policy.md @@ -59,5 +59,3 @@ jonah@privacyguides.org אנו נפרסם גרסאות חדשות של הצהרה זו [כאן](privacy-policy.md). אנו עשויים לשנות את האופן שבו אנו מכריזים על שינויים בגרסאות עתידיות של מסמך זה. בינתיים אנו עשויים לעדכן את פרטי הקשר שלנו בכל עת מבלי להודיע על שינוי. אנא עיין ב[מדיניות הפרטיות](privacy-policy.md) לקבלת הפרטים העדכניים ביותר ליצירת קשר בכל עת. ניתן למצוא גרסה מלאה של [היסטוריה](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) של דף זה ב-GitHub. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/privacytools.md b/i18n/he/about/privacytools.md index a5f82f35b..a63dfb96d 100644 --- a/i18n/he/about/privacytools.md +++ b/i18n/he/about/privacytools.md @@ -116,5 +116,3 @@ Subreddits אינם שייכים לאף אחד, והם במיוחד לא שיי - [2 באפריל 2022 תגובה מאת u/dng99 לפוסט ההאשמות של PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [16 במאי 2022 מענה @TommyTran732 בטוויטר](https://twitter.com/TommyTran732/status/1526153497984618496) - [ספטמבר 3, 2022 פוסט על הפורום של Techlore על ידי @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/services.md b/i18n/he/about/services.md index a1550fca0..ef8357cf1 100644 --- a/i18n/he/about/services.md +++ b/i18n/he/about/services.md @@ -36,5 +36,3 @@ - זמינות: חצי ציבורי אנו מארחים את Invidious בעיקר כדי להגיש סרטוני YouTube משובצים באתר האינטרנט שלנו, מופע זה אינו מיועד לשימוש כללי ועשוי להיות מוגבל בכל עת. - מקור: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/statistics.md b/i18n/he/about/statistics.md index f36d47bed..d59eac11a 100644 --- a/i18n/he/about/statistics.md +++ b/i18n/he/about/statistics.md @@ -59,5 +59,3 @@ title: סטטיסטיקת תנועה }) }) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/advanced/communication-network-types.md b/i18n/he/advanced/communication-network-types.md index 84df9cc77..a9d9b5cb6 100644 --- a/i18n/he/advanced/communication-network-types.md +++ b/i18n/he/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "סוגי רשתות תקשורת" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- ישנן מספר ארכיטקטורות רשת הנפוצות להעברת הודעות בין אנשים. רשתות אלו יכולות לספק הבטחות פרטיות שונות, וזו הסיבה שכדאי לקחת בחשבון את [מודל האיום](../basics/threat-modeling.md) שלך בעת ההחלטה באיזו אפליקציה להשתמש. @@ -100,5 +101,3 @@ icon: 'material/transit-connection-variant' - פחות אמין אם צמתים נבחרים על ידי ניתוב אקראי, חלק מהצמתים עשויים להיות רחוקים מאוד מהשולח והמקבל, להוסיף זמן השהייה או אפילו לא לשדר הודעות אם אחד הצמתים אינו מקוון. - מורכב יותר להתחיל, שכן נדרשת יצירה וגיבוי מאובטח של מפתח פרטי קריפטוגרפי. - בדיוק כמו פלטפורמות מבוזרות אחרות, הוספת תכונות מורכבת יותר עבור מפתחים מאשר בפלטפורמה מרכזית. לפיכך, תכונות עשויות להיות חסרות או מיושמות באופן חלקי, כגון העברת הודעות לא מקוונות או מחיקת הודעות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/advanced/dns-overview.md b/i18n/he/advanced/dns-overview.md index 8e51c4352..1a5c13a4e 100644 --- a/i18n/he/advanced/dns-overview.md +++ b/i18n/he/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "סקירה כללית של DNS" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- [מערכת שמות הדומיין](https://en.wikipedia.org/wiki/Domain_Name_System) היא 'ספר הטלפונים של האינטרנט'. DNS מתרגם שמות דומיין לכתובות IP כך שדפדפנים ושירותים אחרים יכולים לטעון משאבי אינטרנט, דרך רשת מבוזרת של שרתים. @@ -303,5 +304,3 @@ QNAME הוא "שם מוסמך", לדוגמה`privacyguides.org`. מזעור QNam זה נועד "לזרז" את מסירת הנתונים על ידי מתן תשובה ללקוח השייך לשרת הקרוב אליו כגון [תוכן רשת מסירה](https://en.wikipedia.org/wiki/Content_delivery_network), המשמשות לעתים קרובות בהזרמת וידאו והגשת יישומי אינטרנט של JavaScript. תכונה זו כרוכה בעלות פרטיות, מכיוון שהיא מספרת לשרת ה-DNS מידע על מיקומו של הלקוח. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/advanced/payments.md b/i18n/he/advanced/payments.md new file mode 100644 index 000000000..76d234250 --- /dev/null +++ b/i18n/he/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: תשלומים פרטיים +icon: material/hand-coin +--- + +יש סיבה לכך שנתונים על הרגלי הקנייה שלך נחשבים לגביע הקדוש של מיקוד מודעות: הרכישות שלך יכולות להדליף אוצר אמיתי של נתונים עליך. למרבה הצער, המערכת הפיננסית הנוכחית נוגדת פרטיות בעיצובה, ומאפשרת לבנקים, לחברות אחרות ולממשלות לעקוב בקלות אחר עסקאות. עם זאת, יש לך אפשרויות רבות בכל הנוגע לביצוע תשלומים באופן פרטי. + +## מזומן + +במשך מאות שנים, **מזומן** תפקד כצורת התשלום הפרטית העיקרית. למזומן יש מאפייני פרטיות מצוינים ברוב המקרים, הוא מקובל ברוב המדינות ו**ניתן לשינוי**, כלומר אינו ייחודי וניתן להחלפה לחלוטין. + +חוקי התשלום במזומן משתנים בהתאם למדינה. בארצות הברית, נדרש גילוי מיוחד עבור תשלומים במזומן מעל $10,000 ל-IRS ב[טופס 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). העסק המקבל נדרש לזהות את שמו, כתובתו, עיסוקו, תאריך הלידה ומספר תעודת הזהות/אמצעי זיהוי אחרים של מקבל התשלום (עם כמה חריגים). גבולות נמוכים יותר ללא תעודת זהות כגון $3,000 או פחות קיימות עבור החלפות והעברת כסף. מזומן מכיל גם מספרים סידוריים. כמעט אף פעם לא עוקבים אחר אלה על ידי סוחרים, אבל הם יכולים לשמש את רשויות אכיפת החוק בחקירות ממוקדות. + +למרות זאת, זו בדרך כלל האפשרות הטובה ביותר. + +## כרטיסים בתשלום מראש & כרטיסי מתנה + +קל יחסית לרכוש כרטיסי מתנה וכרטיסים משולמים ברוב חנויות המכולת וחנויות הנוחות במזומן. בכרטיסי מתנה בדרך כלל אין עמלה, אם כי לרוב יש בכרטיסים משולמים מראש, אז שימו לב היטב לעמלות ולתאריכי התפוגה הללו. חנויות מסוימות עשויות לבקש לראות את תעודת הזהות שלך בקופה כדי להפחית הונאה. + +לכרטיסי מתנה יש בדרך כלל מגבלות של עד $200 לכרטיס, אבל חלקם מציעים הגבלה של עד $2,000 לכרטיס. לכרטיסים משולמים מראש (למשל: מוויזה או מאסטרקארד) יש בדרך כלל מגבלות של עד $1,000 לכרטיס. + +לכרטיסי מתנה יש את החיסרון שהם כפופים למדיניות הסוחר, שיכולה להיות לה תנאים והגבלות איומים. לדוגמה, סוחרים מסוימים אינם מקבלים תשלום בכרטיסי מתנה באופן בלעדי, או שהם עשויים לבטל את ערך הכרטיס אם הם מחשיבים אותך כמשתמש בסיכון גבוה. ברגע שיש לך אשראי סוחר, לסוחר יש מידה חזקה של שליטה על אשראי זה. + +כרטיסים בתשלום מראש אינם מאפשרים משיכת מזומן מכספומטים או תשלומים "עמית לעמית" ב-Venmo ובאפליקציות דומות. + +מזומן נשאר האפשרות הטובה ביותר עבור רכישות אישיות עבור רוב האנשים. כרטיסי מתנה יכולים להיות שימושיים עבור החיסכון שהם מביאים. כרטיסים משולמים מראש יכולים להיות שימושיים עבור מקומות שאינם מקבלים מזומן. קל יותר להשתמש בכרטיסי מתנה וכרטיסים משולמים באינטרנט מאשר במזומן, וקל יותר לרכוש אותם עם מטבעות קריפטוגרפיים מאשר במזומן. + +### חנויות אונליין + +אם יש לך [מטבע קריפטוגרפי](../cryptocurrency.md), אתה יכול לרכוש כרטיסי מתנה עם שוק כרטיסי מתנה אונליין. חלק מהשירותים הללו מציעים אפשרויות אימות מזהה עבור מגבלות גבוהות יותר, אך הם גם מאפשרים חשבונות עם כתובת אימייל בלבד. מגבלות בסיסיות מתחילות ב-$5,000-10,000 ליום עבור חשבונות בסיסיים, ומגבלות גבוהות משמעותית עבור חשבונות מאומתים מזהים (אם מוצעים). + +בקניית כרטיסי מתנה באינטרנט, בדרך כלל יש הנחה קלה. כרטיסים משולמים מראש בדרך כלל נמכרים באינטרנט במחיר נקוב או בתשלום. אם אתה קונה כרטיסים משולמים מראש וכרטיסי מתנה עם מטבעות קריפטוגרפיים, אתה צריך מאוד להעדיף לשלם עם Monero שמספק פרטיות חזקה, עוד על כך בהמשך. תשלום עבור כרטיס מתנה עם שיטת תשלום שניתן לעקוב אחריהם שולל את היתרונות שכרטיס מתנה יכול לספק ברכישה במזומן או ב-Monero. + +- [שווקים של כרטיסי מתנה אונליין :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## כרטיסים וירטואליים + +דרך נוספת להגן על המידע שלך מפני סוחרים מקוונים היא להשתמש בכרטיסים וירטואליים חד פעמיים המסווים את פרטי הבנק או החיוב בפועל שלך. זה שימושי בעיקר להגנה עליך מפני הפרות נתונים של סוחרים, מעקב פחות מתוחכם או מתאם רכישה על ידי סוכנויות שיווק וגניבת נתונים מקוונים. הם **לא** מסייעים לך לבצע רכישה באופן אנונימי לחלוטין, וגם לא מסתירים מידע כלשהו מהמוסד הבנקאי עצמו. מוסדות פיננסיים רגילים המציעים כרטיסים וירטואליים כפופים לחוקי "הכר את הלקוח שלך" (KYC), כלומר הם עשויים לדרוש את תעודת הזהות שלך או מידע מזהה אחר. + +- [שירותי מיסוך תשלום מומלצים :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +אלו נוטות להיות אפשרויות טובות לתשלומים חוזרים/מנויים באינטרנט, בעוד שכרטיסי מתנה משולמים מראש מועדפים לעסקאות חד פעמיות. + +## מטבעות קריפטוגרפיים + +מטבעות קריפטוגרפיים הם מטבע דיגיטלי שנועד לעבוד ללא רשויות מרכזיות כמו ממשלה או בנק. בעוד ש*כמה* פרויקטים של מטבעות קריפטוגרפיים יכולים לאפשר לך לבצע עסקאות פרטיות באופן מקוון, רבים משתמשים בבלוקצ'יין ציבורי שאינו מספק פרטיות עסקה כלשהי. מטבעות קריפטוגרפיים נוטים להיות נכסים מאוד תנודתיים, כלומר ערכם יכול להשתנות במהירות ובאופן משמעותי בכל עת. ככזה, אנו בדרך כלל לא ממליצים להשתמש במטבעות קריפטוגרפיים כמאגר ערך לטווח ארוך. אם תחליט להשתמש במטבעות קריפטוגרפיים באינטרנט, וודא שיש לך הבנה מלאה של היבטי הפרטיות שלו מראש, והשקיע רק סכומים שלא יהיה אסון להפסיד. + +!!! danger "סַכָּנָה" + + הרוב המכריע של מטבעות הקריפטו פועלים על בלוקצ'יין **ציבורי**, כלומר כל עסקה היא ידע ציבורי. זה כולל אפילו את רוב מטבעות הקריפטו הידועים כמו ביטקוין ואת'ריום. עסקאות עם מטבעות קריפטוגרפיים אלה לא צריכות להיחשב פרטיות ולא יגנו על האנונימיות שלך. + + בנוסף, רבים אם לא רוב המטבעות הקריפטו הם הונאות. בצע עסקאות בזהירות עם רק פרויקטים שאתה סומך עליהם. + +### מטבעות פרטיות + +ישנם מספר פרויקטים של מטבעות קריפטוגרפיים שמתיימרים לספק פרטיות על ידי הפיכת עסקאות לאנונימיות. אנו ממליצים להשתמש באחד המספק אנונימיות לעסקה **כברירת מחדל** כדי למנוע שגיאות תפעול. + +- [מטבעות קריפטוגרפיים מומלצים :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +מטבעות פרטיות היו נתונים לבדיקה גוברת של סוכנויות ממשלתיות. בשנת 2020, [ IRS פרסם פרס של $625,000 ](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) עבור כלים שיכולים לשבור את פרטיות העסקאות של Bitcoin Lightning Network ו/או של Monero. בסופו של דבר [הם שילמו לשתי חברות](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis ו-Integra Fec) סך של 1.25 מיליון דולר עבור כלים שמתיימרים לעשות זאת (לא ידוע לאיזו רשת מטבעות קריפטוגרפיים מכוונים הכלים הללו). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### מטבעות אחרים (ביטקוין, את'ריום וכו') + +הרוב המכריע של פרויקטים של מטבעות קריפטוגרפיים משתמשים בבלוקצ'יין ציבורי, כלומר כל העסקאות הן ניתנות למעקב בקלות וקבועות. ככזה, אנו מונעים בתוקף את השימוש ברוב מטבעות הקריפטו מסיבות הקשורות לפרטיות. + +עסקאות אנונימיות בבלוקצ'יין ציבורי אפשריות *תיאורטית*, וויקי הביטקוין [נותן דוגמה אחת לעסקה "אנונימית לחלוטין"](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). עם זאת, לעשות זאת דורשת הגדרה מסובכת הכוללת Tor ו"כריית סולו" של בלוק ליצירת מטבעות קריפטוגרפיים עצמאיים לחלוטין, פרקטיקה שלא הייתה מעשית עבור כמעט אף חובב במשך שנים רבות. + +==האפשרות הטובה ביותר שלך היא להימנע לחלוטין ממטבעות קריפטוגרפיים אלה ולהישאר עם אחד שמספק פרטיות כברירת מחדל.== ניסיון להשתמש במטבעות קריפטוגרפיים אחרים הוא מחוץ לתחום של אתר זה ומומלץ מאוד. + +### משמורת ארנק + +עם מטבעות קריפטוגרפיים יש שתי צורות של ארנקים: ארנקים משמורת וארנקים לא משמורים. ארנקי משמורת מופעלים על ידי חברות/בורסות מרכזיות, כאשר המפתח הפרטי של הארנק שלך מוחזק על ידי אותה חברה, ואתה יכול לגשת אליהם בכל מקום בדרך כלל עם שם משתמש וסיסמה רגילים. ארנקים לא משמורים הם ארנקים שבהם אתה שולט ומנהל את המפתחות הפרטיים כדי לגשת אליו. בהנחה שאתה שומר על המפתחות הפרטיים של הארנק שלך מאובטחים ומגובים, ארנקים לא משמורים מספקים אבטחה ועמידות גבוהה יותר לצנזורה על פני ארנקים משמורים, מכיוון שהמטבע הקריפטוגרפי שלך לא יכול להיגנב או להקפיא על ידי חברה עם משמורת על המפתחות הפרטיים שלך. שמירת מפתח חשובה במיוחד כשמדובר במטבעות פרטיות: ארנקי משמורת מעניקים לחברה המפעילה את היכולת לצפות בעסקאות שלך, מה ששולל את יתרונות הפרטיות של אותם מטבעות קריפטוגרפיים. + +### רכישה + +רכישת [מטבעות קריפטוגרפיים](../cryptocurrency.md) כמו Monero באופן פרטי יכולה להיות קשה. שוקי P2P כמו [LocalMonero](https://localmonero.co/), פלטפורמה המאפשרת עסקאות בין אנשים, הן אפשרות אחת שניתן להשתמש בה. אם השימוש בבורסה הדורשת KYC מהווה סיכון מקובל עבורך כל עוד לא ניתן לאתר עסקאות עוקבות, אפשרות הרבה יותר קלה היא לרכוש Monero בבורסה כמו [Kraken](https://kraken.com/), או רכשו ביטקוין/לייטקוין מבורסת KYC אשר לאחר מכן ניתן להחליף למונרו. לאחר מכן, אתה יכול למשוך את ה-Monero שנרכש לארנק הלא משמורן שלך כדי להשתמש בו באופן פרטי מנקודה זו ואילך. + +אם אתם הולכים בדרך זו, דאגו לרכוש את Monero בזמנים שונים ובסכומים שונים מהמקום שבו תוציאו אותו. אם אתה רוכש 5,000$ של Monero בבורסה ותבצע רכישה של 5,000$ במונרו שעה לאחר מכן, פעולות אלו עשויות להיות מתואם על ידי צופה מבחוץ, ללא קשר לנתיב שהמונרו עבר. רכישות מדהימות ורכישת כמויות גדולות יותר של Monero מראש כדי לבזבז מאוחר יותר על מספר עסקאות קטנות יותר יכולות למנוע את המלכודת הזו. + +## שיקולים נוספים + +כאשר אתה מבצע תשלום באופן אישי במזומן, הקפד לשמור על הפרטיות האישית שלך בחשבון. מצלמות אבטחה נמצאות בכל מקום. שקול ללבוש בגדים לא מובחנים ומסיכת פנים (כגון מסכה כירורגית או N95). אל תירשם לתוכניות תגמולים ואל תספק מידע אחר על עצמך. + +בעת רכישה מקוונת, באופן אידיאלי עליך לעשות זאת דרך [Tor](tor-overview.md). עם זאת, סוחרים רבים אינם מאפשרים רכישות עם Tor. אתה יכול לשקול להשתמש ב-[VPN מומלץ ](../vpn.md) (בתשלום במזומן, כרטיס מתנה או Monero), או לבצע את הרכישה מבית קפה או ספרייה עם Wi-Fi בחינם. אם אתם מזמינים פריט פיזי שצריך לשלוח, תצטרכו לספק כתובת למשלוח. כדאי לשקול שימוש בתיבת דואר, תיבת דואר פרטית או כתובת עבודה. diff --git a/i18n/he/advanced/tor-overview.md b/i18n/he/advanced/tor-overview.md index 4d178fe12..c9c578e70 100644 --- a/i18n/he/advanced/tor-overview.md +++ b/i18n/he/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "סקירה כללית של Tor" icon: 'simple/torproject' +description: Tor היא רשת מבוזרת בחינם לשימוש המיועדת לשימוש באינטרנט עם כמה שיותר פרטיות. --- Tor היא רשת מבוזרת בחינם לשימוש המיועדת לשימוש באינטרנט עם כמה שיותר פרטיות. בשימוש נכון, הרשת מאפשרת גלישה ותקשורת פרטית ואנונימית. @@ -74,8 +75,6 @@ Tor מאפשר לנו להתחבר לשרת מבלי שאף גורם אחד יד - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (יוטיוב) - [Tor שירותי בצל - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (יוטיוב) ---8<-- "includes/abbreviations.he.txt" - [^1]: הממסר הראשון במעגל שלך נקרא "שומר כניסה" או "שומר". זהו ממסר מהיר ויציב שנשאר הראשון במעגל שלך למשך 2-3 חודשים על מנת להגן מפני התקפה ידועה לשבירת אנונימיות. שאר המעגל שלך משתנה עם כל אתר חדש שאתה מבקר בו, וכולם ביחד מספקים ממסרים אלה את הגנת הפרטיות המלאה של Tor. לקבלת מידע נוסף על אופן הפעולה של ממסרי מגן, עיין במאמר זה [בלוג פוסט](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) וגם [דף](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) על שומרי כניסה. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: דגל ממסר: (אי)-הסמכה מיוחדת של ממסרים עבור עמדות מעגל (לדוגמה, "שומר", "יציאה", "יציאה-גרועה"), מאפייני מעגל (לדוגמה, "מהיר", "יציב"), או תפקידים (לדוגמה, "רשות", "HSDir"), כפי שהוקצו על ידי רשויות המדריכים ומוגדרים יותר במפרט פרוטוקול הספרייה. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/he/android.md b/i18n/he/android.md index ca5adac98..b1c3597f2 100644 --- a/i18n/he/android.md +++ b/i18n/he/android.md @@ -1,6 +1,7 @@ --- title: "אנדרואיד" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![לוגו אנדרואיד](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ icon: 'simple/android' אלו הן מערכות ההפעלה, המכשירים והאפליקציות של אנדרואיד שאנו ממליצים על מנת למקסם את האבטחה והפרטיות של המכשיר הנייד שלך. למידע נוסף על אנדרואיד: -- [סקירה כללית של אנדרואיד :material-arrow-right-drop-circle:](os/android-overview.md) -- [מדוע אנו ממליצים על GrapheneOS על פני CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[סקירה כללית של אנדרואיד :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[מדוע אנו ממליצים על GrapheneOS על פני CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## נגזרות AOSP @@ -41,9 +43,9 @@ icon: 'simple/android' [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="קוד מקור" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=תרומה } -GrapheneOS תומך ב-[Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), המריץ את [שירותי ](https://en.wikipedia.org/wiki/Google_Play_Services)Google Play בארגז חול מלא כמו כל אפליקציה רגילה אחרת. המשמעות היא שאתה יכול לנצל את רוב שירותי Google Play, כגון [הודעות דחיפה](https://firebase.google.com/docs/cloud-messaging/), תוך מתן שליטה מלאה על ההרשאות והגישה שלהם, ובזמן שהם מכילים אותם ל[פרופיל עבודה](os/android-overview.md#work-profile) או [פרופיל משתמש](os/android-overview.md#user-profiles) לבחירתך. +GrapheneOS תומך ב-[Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), המריץ את [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) בארגז חול מלא כמו כל אפליקציה רגילה אחרת. משמעות הדבר היא שאתה יכול לנצל את רוב שירותי Google Play, כגון [הודעות דחיפה](https://firebase.google.com/docs/cloud-messaging/), תוך מתן שליטה מלאה על ההרשאות והגישה שלהם, ותוך כדי הכללתן ב[פרופיל עבודה](os/android-overview.md#work-profile) או [פרופיל משתמש](os/android-overview.md#user-profiles) ספציפי לבחירתך. -טלפונים של Google Pixel הם המכשירים היחידים שעומדים כעת ב[דרישות אבטחת החומרה](https://grapheneos.org/faq#device-support) של GrapheneOS. +טלפונים של Google Pixel הם המכשירים היחידים שעומדים כרגע ב[דרישות אבטחת החומרה](https://grapheneos.org/faq#device-support) של GrapheneOS. ### DivestOS @@ -63,9 +65,9 @@ GrapheneOS תומך ב-[Sandboxed Google Play](https://grapheneos.org/usage#sand ל - DivestOS יש פגיעות ליבה ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [שמתוקן](https://gitlab.com/divested-mobile/cve_checker) אוטומטית, פחות בועות קנייניות, וקובץ [מארחים](https://divested.dev/index.php?page=dnsbl) מותאם. ה-WebView המוקשה שלו, [Mulch](https://gitlab.com/divested-mobile/mulch), מאפשר [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) עבור כל הארכיטקטורות ו[חלוקת מצבי רשת](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), ומקבל עדכונים מחוץ לפס. DivestOS כוללת גם תיקוני ליבה מ-GrapheneOS ומאפשרת את כל תכונות האבטחה הזמינות של הליבה באמצעות [הקשחת defconfig](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). כל הליבות החדשות יותר מגרסה 3.4 כוללים עמוד מלא [חיטוי](https://lwn.net/Articles/334747/) ולכל ~22 הליבות המחוברים יש Clang [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) מופעל. -DivestOS מיישמת כמה תיקוני הקשחת מערכת שפותחו במקור עבור GrapheneOS. DivestOS 16.0 ומעלה מיישמת את החלפת הרשאות [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) וחיישנים של GrapheneOS, [מקצית זיכרון מוקשחת](https://github.com/GrapheneOS/hardened_malloc), [השרצת מנהלים](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [קונסטיפיקציה](https://en.wikipedia.org/wiki/Const_(computer_programming)) של [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) ותיקוני התקשות [ביונית](https://en.wikipedia.org/wiki/Bionic_(software)) חלקית. תכונות 17.1 ומעלה של GrapheneOS לכל רשת [אפשרות אקראיות מלאה של ](https://en.wikipedia.org/wiki/MAC_address#Randomization)MAC, בקרת [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) ואתחול אוטומטי/Wi-Fi/Bluetooth [אפשרויות פסק זמן](https://grapheneos.org/features). +DivestOS מיישמת כמה תיקוני הקשחת מערכת שפותחו במקור עבור GrapheneOS. DivestOS 16.0 ומעלה מיישמת את החלפת הרשאות [`אינטרנט`](https://developer.android.com/training/basics/network-ops/connecting) וחיישנים של GrapheneOS, [מקצית זיכרון מוקשחת](https://github.com/GrapheneOS/hardened_malloc), [השרצת מנהלים](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [קונסטיפיקציה](https://en.wikipedia.org/wiki/Const_(computer_programming)) של [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) ותיקוני התקשות [ביונית](https://en.wikipedia.org/wiki/Bionic_(software)) חלקית. תכונות 17.1 ומעלה של GrapheneOS לכל רשת [אפשרות אקראיות מלאה של ](https://en.wikipedia.org/wiki/MAC_address#Randomization)MAC, בקרת [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) ואתחול אוטומטי/Wi-Fi/Bluetooth [אפשרויות פסק זמן](https://grapheneos.org/features). -DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת כברירת מחדל. בדרך כלל, אנו ממליצים להימנע מ-F-Droid עקב [בעיות האבטחה](#f-droid) הרבות שלו. עם זאת, לעשות זאת ב-DivestOS לא כדאי; המפתחים מעדכנים את האפליקציות שלהם באמצעות מאגרי F-Droid משלהם ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) ו- [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). אנו ממליצים להשבית את אפליקציית F-Droid הרשמית ולהשתמש ב[Neo Store](https://github.com/NeoApplications/Neo-Store/) כאשר מאגרי DivestOS מופעלים כדי לשמור על רכיבים אלה מעודכנים. לגבי אפליקציות אחרות, השיטות המומלצות שלנו להשגתן עדיין חלות. +DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת כברירת מחדל. בדרך כלל, אנו ממליצים להימנע מ-F-Droid עקב [בעיות האבטחה](#f-droid) הרבות שלו. עם זאת, לעשות זאת ב-DivestOS לא כדאי; המפתחים מעדכנים את האפליקציות שלהם באמצעות מאגרי F-Droid משלהם ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) ו- [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). אנו ממליצים להשבית את אפליקציית F-Droid הרשמית ולהשתמש ב-[Neo Store](https://github.com/NeoApplications/Neo-Store/) עם מאגרי DivestOS מופעלים כדי לשמור על רכיבים אלה מעודכנים. לגבי אפליקציות אחרות, השיטות המומלצות שלנו להשגתן עדיין חלות. !!! warning "אזהרה" @@ -77,9 +79,9 @@ DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת בעת רכישת מכשיר, אנו ממליצים לרכוש אחד חדש ככל האפשר. התוכנה והקושחה של מכשירים ניידים נתמכות רק לזמן מוגבל, כך שקנייה חדשה מאריכה את תוחלת החיים עד כמה שניתן. -הימנע מרכישת טלפונים ממפעילי רשתות סלולריות. לעתים קרובות יש להם **מטען אתחול נעול** ואינם תומכים ב[פתיחת נעילה של OEM](https://source.android.com/devices/bootloader/locking_unlocking). גרסאות טלפון אלה ימנעו ממך להתקין כל סוג של הפצת אנדרואיד חלופית. +הימנע מרכישת טלפונים ממפעילי רשתות סלולריות. לאלה יש לרוב **מאתחול נעול** ואינם תומכים ב[פתיחת נעילה של OEM](https://source.android.com/devices/bootloader/locking_unlocking). גרסאות טלפון אלה ימנעו ממך להתקין כל סוג של הפצת אנדרואיד חלופית. -היה מאוד **זהיר** לגבי קניית טלפונים יד שניה משוק מקוון. בדוק תמיד את המוניטין של המוכר. אם המכשיר נגנב, קיימת אפשרות ל[רשימה שחורה של IMEI](https://www.gsma.com/security/resources/imei-blacklisting/). קיים גם סיכון שכרוך בהיותך קשור לפעילות של הבעלים הקודם. +היה מאוד **זהיר** בקניית טלפונים יד שנייה משוק אונליין. בדוק תמיד את המוניטין של המוכר. אם המכשיר נגנב, קיימת אפשרות ל[רשימה שחורה של IMEI](https://www.gsma.com/security/resources/imei-blacklisting/). קיים גם סיכון שכרוך בהיותך קשור לפעילות של הבעלים הקודם. עוד כמה טיפים לגבי מכשירי אנדרואיד ותאימות מערכות הפעלה: @@ -89,7 +91,7 @@ DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת ### גוגל פיקסל -טלפונים של גוגל פיקסל הם המכשירים **היחידים** שאנו ממליצים לרכישה. לטלפונים של Pixel יש אבטחת חומרה חזקה יותר מכל מכשירי אנדרואיד אחרים הקיימים כיום בשוק, בשל תמיכת AVB נאותה עבור מערכות הפעלה של צד שלישי ושבבי אבטחה [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) הפועלים כאלמנט המאובטח. +טלפונים של גוגל פיקסל הם המכשירים **היחידים** שאנו ממליצים לרכישה. לטלפונים של Pixel יש אבטחת חומרה חזקה יותר מכל מכשירי אנדרואיד אחרים הקיימים כיום בשוק, בשל תמיכת AVB נאותה עבור מערכות הפעלה של צד שלישי ושבבי האבטחה המותאמים אישית [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) של גוגל הפועלים כ-Secure Element. !!! recommendation @@ -101,18 +103,18 @@ DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת [:material-shopping: חנות](https://store.google.com/category/phones){ .md-button .md-button--primary } -רכיבים מאובטחים כמו Titan M2 מוגבלים יותר מסביבת הביצוע המהימנה של המעבד המשמשת את רוב הטלפונים האחרים מכיוון שהם משמשים רק לאחסון סודות, אישור חומרה והגבלת קצב, לא להפעלת תוכניות "מהימנות". טלפונים ללא Secure Element חייבים להשתמש ב-TEE עבור *כל* הפונקציות הללו, וכתוצאה מכך משטח התקפה גדול יותר. +רכיבים מאובטחים כמו Titan M2 מוגבלים יותר מסביבת הביצוע המהימנה של המעבד המשמשת את רוב הטלפונים האחרים מכיוון שהם משמשים רק לאחסון סודות, הוכחת חומרה והגבלת קצב, לא להפעלת תוכניות "מהימנות". טלפונים ללא Secure Element חייבים להשתמש ב-TEE עבור *כל* הפונקציות הללו, וכתוצאה מכך משטח התקפה גדול יותר. -טלפונים של Google Pixel משתמשים במערכת הפעלה TEE בשם Trusty שהיא [קוד פתוח](https://source.android.com/security/trusty#whyTrusty), בניגוד לטלפונים רבים אחרים. +טלפונים של גוגל פיקסל משתמשים ב-TEE OS בשם Trusty שהיא [קוד פתוח](https://source.android.com/security/trusty#whyTrusty), בניגוד לטלפונים רבים אחרים. -ההתקנה של GrapheneOS בטלפון Pixel קלה עם [מתקין האינטרנט](https://grapheneos.org/install/web) שלהם. אם אתה לא מרגיש בנוח לעשות את זה בעצמך ומוכן להוציא קצת כסף נוסף, בדוק את [NitroPhone](https://shop.nitrokey.com/shop) שהם מגיעים טעונים מראש עם GrapheneOS מחברת [Nitrokey](https://www.nitrokey.com/about) המכובדת. +ההתקנה של GrapheneOS בטלפון Pixel קלה עם [מתקין האינטרנט שלהם](https://grapheneos.org/install/web). אם אתה לא מרגיש בנוח לעשות את זה בעצמך ומוכן להוציא קצת כסף נוסף, בדוק את ה-[NitroPhone](https://shop.nitrokey.com/shop) מכיוון שהם נטענים מראש עם GrapheneOS של חברת [Nitrokey](https://www.nitrokey.com/about) המכובדת. עוד כמה טיפים לרכישת Google Pixel: - אם אתה מחפש מציאה על מכשיר פיקסל, אנו מציעים לקנות דגם "**a**", מיד לאחר יציאת ספינת הדגל הבאה. הנחות זמינות בדרך כלל מכיוון שגוגל תנסה לסלק את המלאי שלה. - שקול אפשרויות מכות מחיר ומבצעים המוצעים בחנויות פיזיות. -- עיין באתרי עסקאות מקוונים של קהילות במדינה שלך. אלה יכולים להתריע על מכירות טובות. -- Google מספקת רשימה המציגה את [מחזור התמיכה](https://support.google.com/nexus/answer/4457705) עבור כל אחד מהמכשירים שלהם. המחיר ליום עבור מכשיר יכול להיות מחושב כך: $\text{עלות} \over \text {תאריך סוף החיים}-\text{דייט נוכחי}$, כלומר, ככל שהשימוש במכשיר ארוך יותר, העלות ליום נמוכה יותר. +- עיין באתרי עסקאות אןנליין של קהילתיות במדינה שלך. אלה יכולים להתריע על מכירות טובות. +- Google מספקת רשימה המציגה את [מחזור התמיכה](https://support.google.com/nexus/answer/4457705) עבור כל אחד מהמכשירים שלהם. ניתן לחשב את המחיר ליום עבור מכשיר כך: $\text{עלות} \מעל \text {תאריך EOL}-\text{תאריך נוכחי}$, כלומר ככל שהשימוש ארוך יותר במכשיר כך העלות ליום נמוכה יותר. ## אפליקציות כלליות @@ -165,15 +167,15 @@ DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת Auditor מבצע אישור וזיהוי חדירה על ידי: -- שימוש במודל [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) בין *מבקר* ו*בודק*, הזוג יוצר מפתח פרטי ב[מגובת החומרה מאגר המפתחות](https://source.android.com/security/keystore/) של *מבקר*. +- באמצעות מודל [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) בין *מבקר* ל*מבוקר*, הזוג יוצר מפתח פרטי ב[מאגר המפתחות המגובה בחומרה](https://source.android.com/security/keystore/) של ה*מבקר*. - *auditor* יכול להיות מופע אחר של אפליקציית Auditor או [שירות אישור מרחוק](https://attestation.app). -- ה*auditor* מתעד את המצב והתצורה הנוכחיים של ה*auditee*. +- המבקר רושם את המצב הנוכחי ואת התצורה של המבוקר. ה*auditor* מתעד את המצב והתצורה הנוכחיים של ה*auditee*. - אם התעסקות במערכת ההפעלה של ה*auditee* תתרחש לאחר השלמת ההתאמה, המבקר יהיה מודע לשינוי במצב המכשיר ובתצורות. - תקבל התראה על השינוי. לא נמסר מידע מזהה אישי לשירות האישורים. אנו ממליצים להירשם עם חשבון אנונימי ולאפשר אישור מרחוק לניטור רציף. -אם [מודל האיום](basics/threat-modeling.md) שלך דורש פרטיות, תוכל לשקול להשתמש ב-[Orbot](tor.md#orbot) או ב-VPN כדי הסתר את כתובת ה-IP שלך משירות האישורים. כדי לוודא שהחומרה ומערכת ההפעלה שלך מקוריות, [בצע אישור מקומי](https://grapheneos.org/install/web#verifying-installation) מיד לאחר התקנת ההתקן ולפני כן לכל חיבור לאינטרנט. +אם [מודל האיומים](basics/threat-modeling.md) שלך דורש פרטיות, תוכל לשקול להשתמש ב-[Orbot](tor.md#orbot)או ב-VPN כדי להסתיר את כתובת ה-IP שלך משירות האישורים. כדי לוודא שהחומרה ומערכת ההפעלה שלך מקוריות, [בצע אישור מקומי](https://grapheneos.org/install/web#verifying-installation) מיד לאחר התקנת המכשיר ולפני כל חיבור לאינטרנט. ### Secure Camera @@ -198,7 +200,7 @@ Auditor מבצע אישור וזיהוי חדירה על ידי: תכונות הפרטיות העיקריות כוללות: - הסרה אוטומטית של מטא נתונים של [Exif](https://en.wikipedia.org/wiki/Exif) (מופעל כברירת מחדל) -- שימוש בממשק ה-API החדש של [מדיה](https://developer.android.com/training/data-storage/shared/media), לכן [הרשאות אחסון](https://developer.android.com/training/data-storage) אינן נדרשות +- שימוש בממשק ה-API החדש של ה[מדיה](https://developer.android.com/training/data-storage/shared/media), לכן אין צורך ב[הרשאות אחסון](https://developer.android.com/training/data-storage) - אין צורך בהרשאת מיקרופון אלא אם ברצונך להקליט קול !!! note "הערה" @@ -232,7 +234,7 @@ Auditor מבצע אישור וזיהוי חדירה על ידי: ### GrapheneOS App Store -חנות האפליקציות של GrapheneOS זמינה ב-[GitHub](https://github.com/GrapheneOS/Apps/releases). הוא תומך באנדרואיד 12 ומעלה ומסוגל לעדכן את עצמו. לחנות האפליקציות יש יישומים עצמאיים שנבנו על ידי פרויקט GrapheneOS כגון [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera) ו-[PDF Viewer](https://github.com/GrapheneOS/PdfViewer). אם אתם מחפשים אפליקציות אלו, אנו ממליצים בחום להשיג אותן מחנות האפליקציות של GrapheneOS במקום מחנות Play, שכן האפליקציות בחנות שלהן חתומות על ידי חתימת הפרויקט של ה-GrapheneOS שלגוגל אין גישה אליה. +חנות האפליקציות של GrapheneOS זמינה ב-[GitHub](https://github.com/GrapheneOS/Apps/releases). הוא תומך באנדרואיד 12 ומעלה ומסוגל לעדכן את עצמו. לחנות האפליקציות יש יישומים עצמאיים שנבנו על ידי פרויקט GrapheneOS כגון [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), ו- [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). אם אתם מחפשים אפליקציות אלו, אנו ממליצים בחום להשיג אותן מחנות האפליקציות של GrapheneOS במקום מחנות Play, שכן האפליקציות בחנות שלהן חתומות על ידי חתימת הפרויקט של ה-GrapheneOS שלגוגל אין גישה אליה. ### Aurora Store @@ -251,29 +253,29 @@ Auditor מבצע אישור וזיהוי חדירה על ידי: - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם תכונת החשבון האנונימי שלהן. אתה יכול לחלופין להתחבר עם חשבון Google שלך עם Aurora Store כדי להוריד אפליקציות שרכשת, מה שאכן נותן גישה לרשימת האפליקציות שהתקנת ל-Google, אולם אתה עדיין נהנה מכך שאינך דורש את לקוח Google Play המלא ואת Google Play שירותים או microG במכשיר שלך. +Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם תכונת החשבון האנונימי שלהן. אתה יכול לחלופין להתחבר עם חשבון גוגל שלך ל-Aurora Store כדי להוריד אפליקציות שרכשת, מה שאכן נותן גישה לרשימת האפליקציות שהתקנת לגוגל, אולם אתה עדיין נהנה מכך שאינך דורש את לקוח Google Play המלא ואת Google Play Services או microG במכשיר שלך. ### התראות RSS באופן ידני -עבור אפליקציות ששוחררו בפלטפורמות כמו GitHub ו-GitLab, ייתכן שתוכל להוסיף עדכון RSS ל[צובר החדשות](/news-aggregators) שלך שיעזור לך לעקוב אחר מהדורות חדשות. +עבור אפליקציות שמשוחררות בפלטפורמות כמו GitHub ו-GitLab, ייתכן שתוכל להוסיף עדכון RSS ל[צובר החדשות](/news-aggregators) שלך שיעזור לך לעקוב אחר מהדורות חדשות. ![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![שינויים ב-APK](./assets/img/android/rss-changes-light.png#only-light) ![שינויים ב-APK](./assets/img/android/rss-changes-dark.png#only-dark) #### Github -ב-GitHub, באמצעות [Secure Camera](#secure-camera) כדוגמה, תנווט אל [ שלה. דף מהדורות](https://github.com/GrapheneOS/Camera/releases) וצרף את `.atom` לכתובת האתר: +ב-GitHub, באמצעות [Secure Camera](#secure-camera) כדוגמה, תנווט ל[דף ההפצות](https://github.com/GrapheneOS/Camera/releases) שלו ותוסיף את `.atom` לכתובת האתר: `https://github.com/GrapheneOS/Camera/releases.atom` #### GitLab -ב-GitLab, באמצעות [Aurora Store](#aurora-store) כדוגמה, תנווט אל [מאגר הפרויקטים שלה ](https://gitlab.com/AuroraOSS/AuroraStore) והוסף את `/-/tags?format=atom` לכתובת האתר: +ב-GitLab, באמצעות [Aurora Store](#aurora-store) כדוגמה, תנווט אל [מאגר הפרויקטים](https://gitlab.com/AuroraOSS/AuroraStore) שלו ותוסיף `/-/tags?format=atom` לכתובת האתר: `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` #### אימות טביעות אצבע של APK -אם אתה מוריד קבצי APK להתקנה ידנית, תוכל לאמת את החתימה שלהם באמצעות [`apksigner`](https://developer.android.com/studio/command-line/apksigner) כלי, שהוא חלק מ[כלי בנייה](https://developer.android.com/studio/releases/build-tools) של אנדרואיד. +אם אתה מוריד קבצי APK להתקנה ידנית, אתה יכול לאמת את החתימה שלהם עם הכלי [`apksigner`](https://developer.android.com/studio/command-line/apksigner), שהוא חלק מ[כלי הבנייה](https://developer.android.com/studio/releases/build-tools) של אנדרואיד. 1. התקן [Java JDK](https://www.oracle.com/java/technologies/downloads/). @@ -306,13 +308,13 @@ Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם ![לוגו F-Droid](assets/img/android/f-droid.svg){ align=right width=120px } -==אנחנו **לא** ממליצים כרגע על F-Droid כדרך להשיג אפליקציות.== F-Droid מומלצת לעתים קרובות כחלופה ל-Google Play, במיוחד בפרטיות קהילה. האפשרות להוסיף מאגרי צד שלישי ולא להיות מוגבלים לגן המוקף חומה של גוגל הובילה לפופולריות שלו. ל-F-Droid יש בנוסף [בניינים הניתנים לשחזור](https://f-droid.org/en/docs/Reproducible_Builds/) עבור יישומים מסוימים והוא מוקדש לתוכנות חינמיות וקוד פתוח. עם זאת, יש [בעיות בולטות](https://privsec.dev/posts/android/f-droid-security-issues/) עם לקוח F-Droid הרשמי, בקרת האיכות שלו, כיצד הם בונים, חותמים ומספקים חבילות. +==אנחנו **לא** ממליצים כרגע על F-Droid כדרך להשיג אפליקציות.== F-Droid מומלצת לעתים קרובות כחלופה ל-Google Play, במיוחד בפרטיות קהילה. האפשרות להוסיף מאגרי צד שלישי ולא להיות מוגבלים לגן המוקף חומה של גוגל הובילה לפופולריות שלו. ל-F-Droid יש בנוסף [בנייה הניתנת לשחזור](https://f-droid.org/en/docs/Reproducible_Builds/) עבור יישומים מסוימים והוא מוקדש לתוכנות חינמיות וקוד פתוח. עם זאת, ישנן [בעיות בולטות](https://privsec.dev/posts/android/f-droid-security-issues/) עם הלקוח הרשמי של F-Droid, בקרת האיכות שלו והאופן שבו הם בונים, חותמים ומעבירים חבילות. בשל תהליך בניית האפליקציות שלהם, אפליקציות במאגר ה-F-Droid הרשמי מפגרות לעתים קרובות בפיגור לגבי עדכונים. מנהלי F-Droid גם עושים שימוש חוזר במזהי חבילה בזמן חתימת אפליקציות עם המפתחות שלהם, וזה לא אידיאלי מכיוון שהוא נותן אמון אולטימטיבי לצוות F-Droid. -מאגרים פופולריים אחרים של צד שלישי כגון [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) מקלים על חלק מהחששות הללו. מאגר IzzyOnDroid מושך רכיבים ישירות מ-GitHub והוא הדבר הטוב הבא למאגרים של המפתחים עצמם. עם זאת, זה לא משהו שאנחנו יכולים להמליץ עליו, מכיוון שאפליקציות בדרך כלל [מסירים](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) מהמאגר הזה כאשר הם מגיעים למאגר F-Droid הראשי. למרות שזה הגיוני (מכיוון שהמטרה של המאגר המסוים הזה היא לארח אפליקציות לפני שהן מתקבלות למאגר ה-F-Droid הראשי), זה יכול להשאיר אותך עם אפליקציות מותקנות שכבר לא מקבלים עדכונים. +מאגרים פופולריים אחרים של צד שלישי כגון [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) מקלים על חלק מהחששות הללו. מאגר IzzyOnDroid מושך רכיבים ישירות מ-GitHub והוא הדבר הטוב הבא למאגרים של המפתחים עצמם. עם זאת, זה לא משהו שאנחנו יכולים להמליץ עליו, מכיוון שבדרך כלל אפליקציות [מוסרות](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) מהמאגר הזה כשהן מגיעות למאגר F-Droid הראשי. למרות שזה הגיוני (מכיוון שהמטרה של המאגר המסוים הזה היא לארח אפליקציות לפני שהן מתקבלות למאגר ה-F-Droid הראשי), זה יכול להשאיר אותך עם אפליקציות מותקנות שכבר לא מקבלים עדכונים. -עם זאת, [F-Droid](https://f-droid.org/en/packages/) ו-[IzzyOnDroid](https://apt.izzysoft.de/fdroid/) הם ביתם של אינספור אפליקציות, כך שהם יכולים להוות כלי שימושי לחיפוש ולגלות אפליקציות קוד פתוח שתוכל להוריד דרך חנות Play, Aurora Store, או על ידי קבלת ה-APK ישירות מה- מפתח. חשוב לזכור שחלק מהאפליקציות במאגרים אלו לא עודכנו במשך שנים ועשויות להסתמך על ספריות שאינן נתמכות, בין היתר, מהוות סיכון אבטחה פוטנציאלי. אתה צריך להשתמש במיטב שיקול הדעת שלך כשאתה מחפש אפליקציות חדשות בשיטה זו. +עם זאת, מאגרי [F-Droid](https://f-droid.org/en/packages/) ו-[IzzyOnDroid](https://apt.izzysoft.de/fdroid/) הם ביתם של אינספור אפליקציות, כך שהם יכולים להיות כלי שימושי לחיפוש ולגלות אפליקציות קוד פתוח שתוכלו לאחר מכן הורד דרך Play Store, Aurora Store, או על ידי קבלת ה-APK ישירות מהמפתח. חשוב לזכור שחלק מהאפליקציות במאגרים אלו לא עודכנו במשך שנים ועשויות להסתמך על ספריות שאינן נתמכות, בין היתר, מהוות סיכון אבטחה פוטנציאלי. אתה צריך להשתמש במיטב שיקול הדעת שלך כשאתה מחפש אפליקציות חדשות בשיטה זו. !!! note "הערה" @@ -342,12 +344,10 @@ Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם - חייב לתמוך לפחות באחת ממערכות ההפעלה המומלצות שלנו. - חייב להימכר כרגע חדש בחנויות. - חייב לקבל לפחות 5 שנים של עדכוני אבטחה. -- חייבת להיות חומרה ייעודית לרכיב מאובטח. +- חייב להיות חומרה ייעודית לרכיב מאובטח. ### יישומים - יישומים בדף זה לא חייבים להיות ישימים לכל קטגוריית תוכנה אחרת באתר. - יישומים כלליים צריכים להרחיב או להחליף את פונקציונליות הליבה של המערכת. - יישומים צריכים לקבל עדכונים ותחזוקה שוטפים. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/account-creation.md b/i18n/he/basics/account-creation.md index 14b6240b4..b8a836cb8 100644 --- a/i18n/he/basics/account-creation.md +++ b/i18n/he/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "יצירת חשבון" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- לעתים קרובות אנשים נרשמים לשירותים מבלי לחשוב. אולי זה שירות סטרימינג כדי שתוכל לצפות בתוכנית החדשה שכולם מדברים עליה, או חשבון שנותן לך הנחה למקום האוכל המהיר האהוב עליך. לא משנה מה המקרה, עליך לשקול את ההשלכות על הנתונים שלך כעת ובהמשך בהמשך הקו. @@ -78,5 +79,3 @@ SSO יכול להיות שימושי במיוחד במצבים שבהם אתה ### שם משתמש וסיסמא שירותים מסוימים מאפשרים לך להירשם ללא שימוש בכתובת אימייל ורק דורשים ממך להגדיר שם משתמש וסיסמה. שירותים אלה עשויים לספק אנונימיות מוגברת בשילוב עם VPN או Tor. זכור שעבור חשבונות אלה סביר להניח ש**אין דרך לשחזר את חשבונך** במקרה שתשכח את שם המשתמש או הסיסמה שלך. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/account-deletion.md b/i18n/he/basics/account-deletion.md index 710eea431..06d564e4e 100644 --- a/i18n/he/basics/account-deletion.md +++ b/i18n/he/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "מחיקת חשבון" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- עם הזמן, זה יכול להיות קל לצבור מספר חשבונות מקוונים, שרבים מהם אולי כבר לא תשתמשו בהם. מחיקת חשבונות שאינם בשימוש היא צעד חשוב בהחזרת הפרטיות שלך, מכיוון שחשבונות רדומים חשופים לפרצות מידע. פרצת נתונים היא כאשר אבטחת השירות נפגעת ומידע מוגן נצפה, מועבר או נגנב על ידי שחקנים לא מורשים. פרצות מידע הן למרבה הצער כולן [נפוצות מדי](https://haveibeenpwned.com/PwnedWebsites) בימינו, ולכן תרגול היגיינה דיגיטלית טובה היא הדרך הטובה ביותר למזער את ההשפעה שיש להן על חייך. המטרה של מדריך זה היא אם כן לעזור לנווט אותך בתהליך המעיק של מחיקת חשבון, שלעתים קרובות מקשה על ידי [עיצוב מטעה](https://www.deceptive.design/), למען השיפור של הנוכחות המקוונת שלך. @@ -59,5 +60,3 @@ icon: 'material/account-remove' ## הימנעות מחשבונות חדשים כפי שאומר הפתגם הישן, "גרם של מניעה שווה קילו של תרופה." בכל פעם שאתה מתפתה להירשם לחשבון חדש, שאל את עצמך, "האם אני באמת צריך את זה? האם אני יכול להשיג את מה שאני צריך בלי חשבון?" לעתים קרובות זה יכול להיות הרבה יותר קשה למחוק חשבון מאשר ליצור אחד. וגם לאחר מחיקה או שינוי של המידע בחשבונך, עשויה להיות גרסה שמור של צד שלישי - כמו [ארכיון האינטרנט](https://archive.org/). הימנע מהפיתוי כאשר אתה מסוגל - העצמי העתידי שלך יודה לך! - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/common-misconceptions.md b/i18n/he/basics/common-misconceptions.md index 001a7a981..18dd7366d 100644 --- a/i18n/he/basics/common-misconceptions.md +++ b/i18n/he/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "תפיסות מוטעות נפוצות" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "תוכנת קוד פתוח תמיד מאובטחת" או "תוכנה קניינית מאובטחת יותר" @@ -56,6 +57,4 @@ icon: 'material/robot-confused' שימוש ב- Tor יכול לעזור בזה. ראוי גם לציין כי אנונימיות רבה יותר אפשרית באמצעות תקשורת אסינכרונית: תקשורת בזמן אמת חשופה לניתוח של דפוסי הקלדה (כלומר יותר מפסקת טקסט, מופצת בפורום, באמצעות דואר אלקטרוני וכו') ---8<-- "includes/abbreviations.he.txt" - [^1]: אחת הדוגמאות הבולטות לכך היא [תקרית 2021 שבה חוקרים מאוניברסיטת מינסוטה הציגו שלוש נקודות תורפה לפרויקט פיתוח ליבת לינוקס](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/he/basics/common-threats.md b/i18n/he/basics/common-threats.md index d27576df2..95de3adf7 100644 --- a/i18n/he/basics/common-threats.md +++ b/i18n/he/basics/common-threats.md @@ -1,11 +1,12 @@ --- title: "איומים נפוצים" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- באופן כללי, אנו מסווגים את ההמלצות שלנו ל[איומים](threat-modeling.md) או יעדים שחלים על רוב האנשים. ==ייתכן שאתה מודאג מאף אחת, אחת, כמה, או מכל האפשרויות האלה==, והכלים והשירותים שבהם אתה משתמש תלויים במטרותיך. ייתכן שיש לך איומים ספציפיים גם מחוץ לקטגוריות האלה, וזה בסדר גמור! החלק החשוב הוא פיתוח הבנה של היתרונות והחסרונות של הכלים שבהם אתה בוחר להשתמש, כי למעשה אף אחד מהם לא יגן עליך מכל איום. -- :material-incognito: אנונימיות - הגנה על הפעילות המקוונת שלך מהזהות האמיתית שלך, הגנה עליך מפני אנשים שמנסים לחשוף את *שלך * זהות ספציפית. +- :material-incognito: אנונימיות - הגנה על הפעילות המקוונת שלך מהזהות האמיתית שלך, הגנה עליך מפני אנשים שמנסים לחשוף את הזהות *שלך* ספציפית. - :material-target-account: התקפות ממוקדות - הגנה מפני האקרים או שחקנים זדוניים אחרים שמנסים לקבל גישה לנתונים או מכשירים ספציפיים *שלך*. - :material-bug-outline: התקפות פסיביות - הגנה מפני דברים כמו תוכנות זדוניות, פרצות נתונים והתקפות אחרות שנעשות נגד אנשים רבים בו-זמנית. - :material-server-network: ספקי שירותים - הגנה על הנתונים שלך מפני ספקי שירות (למשל באמצעות E2EE, מה שהופך את הנתונים שלך לבלתי קריאים לשרת). @@ -140,8 +141,6 @@ icon: 'material/eye-outline' אתה חייב תמיד לשקול את הסיכונים בניסיון לעקוף את הצנזורה, את ההשלכות האפשריות ועד כמה מתוחכם עלול להיות היריב שלך. אתה צריך להיות זהיר בבחירת התוכנה שלך, ולהכין תוכנית גיבוי למקרה שתיתפס. ---8<-- "includes/abbreviations.he.txt" - [^1]: ויקיפדיה: [*מעקבים המונים*](https://en.wikipedia.org/wiki/Mass_surveillance) ו[*מעקבים*](https://en.wikipedia.org/wiki/Surveillance). [^2]: מועצת הפיקוח על הפרטיות וחירויות האזרח של ארצות הברית: [*דיווח על תוכנית רישומי הטלפון שנערכה לפי סעיף 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: ויקיפדיה: [*מעקב קפיטליזם*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/he/basics/email-security.md b/i18n/he/basics/email-security.md index e1fafe694..b3f6f48e3 100644 --- a/i18n/he/basics/email-security.md +++ b/i18n/he/basics/email-security.md @@ -1,6 +1,7 @@ --- title: אבטחת אימייל icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- אימייל הוא צורת תקשורת לא מאובטחת כברירת מחדל. אתה יכול לשפר את אבטחת האימייל שלך עם כלים כגון OpenPGP, שמוסיפים הצפנה מקצה לקצה להודעות שלך, אך ל-OpenPGP עדיין יש מספר חסרונות בהשוואה להצפנה ביישומי הודעות אחרים, וחלק מנתוני הדוא"ל לעולם אינם יכולים להיות מוצפנים מטבעם. לאופן עיצוב האימייל. @@ -38,5 +39,3 @@ icon: material/email ### למה מטא נתונים לא יכולים להיות E2EE? מטא נתונים של דואר אלקטרוני חיוניים לפונקציונליות הבסיסית ביותר של דואר אלקטרוני (מהיכן הוא הגיע ולאן הוא צריך ללכת). E2EE לא היה מובנה בפרוטוקולי הדואר האלקטרוני במקור, ובמקום זאת נדרש לתוכנת הרחבה כמו OpenPGP. מכיוון שהודעות OpenPGP עדיין צריכות לעבוד עם ספקי דואר אלקטרוני מסורתיים, הן אינן יכולות להצפין מטה - נתונים של דואר אלקטרוני, אלא רק את גוף ההודעה עצמו. כלומר, גם כאשר משתמשים ב - OpenPGP, משקיפים חיצוניים יכולים לראות מידע רב על ההודעות שלך, כגון את מי אתה שולח בדוא"ל, את קווי הנושא, מתי אתה שולח דוא"ל וכו '. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/multi-factor-authentication.md b/i18n/he/basics/multi-factor-authentication.md index c1cff715f..361faaf64 100644 --- a/i18n/he/basics/multi-factor-authentication.md +++ b/i18n/he/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "אימות מרובה גורמים" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **אימות מרובה גורמים** (**MFA**) הוא מנגנון אבטחה הדורש שלבים נוספים מעבר להזנת שם המשתמש (או האימייל) והסיסמה שלך. השיטה הנפוצה ביותר היא קודים מוגבלים בזמן שאתה עשוי לקבל מ-SMS או מאפליקציה. @@ -162,5 +163,3 @@ sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLog ### KeePass (ו-KeePassXC) ניתן לאבטח מסדי נתונים של KeePass ו-KeePassXC באמצעות Challenge-Response או HOTP כאימות גורם שני. Yubico סיפקה מסמך עבור KeePass [שימוש ב-YubiKey עם KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) ויש גם אחד באתר [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa). - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/passwords-overview.md b/i18n/he/basics/passwords-overview.md index eb8f29628..cebaf8455 100644 --- a/i18n/he/basics/passwords-overview.md +++ b/i18n/he/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "מבוא לסיסמאות" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- סיסמאות הן חלק חיוני מחיינו הדיגיטליים היומיומיים. אנו משתמשים בהם כדי להגן על החשבונות שלנו, המכשירים והסודות שלנו. למרות היותם לעתים קרובות הדבר היחיד בינינו לבין יריב שרודף אחרי המידע הפרטי שלנו, לא מושקעת בהם הרבה מחשבה, מה שמוביל לרוב לכך שאנשים משתמשים בסיסמאות שניתן לנחש בקלות או להכריח אותן. @@ -108,5 +109,3 @@ icon: 'material/form-textbox-password' ### גיבויים עליך לאחסן גיבוי [מוצפן](../encryption.md) של הסיסמאות שלך במספר התקני אחסון או בספק אחסון בענן. זה יכול לעזור לך לגשת לסיסמאות שלך אם משהו קורה למכשיר הראשי שלך או לשירות שבו אתה משתמש. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/threat-modeling.md b/i18n/he/basics/threat-modeling.md index 28e76b0a5..bf0d2e0b2 100644 --- a/i18n/he/basics/threat-modeling.md +++ b/i18n/he/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "מודל איומים" icon: 'material/target-account' +description: איזון בין אבטחה, פרטיות ושימושיות היא אחת המשימות הראשונות והקשות שתתמודדו איתם במסע הפרטיות שלכם. --- איזון בין אבטחה, פרטיות ושימושיות היא אחת המשימות הראשונות והקשות שתתמודדו איתם במסע הפרטיות שלכם. הכל הוא פשרה: ככל שמשהו בטוח יותר, כך הוא בדרך כלל מגביל או לא נוח יותר, וכו'. לעתים קרובות, אנשים מגלים שהבעיה בכלים שהם רואים מומלצים היא שפשוט קשה מדי להתחיל להשתמש בהם! @@ -107,5 +108,3 @@ icon: 'material/target-account' ## מקורות - [הגנה עצמית במעקב EFF: תוכנית האבטחה שלך](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/vpn-overview.md b/i18n/he/basics/vpn-overview.md index f05b5921d..70a2a9327 100644 --- a/i18n/he/basics/vpn-overview.md +++ b/i18n/he/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: סקירה כללית של VPN icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- רשתות וירטואליות פרטיות הן דרך להרחיב את הקצה של הרשת שלך ליציאה למקום אחר בעולם. ספק שירותי אינטרנט יכול לראות את זרימת תעבורת האינטרנט הנכנסת ויוצאת ממכשיר סיום הרשת שלך (כלומר מודם). -פרוטוקולי הצפנה כגון HTTPS נמצאים בשימוש נפוץ באינטרנט, כך שהם אולי לא יוכלו לראות בדיוק את מה שאתה מפרסם או קורא אבל הם יכולים לקבל מושג על [דומיינים שאתה מבקש](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). VPN יכול לעזור מכיוון שהוא יכול להעביר אמון לשרת במקום אחר בעולם. כתוצאה מכך, ספק שירותי האינטרנט רואה רק שאתה מחובר ל-VPN ושום דבר לגבי הפעילות שאתה מעביר אליו. @@ -74,5 +75,3 @@ VPN עדיין עשוי להיות שימושי עבורך במגוון תרחי - [חקירת אפליקציית VPN בחינם](https://www.top10vpn.com/free-vpn-app-investigation/) - [בעלי VPN מוסתרים חשפו: 101 מוצרי VPN המנוהלים על ידי 23 חברות בלבד](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [החברה הסינית הזו עומדת בסתר מאחורי 24 אפליקציות פופולריות שמחפשות הרשאות מסוכנות](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/calendar.md b/i18n/he/calendar.md index c15c423e9..f58e7ac13 100644 --- a/i18n/he/calendar.md +++ b/i18n/he/calendar.md @@ -1,6 +1,7 @@ --- title: "סנכרון לוח שנה" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- לוחות שנה מכילים חלק מהנתונים הרגישים ביותר שלך; השתמש במוצרים המיישמים E2EE ב - מנוחה כדי למנוע מספק לקרוא אותם. @@ -67,5 +68,3 @@ icon: material/calendar הקריטריונים הטובים ביותר שלנו מייצגים את מה שהיינו רוצים לראות מהפרויקט המושלם בקטגוריה זו. ייתכן שההמלצות שלנו לא יכללו חלק מהפונקציונליות הזו או את כולה, אך אלו שכן כן עשויות לדרג גבוה יותר מאחרות בדף זה. - צריך להשתלב עם לוח השנה של מערכת ההפעלה המקומית ואפליקציות ניהול אנשי קשר, אם רלוונטי. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/cloud.md b/i18n/he/cloud.md index 8ca94e80d..59919806d 100644 --- a/i18n/he/cloud.md +++ b/i18n/he/cloud.md @@ -1,6 +1,7 @@ --- title: "אחסון בענן" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- ספקי אחסון ענן רבים דורשים את האמון המלא שלך בכך שהם לא יסתכלו על הקבצים שלך. החלופות המפורטות להלן מבטלות את הצורך באמון על ידי מתן שליטה על הנתונים שלך או על ידי יישום E2EE. @@ -29,7 +30,6 @@ icon: material/file-cloud - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -הלקוחות הניידים של Proton Drive שוחררו בדצמבר 2022 ועדיין אינם קוד פתוח. Proton עיכבה באופן היסטורי את שחרורי קוד המקור שלהם עד לאחר שחרור המוצר הראשוני, [ומתכננת](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) לשחרר את קוד המקור עד סוף 2023. לקוחות שולחן העבודה של Proton Drive עדיין בפיתוח. ## קריטריונים @@ -58,5 +58,3 @@ icon: material/file-cloud - לקוחות אלה צריכים להשתלב עם כלי מערכת הפעלה מקוריים עבור ספקי אחסון בענן, כגון שילוב אפליקציות קבצים ב- iOS, או פונקציונליות DocumentsProvider באנדרואיד. - צריך לתמוך בשיתוף קבצים קל עם משתמשים אחרים. - אמור להציע לפחות תצוגה מקדימה בסיסית של קובץ ופונקציונליות עריכה בממשק האינטרנט. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/cryptocurrency.md b/i18n/he/cryptocurrency.md new file mode 100644 index 000000000..ac9c6abf1 --- /dev/null +++ b/i18n/he/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: מטבעות קריפטוגרפיים +icon: material/bank-circle +--- + +ביצוע תשלומים אונליין הוא אחד האתגרים הגדולים ביותר לפרטיות. מטבעות קריפטוגרפיים אלו מספקים פרטיות עסקאות כברירת מחדל (דבר ש**לא** מובטח על ידי רוב מטבעות הקריפטו), בתנאי שיש לך הבנה טובה כיצד לבצע תשלומים פרטיים ביעילות. אנו ממליצים בחום שתקרא תחילה את מאמר סקירת התשלומים שלנו לפני ביצוע רכישות כלשהן: + +[ביצוע תשלומים פרטיים :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger "סַכָּנָה" + + רבים אם לא רוב הפרויקטים של מטבעות קריפטוגרפיים הם הונאות. בצע עסקאות בזהירות עם רק פרויקטים שאתה סומך עליהם. + +## Monero + +!!! recommendation + + ![Monero לוגו](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** משתמש בבלוקצ'יין עם טכנולוגיות משפרות פרטיות המטשטשות עסקאות כדי להשיג אנונימיות. כל עסקת Monero מסתירה את סכום העסקה, כתובות שליחה וקבלה, ומקור הכספים ללא שום חישוקים לדלג דרכם, מה שהופך אותה לבחירה אידיאלית עבור טירוני מטבעות קריפטוגרפיים. + + [:octicons-home-16: דף הבית](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=תיעוד} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="קוד מקור" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=לתרומה } + +עם Monero, משקיפים מבחוץ אינם יכולים לפענח כתובות מסחר Monero, סכומי עסקאות, יתרות כתובות או היסטוריית עסקאות. + +לפרטיות מיטבית, הקפד להשתמש בארנק לא משמורן שבו מפתח התצוגה נשאר במכשיר. המשמעות היא שרק לך תהיה את היכולת להוציא את הכספים שלך ולראות עסקאות נכנסות ויוצאות. אם אתה משתמש בארנק משמורן, הספק יכול לראות **כל מה** שאתה עושה; אם אתה משתמש בארנק "קל משקל" שבו הספק שומר על מפתח התצוגה הפרטי שלך, הספק יכול לראות כמעט כל מה שאתה עושה. כמה ארנקים שאינם משמורנים כוללים: + +- [Official Monero client](https://getmonero.org/downloads) (שולחני) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet תומך במספר מטבעות קריפטוגרפיים. גרסת Monero בלבד של Cake Wallet זמינה בכתובת [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (שולחני) +- [Monerujo](https://www.monerujo.io/) (אנדרואיד) + +לפרטיות מקסימלית (אפילו עם ארנק לא משמורן), עליך להפעיל צומת Monero משלך. שימוש בצומת של אדם אחר יחשוף בפניו מידע מסוים, כגון כתובת ה-IP שממנה אתה מתחבר אליו, חותמות הזמן שאתה מסנכרן את הארנק שלך והעסקאות שאתה שולח מהארנק שלך (אם כי אין פרטים נוספים על עסקאות אלו). לחלופין, אתה יכול להתחבר לצומת Monero של מישהו אחר באמצעות Tor או i2p. + +באוגוסט 2021, [הודיעה](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) CipherTrace על יכולות מעקב משופרות של Monero עבור סוכנויות ממשלתיות. פרסומים פומביים מראים כי רשת אכיפת הפשעים הפיננסיים של משרד האוצר האמריקאי העניקה [רישיון](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) ל-"Monero Module" של CipherTrace בסוף 2022. + +פרטיות גרף העסקאות של Monero מוגבלת על ידי חתימות הטבעות הקטנות יחסית שלה, במיוחד נגד התקפות ממוקדות. תכונות הפרטיות של Monero גם [הוטלו בספק](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) על ידי כמה חוקרי אבטחה, ומספר נקודות תורפה חמורות נמצאו ותוקנו בעבר, כך שהטענות שהועלו על ידי ארגונים כמו CipherTrace אינן באות בחשבון. אמנם אין זה סביר שכלי מעקב המוני Monero קיימים כפי שהם קיימים עבור ביטקוין ואחרים, אך בטוח שכלי מעקב מסייעים בחקירות ממוקדות. + +בסופו של דבר, Monero היא המתמודדת החזקה ביותר על מטבע קריפטוגרפי ידידותי לפרטיות, אך טענות הפרטיות שלה **לא** הוכחו באופן סופי כך או כך. נדרשים יותר זמן ומחקר כדי להעריך אם Monero עמיד מספיק בפני התקפות כדי לספק תמיד פרטיות נאותה. + +## קריטריונים + +**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. + +!!! example "חלק זה הוא חדש" + + אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך. + +- מטבעות קריפטו חייבים לספק עסקאות פרטיות/בלתי ניתנות לאיתור כברירת מחדל. diff --git a/i18n/he/data-redaction.md b/i18n/he/data-redaction.md index 898f59aff..95ba97108 100644 --- a/i18n/he/data-redaction.md +++ b/i18n/he/data-redaction.md @@ -1,6 +1,7 @@ --- title: "הפחתת נתונים ומטא נתונים" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- בעת שיתוף קבצים, הקפד להסיר מטא נתונים משויכים. קבצי תמונה כוללים בדרך כלל [נתוני Exif](https://en.wikipedia.org/wiki/Exif). תמונות לפעמים אפילו כוללות קואורדינטות GPS במטא-נתונים של הקובץ. @@ -141,5 +142,3 @@ icon: material/tag-remove - יישומים שפותחו עבור מערכות הפעלה בקוד פתוח חייבים להיות קוד פתוח. - יישומים חייבים להיות חינמיים ולא לכלול מודעות או מגבלות אחרות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/desktop-browsers.md b/i18n/he/desktop-browsers.md index 8780f32c5..6a9d01fdd 100644 --- a/i18n/he/desktop-browsers.md +++ b/i18n/he/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "דפדפנים שולחניים" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- אלה הדפדפנים והתצורות המומלצים כרגע לגלישה רגילה/לא אנונימית. אם אתה צריך לגלוש באינטרנט באופן אנונימי, אתה צריך להשתמש [Tor](tor.md) במקום. באופן כללי, אנו ממליצים לשמור על הרחבות הדפדפן שלך למינימום; יש להם גישה מורשית בתוך הדפדפן שלך, דורשים ממך לסמוך על המפתח, יכולים לגרום לך [להתבלט](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), ו[להחליש](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) את בידוד האתר. @@ -257,6 +258,4 @@ Brave כולל כמה אמצעים נגד טביעת אצבע בתכונת [Shie - אסור לשכפל דפדפן מובנה או פונקציונליות מערכת הפעלה. - חייב להשפיע ישירות על פרטיות המשתמש, כלומר לא חייב פשוט לספק מידע. ---8<-- "includes/abbreviations.he.txt" - [^1]: היישום של Brave מפורט ב [עדכוני פרטיות Brave: חלוקת מצב רשת לפרטיות](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/he/desktop.md b/i18n/he/desktop.md index 23db6cc1a..4c2781a58 100644 --- a/i18n/he/desktop.md +++ b/i18n/he/desktop.md @@ -1,6 +1,7 @@ --- title: "שולחן עבודה/מחשב אישי" icon: simple/linux +description: הפצות לינוקס מומלצות בדרך כלל להגנה על פרטיות וחופש תוכנה. --- הפצות לינוקס מומלצות בדרך כלל להגנה על פרטיות וחופש תוכנה. אם אינך משתמש עדיין בלינוקס, להלן כמה הפצות שאנו מציעים לנסות, כמו גם כמה טיפים כלליים לשיפור פרטיות ואבטחה החלים על הפצות לינוקס רבות. @@ -180,5 +181,3 @@ Qubes OS היא מערכת הפעלה מבוססת Xen שנועדה לספק א - חייב לתמוך בהצפנה בדיסק מלא במהלך ההתקנה. - אין להקפיא מהדורות רגילות במשך יותר משנה. [איננו ממליצים](os/linux-overview.md#release-cycle) על מהדורות distro "תמיכה לטווח ארוך" או "יציבה" לשימוש בשולחן העבודה. - חייב לתמוך במגוון רחב של חומרה. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/dns.md b/i18n/he/dns.md index 355763f5f..f144acdc1 100644 --- a/i18n/he/dns.md +++ b/i18n/he/dns.md @@ -1,20 +1,19 @@ --- -title: "פותרי DNS" +title: "ספקי DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "האם להשתמש ב - DNS מוצפן?" +יש להשתמש ב-DNS מוצפן עם שרתי צד שלישי רק כדי לעקוף [חסימת DNS](https://en.wikipedia.org/wiki/DNS_blocking) בסיסית כאשר אתה יכול להיות בטוח שלא יהיו השלכות. DNS מוצפן לא יעזור לך להסתיר את פעילות הגלישה שלך. - יש להשתמש ב-DNS מוצפן עם שרתי צד שלישי רק כדי לעקוף [חסימת DNS](https://en.wikipedia.org/wiki/DNS_blocking) בסיסית כאשר אתה יכול להיות בטוח שלא יהיו לכך השלכות. DNS מוצפן לא יעזור לך להסתיר את פעילות הגלישה שלך. - - [למידע נוסף על DNS](advanced/dns-overview.md){ .md-button } +[למד עוד :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## ספקים מומלצים -| ספקי DNS | מדיניות פרטיות | פרוטוקולים | תיעוד לוגים | ECS | סינון | +| ספקי DNS | מדיניות פרטיות | פרוטוקולים | תיעוד בקשות | ECS | סינון | | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | -------------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------- | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH
DoT
DNSCrypt | חלק[^1] | לא | מבוסס על בחירת שרת. רשימת סינון בשימוש ניתן למצוא כאן. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH
DoT | חלק[^2] | לא | מבוסס על בחירת שרת. | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH
DoT
DNSCrypt | חלקי[^1] | לא | מבוסס על בחירת שרת. רשימת סינון בשימוש ניתן למצוא כאן. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH
DoT | חלקי[^2] | לא | מבוסס על בחירת שרת. | | [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH
DoT
DNSCrypt
DoQ
DoH3 | אופציונאלי[^3] | לא | מבוסס על בחירת שרת. | | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | לא[^4] | לא | מבוסס על בחירת שרת. רשימת סינון בשימוש ניתן למצוא כאן. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH
DoT | אופציונאלי[^5] | אופציונאלי | מבוסס על בחירת שרת. | @@ -22,7 +21,7 @@ icon: material/dns ## קריטריונים -**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. +**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בְּספק, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. !!! example "חלק זה הוא חדש" @@ -31,9 +30,9 @@ icon: material/dns - חייב לתמוך ב [DNSSEC](advanced/dns-overview.md#what-is-dnssec). - [מזעור QNAME](advanced/dns-overview.md#what-is-qname-minimization). - אפשר ל - [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) להיות מנוטרל -- עדיף [Anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) תמיכה או תמיכה היגוי גיאוגרפי +- תעדוף תמיכה ב[Anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) או תמיכה ב"היגוי גיאוגרפי". -## תמיכת מערכת הפעלה מקורית +## תמיכה מובנת במערכת ההפעלה ### אנדרואיד @@ -132,8 +131,6 @@ Apple אינה מספקת ממשק מקורי ליצירת פרופילי DNS מ [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="קוד מקור" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=לתרומה } ---8<-- "includes/abbreviations.he.txt" - [^1]: AdGuard מאחסן מדדי ביצועים מצטברים של שרתי ה-DNS שלהם, כלומר מספר הבקשות המלאות לשרת מסוים, מספר הבקשות החסומות ומהירות עיבוד הבקשות. הם גם שומרים ומאחסנים את מסד הנתונים של הדומיינים שהתבקשו ב-24 השעות האחרונות. "אנחנו צריכים את המידע הזה כדי לזהות ולחסום עוקבים ואיומים חדשים." "אנחנו גם מתעדים כמה פעמים גשש זה או אחר נחסם. אנחנו צריכים את המידע הזה כדי להסיר את הכללים המיושנים מהמסננים שלנו." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare אוספת ומאחסנת רק את נתוני שאילתת ה-DNS המוגבלים שנשלחים לפותר 1.1.1.1. שירות הפותר 1.1.1.1 אינו רושם נתונים אישיים, וחלק הארי של נתוני השאילתות המוגבלים שאינם ניתנים לזיהוי אישי מאוחסן למשך 25 שעות בלבד. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D רק מתעדים עבור פותרי Premium עם פרופילי DNS מותאמים אישית. פותרים חינמיים אינם רושמים נתונים. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/he/email-clients.md b/i18n/he/email-clients.md index 5a63a34d8..47efefda8 100644 --- a/i18n/he/email-clients.md +++ b/i18n/he/email-clients.md @@ -1,6 +1,7 @@ --- title: "לקוחות אימייל" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- רשימת ההמלצות שלנו מכילה לקוחות אימייל התומכים הן ב[OpenPGP](encryption.md#openpgp) והן באימות חזק כגון [הרשאת פתוחה ](https://en.wikipedia.org/wiki/OAuth)(OAuth). OAuth מאפשר לך להשתמש ב - [אימות רב - גורמי](basics/multi-factor-authentication.md) ולמנוע גניבת חשבון. @@ -235,5 +236,3 @@ Canary Mail הוא קוד סגור. אנו ממליצים על זה בגלל ה - אינו אוסף טלמטריה כברירת מחדל. - צריך לתמוך ב - OpenPGP באופן מקורי, כלומר ללא הרחבות. - יש לתמוך באחסון הודעות דואר אלקטרוני מוצפנות של OpenPGP באופן מקומי. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/email.md b/i18n/he/email.md index e88b26838..34bd2879e 100644 --- a/i18n/he/email.md +++ b/i18n/he/email.md @@ -1,6 +1,7 @@ --- title: "שירותי אימייל" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- אימייל הוא למעשה הכרח לשימוש בכל שירות מקוון, אולם איננו ממליצים עליו לשיחות מאדם לאדם. דואר אלקטרוני הוא למעשה הכרח שימוש בכל שירות מקוון, אולם איננו ממליצים עליו לשיחות מאדם לאדם. @@ -9,9 +10,21 @@ icon: material/email לכל השאר, אנו ממליצים על מגוון ספקי דוא"ל המבוססים על מודלים עסקיים ברי קיימא ותכונות אבטחה ופרטיות מובנות. +- [ספקי דוא"ל תואמי OpenPGP :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [ספקים מוצפנים אחרים :material-arrow-right-drop-circle:](#more-providers) +- [שירותי כינוי אימייל :material-arrow-right-drop-circle:](#email-aliasing-services) +- [אפשרויות אירוח עצמי :material-arrow-right-drop-circle:](#self-hosting-email) + ## ספקי דוא"ל מומלצים -ספקים אלה תומכים באופן מקורי בהצפנה/פענוח של OpenPGP, ומאפשרים הודעות דוא"ל E2EE שאינן תלויות בספק. לדוגמה, משתמש Proton Mail יכול לשלוח הודעת E2EE למשתמש Mailbox.org, או שאתה יכול לקבל התראות מוצפנות OpenPGP משירותי אינטרנט התומכים בכך. +ספקים אלה תומכים באופן מקורי בהצפנה/פענוח של OpenPGP ובתקן Web Key Directory (WKD), המאפשרים הודעות אימייל E2EE אגנוסטיות לספקים. לדוגמה, משתמש Proton Mail יכול לשלוח הודעת E2EE למשתמש Mailbox.org, או שאתה יכול לקבל התראות מוצפנות OpenPGP משירותי אינטרנט התומכים בכך. + +
+ +- ![Proton Mail לוגו](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org לוגו](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning "אזהרה" @@ -49,41 +62,41 @@ icon: material/email ל-Proton Mail יש דוחות קריסה פנימיים שהם **לא** חולקים עם צדדים שלישיים. ניתן להשבית אפשרות זו ב: **הגדרות** > **עבור אל הגדרות** > **חשבון** > **אבטחה ופרטיות** > **שלח דוחות קריסה**. -??? success "דומיינים וכינויים מותאמים אישית" +#### :material-check:{ .pg-green } דומיינים וכינויים מותאמים אישית - מנויי Proton Mail בתשלום יכולים להשתמש בדומיין משלהם עם השירות או בכתובת [catch-all](https://proton.me/support/catch-all). Proton Mail תומך גם ב[כתובת משנה](https://proton.me/support/creating-aliases), וזה שימושי לאנשים שלא רוצים לרכוש דומיין. +מנויי Proton Mail בתשלום יכולים להשתמש בדומיין משלהם עם השירות או בכתובת [תפוס-הכל](https://proton.me/support/catch-all). Proton Mail תומך גם ב[כתובת משנה](https://proton.me/support/creating-aliases), שהיא שימושית לאנשים שלא רוצים לרכוש דומיין. -??? success "שיטות תשלום פרטיות" +#### :material-check:{ .pg-green } שיטות תשלום פרטיות - Proton Mail [accepts](https://proton.me/support/payment-options) ביטקוין ומזומן בדואר בנוסף לכרטיסי אשראי/חיוב רגילים ותשלומי PayPal. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "אבטחת חשבון" +#### :material-check:{ .pg-green } אבטחת חשבון - ProtonMail תומך ב - TOTP [אימות דו - שלבי]( https://proton.me/support/two-factor- authentication-2fa) בלבד. השימוש במפתח אבטחה U2F עדיין אינו נתמך. ProtonMail מתכננת ליישם את U2F עם השלמת הקוד [Single Sign On (SSO)]( https://reddit.com/comments/cheoy6/comment/feh2lw0/) שלהם. +Proton Mail תומך באימות TOTP [בשני גורמים בלבד](https://proton.me/support/two-factor-authentication-2fa). השימוש במפתח אבטחה U2F אינו נתמך עדיין. Proton Mail מתכננת ליישם את U2F עם השלמת קוד ה[כניסה יחידה (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) שלהם. -??? success "אבטחת מידע" +#### :material-check:{ .pg-green } אבטחת מידע - ל - Proton Mail יש [הצפנת אפס גישה](https://proton.me/blog/zero-access-encryption) ב - מנוחה עבור המיילים שלך ו - [calendars](https://proton.me/news/protoncalendar-security-model). נתונים המאובטחים באמצעות הצפנת אפס גישה נגישים רק לך. - - מידע מסוים המאוחסן ב-[Proton Contacts](https://proton.me/support/proton-contacts), כגון שמות תצוגה וכתובות דוא"ל, אינו מאובטח באמצעות הצפנת אפס גישה. שדות אנשי קשר התומכים בהצפנת אפס גישה, כגון מספרי טלפון, מסומנים בסמל מנעול. +ל-Proton Mail יש [הצפנה עם אפס-גישה](https://proton.me/blog/zero-access-encryption) במצב מנוחה עבור המיילים ו[היומנים](https://proton.me/news/protoncalendar-security-model) שלך. נתונים המאובטחים באמצעות הצפנת אפס גישה נגישים רק לך. -??? success "הצפנת אימייל" +מידע מסוים המאוחסן ב-[Proton Contacts](https://proton.me/support/proton-contacts), כגון שמות תצוגה וכתובות אימייל, אינו מאובטח בהצפנה ללא גישה. שדות אנשי קשר התומכים בהצפנה ללא גישה, כגון מספרי טלפון, מסומנים בסמל מנעול. - ל-Proton Mail יש [הצפנת OpenPGP משולבת](https://proton.me/support/how-to-use-pgp) בדואר האינטרנט שלהם. אימיילים לחשבונות Proton Mail אחרים מוצפנים באופן אוטומטי, וניתן להפעיל הצפנה לכתובות שאינן פרוטון מייל עם מפתח OpenPGP בקלות בהגדרות החשבון שלך. הם גם מאפשרים לך [להצפין הודעות לכתובות שאינן פרוטון מייל](https://proton.me/support/password-protected-emails) ללא צורך בהרשמה לחשבון Proton Mail או להשתמש בתוכנה כמו OpenPGP. - - Proton Mail תומך גם בגילוי מפתחות ציבוריים באמצעות HTTP מ-[מדריך מפתחות אינטרנט (WKD)](https://wiki.gnupg.org/WKD) שלהם. זה מאפשר לאנשים שאינם משתמשים ב-Proton Mail למצוא בקלות את מפתחות OpenPGP של חשבונות Proton Mail, עבור E2EE חוצה ספקים. +#### :material-check:{ .pg-green } הצפנת אימייל -??? warning "מורשת דיגיטלית" +Proton Mail [שילבה הצפנת OpenPGP](https://proton.me/support/how-to-use-pgp) בדואר האינטרנט שלהם. אימיילים לחשבונות Proton Mail אחרים מוצפנים באופן אוטומטי, וניתן להפעיל הצפנה לכתובות שאינן פרוטון מייל עם מפתח OpenPGP בקלות בהגדרות החשבון שלך. הם גם מאפשרים לך [להצפין הודעות לכתובות שאינן Proton Mail](https://proton.me/support/password-protected-emails) מבלי להזדקק להן להירשם לחשבון Proton Mail או להשתמש בתוכנה כמו OpenPGP. - Proton Mail אינו מציע תכונה מורשת דיגיטלית. +Proton Mail תומך גם בגילוי מפתחות ציבוריים באמצעות HTTP מ[ספריית מפתחות האינטרנט (WKD)](https://wiki.gnupg.org/WKD) שלהם. זה מאפשר לאנשים שאינם משתמשים ב-Proton Mail למצוא בקלות את מפתחות OpenPGP של חשבונות Proton Mail, עבור E2EE חוצה ספקים. -??? info "סיום חשבון" +#### :material-alert-outline:{ .pg-orange } מורשת דיגיטלית - אם יש לך חשבון בתשלום ו[החשבון לא שולם](https://proton.me/support/delinquency) לאחר 14 יום, לא תוכל לגשת לנתונים שלך. לאחר 30 יום, החשבון שלך יהפוך לבלתי פעיל ולא יקבל דואר נכנס. אתה תמשיך להיות מחויב במהלך תקופה זו. +Proton Mail אינו מציע תכונה מורשת דיגיטלית. -??? info "פונקציונליות נוספת" +#### :material-information-outline:{ .pg-blue } סגירת חשבון - Proton Mail מציע חשבון "ללא הגבלה" במחיר של €9.99/חודש, המאפשר גם גישה ל-Proton VPN בנוסף לאספקת מספר חשבונות, דומיינים, כינויים ושטח אחסון של 500GB. +אם יש לך חשבון בתשלום והחשבון שלך [לא שולם](https://proton.me/support/delinquency) לאחר 14 יום, לא תוכל לגשת לנתונים שלך. לאחר 30 יום, החשבון שלך יהפוך לבלתי פעיל ולא יקבל דואר נכנס. אתה תמשיך להיות מחויב במהלך תקופה זו. + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +Proton Mail מציע חשבון "ללא הגבלה" במחיר של €9.99/חודש, המאפשר גם גישה ל-Proton VPN בנוסף לאספקת מספר חשבונות, דומיינים, כינויים ושטח אחסון של 500GB. ### Mailbox.org @@ -101,43 +114,54 @@ icon: material/email - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "דומיינים וכינויים מותאמים אישית" +#### :material-check:{ .pg-green } דומיינים וכינויים מותאמים אישית - Mailbox.org מאפשר לך להשתמש בתחום משלך, והם תומכים בכתובות [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org תומך גם ב-[subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), וזה שימושי אם אינך רוצה לרכוש דומיין. +Mailbox.org מאפשר לך להשתמש בדומיין משלך, והם תומכים בכתובות [תפוס כל](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org תומך גם [בכתובת משנה](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), וזה שימושי אם אינך רוצה לרכוש דומיין. -??? info "שיטות תשלום פרטיות" +#### :material-check:{ .pg-green } שיטות תשלום פרטיות - Mailbox.org אינה מקבלת ביטקוין או כל מטבע קריפטוגרפי אחר כתוצאה מכך שמעבד התשלומים שלהם BitPay משעה את פעילותו בגרמניה. עם זאת, הם מקבלים מזומן בדואר, תשלום במזומן לחשבון בנק, העברה בנקאית, כרטיס אשראי, PayPal וכמה מעבדים ספציפיים לגרמנית: paydirekt ו- Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. עם זאת, הם מקבלים מזומן בדואר, תשלום במזומן לחשבון בנק, העברה בנקאית, כרטיס אשראי, PayPal ועוד כמה מעבדים ספציפיים לגרמניה: paydirekt ו-Sofortüberweisung. -??? success "אבטחת חשבון" +#### :material-check:{ .pg-green } אבטחת חשבון - Mailbox.org תומך ב-[אימות דו-שלבי](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) עבור דואר האינטרנט שלהם בלבד. אתה יכול להשתמש ב-TOTP או ב [Yubikey](https://en.wikipedia.org/wiki/YubiKey) דרך [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). תקני אינטרנט כגון [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) עדיין אינם נתמכים. +Mailbox.org תומך ב[אימות דו-שלבי](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) עבור דואר האינטרנט שלהם בלבד. אתה יכול להשתמש ב-TOTP או ב-[Yubikey](https://en.wikipedia.org/wiki/YubiKey) דרך [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). תקני אינטרנט כגון [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) אינם נתמכים עדיין. -??? info "אבטחת מידע" +#### :material-information-outline:{ .pg-blue } אבטחת מידע - Mailbox.org מאפשר הצפנה של דואר נכנס באמצעות [תיבת הדואר המוצפנת](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox) שלהם. הודעות חדשות שתקבל יוצפנו באופן מיידי באמצעות המפתח הציבורי שלך. - - עם זאת, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), פלטפורמת התוכנה המשמשת Mailbox.org, [אינה תומכת](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) בהצפנה של פנקס הכתובות ולוח השנה שלך. [אפשרות עצמאית](calendar.md) עשויה להתאים יותר למידע זה. +Mailbox.org מאפשר הצפנה של דואר נכנס באמצעות [תיבת הדואר המוצפנת](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox) שלהם. הודעות חדשות שתקבל יוצפנו באופן מיידי באמצעות המפתח הציבורי שלך. -??? success "הצפנת אימייל" +עם זאת, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), פלטפורמת התוכנה המשמשת את Mailbox.org, [אינה תומכת](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) בהצפנה של פנקס הכתובות והלוח שנה שלך. [אפשרות עצמאית](calendar.md) עשויה להתאים יותר למידע זה. - יש Mailbox.org [הצפנה משולבת](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard)בדואר האינטרנט שלהם, מה שמפשט את שליחת ההודעות לאנשים עם מפתחות OpenPGP ציבוריים. הם גם מאפשרים [לנמענים מרוחקים לפענח דוא"ל](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) בשרתים של Mailbox.org. תכונה זו שימושית כאשר לנמען המרוחק אין OpenPGP ואין באפשרותו לפענח עותק של הדואר האלקטרוני בתיבת הדואר שלו. - - Mailbox.org תומך גם בגילוי מפתחות ציבוריים באמצעות HTTP מספריית [מפתח האינטרנט (WKD)](https://wiki.gnupg.org/WKD). זה מאפשר לאנשים מחוץ Mailbox.org למצוא את מפתחות OpenPGP של חשבונות Mailbox.org בקלות, עבור E2EE חוצה ספקים. +#### :material-check:{ .pg-green } הצפנת אימייל -??? success "מורשת דיגיטלית" +ל-Mailbox.org יש [הצפנה משולבת](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) בדואר האינטרנט שלהם, מה שמקל על שליחת הודעות לאנשים עם מפתחות OpenPGP ציבוריים. הם גם מאפשרים [לנמענים מרוחקים לפענח אימייל בשרתים](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) של Mailbox.org. תכונה זו שימושית כאשר לנמען המרוחק אין OpenPGP ואין באפשרותו לפענח עותק של הדואר האלקטרוני בתיבת הדואר שלו. - Mailbox.org כולל תכונת מורשת דיגיטלית לכל התוכניות. אתה יכול לבחור אם אתה רוצה שכל הנתונים שלך יועברו ליורשים בתנאי שהם חלים ומספקים את הצוואה שלך. לחלופין, ניתן למנות אדם לפי שם וכתובת. +Mailbox.org תומך גם בגילוי מפתחות ציבוריים באמצעות HTTP מ-[Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) שלהם. זה מאפשר לאנשים מחוץ Mailbox.org למצוא את מפתחות OpenPGP של חשבונות Mailbox.org בקלות, עבור E2EE חוצה ספקים. -??? info "סיום חשבון" +#### :material-check:{ .pg-green } מורשת דיגיטלית - החשבון שלך יוגדר לחשבון משתמש מוגבל כאשר החוזה שלך יסתיים, לאחר [30 יום הוא יימחק באופן בלתי הפיך](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org כולל תכונת מורשת דיגיטלית לכל התוכניות. אתה יכול לבחור אם אתה רוצה שכל הנתונים שלך יועברו ליורשים בתנאי שהם חלים ומספקים את הצוואה שלך. לחלופין, ניתן למנות אדם לפי שם וכתובת. -??? info "פונקציונליות נוספת" +#### :material-information-outline:{ .pg-blue } סגירת חשבון - אתה יכול לגשת לחשבון Mailbox.org שלך באמצעות IMAP / SMTP באמצעות[.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). עם זאת, לא ניתן לגשת לממשק דואר האינטרנט שלהם באמצעות שירות.onion שלהם ואתה עלול להיתקל בשגיאות אישור TLS. - - כל החשבונות מגיעים עם שטח אחסון מוגבל בענן ש[ניתן להצפין](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org מציע גם את הכינוי [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), אשר אוכף את הצפנת TLS על החיבור בין שרתי דואר, אחרת ההודעה לא תישלח כלל. Mailbox.org תומך גם ב-[Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) בנוסף לפרוטוקולי גישה סטנדרטיים כגון IMAP ו-POP3. +החשבון שלך יוגדר לחשבון משתמש מוגבל כאשר החוזה שלך יסתיים, לאחר [30 יום הוא יימחק באופן בלתי הפיך](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +אתה יכול לגשת לחשבון Mailbox.org שלך דרך IMAP/SMTP באמצעות [שירות.onion](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org) שלהם. עם זאת, לא ניתן לגשת לממשק דואר האינטרנט שלהם באמצעות שירות.onion שלהם ואתה עלול להיתקל בשגיאות אישור TLS. + +כל החשבונות מגיעים עם אחסון ענן מוגבל ש[ניתן להצפנה](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org מציעה גם את הכינוי [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), אשר אוכף את הצפנת TLS על החיבור בין שרתי דואר, אחרת ההודעה לא תישלח כלל. Mailbox.org תומך גם ב-[Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) בנוסף לפרוטוקולי גישה סטנדרטיים כמו IMAP ו-POP3. + +## עוד ספקים + +ספקים אלה מאחסנים את המיילים שלך עם הצפנת אפס ידע, מה שהופך אותם לאפשרויות נהדרות לשמירה על אבטחת המיילים המאוחסנים שלך. עם זאת, הם אינם תומכים בתקני הצפנה הניתנים להפעלה הדדית עבור תקשורת E2EE בין ספקים. + +
+ +- ![StartMail לוגו](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail לוגו](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota לוגו](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ icon: material/email - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "דומיינים וכינויים מותאמים אישית" +#### :material-check:{ .pg-green } דומיינים וכינויים מותאמים אישית - חשבונות אישיים יכולים להשתמש בכינויים [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). [דומיינים מותאמים אישית](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) זמינים גם כן. +חשבונות אישיים יכולים להשתמש ב[כינויים מותאמים אישית או מהירים](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). [דומיינים מותאמים אישית](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) זמינים גם כן. -??? warning "שיטות תשלום פרטיות" +#### :material-alert-outline:{ .pg-orange } שיטות תשלום פרטיות - StartMail מקבלת ויזה, מאסטרקארד, אמריקן אקספרס ו - Paypal. ל - StartMail יש גם [אפשרויות תשלום] אחרות (https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) כגון Bitcoin (כרגע רק עבור חשבונות אישיים) ו - SEPA Direct Debit עבור חשבונות ישנים יותר משנה. +StartMail מקבלת ויזה, מאסטרקארד, אמריקן אקספרס ו - Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "אבטחת חשבון" +#### :material-check:{ .pg-green } אבטחת חשבון - StartMail תומך באימות דו-גורמי TOTP [עבור דואר אינטרנט בלבד](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). הם אינם מאפשרים אימות מפתח אבטחה U2F. +StartMail תומך באימות TOTP בשני גורמים עבור [דואר אינטרנט](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA) בלבד. הם אינם מאפשרים אימות מפתח אבטחה U2F. -??? info "אבטחת מידע" +#### :material-information-outline:{ .pg-blue } אבטחת מידע - ל - StartMail יש [הצפנת אפס גישה במנוחה](https://www.startmail.com/en/whitepaper/#_Toc458527835), באמצעות מערכת "כספת המשתמש" שלהם. כאשר אתה נכנס, הכספת נפתחת, ולאחר מכן הדואר האלקטרוני מועבר לכספת מחוץ לתור, שם הוא מפוענח על-ידי המפתח הפרטי המתאים. - - StartMail תומך בייבוא [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) עם זאת, הם נגישים רק בדואר האינטרנט ולא באמצעות פרוטוקולים כגון [CalDAV](https://en.wikipedia.org/wiki/CalDAV). אנשי קשר גם אינם מאוחסנים באמצעות הצפנת אפס ידע, כך ש[אפשרות עצמאית](calendar.md) עשויה להיות מתאימה יותר. +ל-StartMail יש [הצפנת גישה אפסית במצב מנוחה](https://www.startmail.com/en/whitepaper/#_Toc458527835), באמצעות מערכת "כספת המשתמש" שלהם. כאשר אתה נכנס, הכספת נפתחת, ולאחר מכן הדואר האלקטרוני מועבר לכספת מחוץ לתור, שם הוא מפוענח על-ידי המפתח הפרטי המתאים. -??? success "הצפנת אימייל" +StartMail תומך בייבוא [אנשי קשר](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) עם זאת, הם נגישים רק בדואר האינטרנט ולא באמצעות פרוטוקולים כגון [CalDAV](https://en.wikipedia.org/wiki/CalDAV). אנשי קשר גם אינם מאוחסנים באמצעות הצפנת ידע אפס. - ל-StartMail יש [הצפנה משולבת](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) בדואר האינטרנט שלהם, מה שמפשט את שליחת הודעות מוצפנות עם מפתחות OpenPGP ציבוריים. +#### :material-check:{ .pg-green } הצפנת אימייל -??? warning "מורשת דיגיטלית" +ל-StartMail [הצפנה משולבת](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) בדואר האינטרנט שלהם, מה שמקל על שליחת הודעות מוצפנות עם מפתחות OpenPGP ציבוריים. עם זאת, הם אינם תומכים בתקן Web Key Directory, מה שהופך את גילוי המפתח הציבורי של תיבת דואר של Startmail למאתגר יותר עבור ספקי אימייל או לקוחות אחרים. - StartMail אינו מציע תכונה דיגיטלית מדור קודם. +#### :material-alert-outline:{ .pg-orange } מורשת דיגיטלית -??? info "סיום חשבון" +StartMail אינו מציע תכונה דיגיטלית מדור קודם. - עם פקיעת תוקף החשבון, StartMail ימחק את חשבונך לצמיתות לאחר [6 חודשים בשלושה שלבים](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } סגירת חשבון -??? info "פונקציונליות נוספת" +עם פקיעת החשבון, StartMail תמחק לצמיתות את חשבונך לאחר [ 6 חודשים בשלושה שלבים](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail מאפשר פרוקסי של תמונות בתוך הודעות דוא"ל. אם תאפשרו את טעינת התמונה המרוחקת, השולח לא יידע מהי כתובת ה-IP שלכם. +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת -## עוד ספקים - -ספקים אלה מאחסנים את המיילים שלך עם הצפנת אפס ידע, מה שהופך אותם לאפשרויות נהדרות לשמירה על אבטחת המיילים המאוחסנים שלך. עם זאת, הם אינם תומכים בתקני הצפנה הניתנים להפעלה הדדית עבור תקשורת E2EE בין ספקים. +StartMail מאפשר פרוקסי של תמונות בתוך הודעות דוא"ל. אם תאפשרו את טעינת התמונה המרוחקת, השולח לא יידע מהי כתובת ה-IP שלכם. ### Tutanota @@ -220,44 +240,51 @@ icon: material/email Tutanota אינה משתמשת בפרוטוקול [IMAP](https://tutanota.com/faq/#imap) או בשימוש של [לקוחות דואר אלקטרוני של צד שלישי](email-clients.md), וגם לא תוכל להוסיף [חשבונות דואר אלקטרוני חיצוניים](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) לאפליקציית Tutanota. לא [ייבוא דוא"ל](https://github.com/tutao/tutanota/issues/630) או [תיקיות משנה](https://github.com/tutao/tutanota/issues/927) נתמכים כעת, אם כי זה [בשל להיות שונה](https://tutanota.com/blog/posts/kickoff-import). הודעות דוא"ל ניתן לייצא [בנפרד או על ידי בחירה בכמות גדולה](https://tutanota.com/howto#generalMail) לכל תיקייה, דבר שעלול להיות לא נוח אם יש לך תיקיות רבות. -??? success "דומיינים וכינויים מותאמים אישית" +#### :material-check:{ .pg-green } דומיינים וכינויים מותאמים אישית - חשבונות Tutanota בתשלום יכולים להשתמש עד 5 [aliases](https://tutanota.com/faq#alias) ו [דומיינים מותאמים אישית](https://tutanota.com/faq#custom-domain). Tutanota אינה מאפשרת [כתובות משנה (בתוספת כתובות)](https://tutanota.com/faq#plus), אך באפשרותך להשתמש ב-[catch-all](https://tutanota.com/howto#settings-global) עם דומיין מותאם אישית. +חשבונות Tutanota בתשלום יכולים להשתמש בעד 5 [כינויים](https://tutanota.com/faq#alias) ו[דומיינים מותאמים אישית](https://tutanota.com/faq#custom-domain). Tutanota אינה מאפשרת [כתובת משנה (בתוספת כתובות)](https://tutanota.com/faq#plus), אבל אתה יכול להשתמש ב[תפוס הכל](https://tutanota.com/howto#settings-global) עם דומיין מותאם אישית. -??? warning "שיטות תשלום פרטיות" +#### :material-information-outline:{ .pg-blue } שיטות תשלום פרטיות - Tutanota מקבלת רק כרטיסי אשראי PayPal ישירות, אולם ניתן להשתמש בביטקוין ובמונרו לרכישת כרטיסי מתנה באמצעות [partnership](https://tutanota.com/faq/#cryptocurrency) שלהם עם Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "אבטחת חשבון" +#### :material-check:{ .pg-green } אבטחת חשבון - Tutanota תומך ב[אימות דו-גורמי](https://tutanota.com/faq#2fa) עם TOTP או U2F. +Tutanota תומך ב[אימות דו-שלבי](https://tutanota.com/faq#2fa) עם TOTP או U2F. -??? success "אבטחת מידע" +#### :material-check:{ .pg-green } אבטחת מידע - ל-Tutanota יש [הצפנת אפס גישה במנוחה](https://tutanota.com/faq#what-encrypted) עבור הודעות הדוא"ל שלך, [אנשי קשר מפנקס הכתובות](https://tutanota.com/faq#encrypted-address-book), ו [calendars](https://tutanota.com/faq#calendar). משמעות הדבר היא שההודעות ונתונים אחרים המאוחסנים בחשבונך ניתנים לקריאה רק על ידך. +ל-Tutanota יש [הצפנת גישה אפס בזמן מנוחה](https://tutanota.com/faq#what-encrypted) עבור המיילים, [אנשי הקשר בפנקס](https://tutanota.com/faq#encrypted-address-book) הכתובות ו[היומנים](https://tutanota.com/faq#calendar) שלך. משמעות הדבר היא שההודעות ונתונים אחרים המאוחסנים בחשבונך ניתנים לקריאה רק על ידך. -??? warning "הצפנת אימייל" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [אינו משתמש ב- OpenPGP](https://www.tutanota.com/faq/#pgp). חשבונות Tutanota יכולים לקבל הודעות דוא"ל מוצפנות מחשבונות דוא"ל שאינם Tutanota רק כאשר הם נשלחים באמצעות [תיבת דואר זמנית של Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [אינו משתמש ב-OpenPGP](https://www.tutanota.com/faq/#pgp). חשבונות Tutanota יכולים לקבל אימיילים מוצפנים רק מחשבונות אימייל שאינם של Tutanota כאשר הם נשלחים דרך [תיבת דואר זמנית של Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "מורשת דיגיטלית" +#### :material-alert-outline:{ .pg-orange } מורשת דיגיטלית - Tutanota לא מציעה פיצ'ר מורשת דיגיטלית. +Tutanota לא מציעה פיצ'ר מורשת דיגיטלית. -??? info "סיום חשבון" +#### :material-information-outline:{ .pg-blue } סגירת חשבון - Tutanota [מחק חשבונות לא פעילים בחינם](https://tutanota.com/faq#inactive-accounts) לאחר שישה חודשים. אם ברצונך לשלם, באפשרותך להשתמש שוב בחשבון חינמי שהושבת. +Tutanota [ימחק חשבונות בחינם לא פעילים](https://tutanota.com/faq#inactive-accounts) לאחר שישה חודשים. אם ברצונך לשלם, באפשרותך להשתמש שוב בחשבון חינמי שהושבת. -??? info "פונקציונליות נוספת" +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת - Tutanota מציעה את הגרסה העסקית של [Tutanota לארגונים ללא כוונת רווח](https://tutanota.com/blog/posts/secure-email-for-non-profit) בחינם או בהנחה כבדה. - - ל-Tutanota יש גם פיצ'ר עסקי שנקרא [חיבור מאובטח](https://tutanota.com/secure-connect/). זה מבטיח שיצירת קשר עם הלקוח לעסק משתמשת ב- E2EE. התכונה עולה 240 אירו לשנה. +Tutanota מציעה את הגרסה העסקית של [Tutanota לארגונים ללא מטרות רווח](https://tutanota.com/blog/posts/secure-email-for-non-profit) בחינם או בהנחה כבדה. + +ל-Tutanota יש גם תכונה עסקית בשם [חיבור מאובטח](https://tutanota.com/secure-connect/). זה מבטיח שיצירת קשר עם הלקוח לעסק משתמשת ב- E2EE. התכונה עולה 240 אירו לשנה. ## שירותי כינוי דוא"ל שירות כינוי דוא"ל מאפשר לך ליצור בקלות כתובת דוא"ל חדשה עבור כל אתר שאתה נרשם אליו. כינויי הדואר האלקטרוני שאתה יוצר מועברים לאחר מכן לכתובת דוא"ל שתבחר, תוך הסתרת כתובת הדוא"ל "הראשית" שלך וגם זהות ספק הדוא"ל שלך. כינוי דוא"ל אמיתי טוב יותר מאשר כתובת פלוס הנפוצה בשימוש ונתמך על ידי ספקים רבים, מה שמאפשר לך ליצור כינויים כמו yourname+[anythinghere]@example.com, מכיוון שאתרים, מפרסמים ורשתות מעקב יכולים להסיר כל דבר לאחר סימן + כדי לדעת את כתובת הדוא"ל האמיתית שלך. +
+ +- ![AnonAddy לוגו](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy לוגו](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin לוגו](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ כינוי דוא"ל יכול לשמש כהגנה למקרה שספק הדוא"ל שלך יפסיק לפעול. בתרחיש זה, באפשרותך לנתב מחדש בקלות את הכינויים שלך לכתובת דואר אלקטרוני חדשה. עם זאת, אתה נותן אמון בשירות הכינוי כדי להמשיך לתפקד. שימוש בשירות ייעודי של כינוי דואר אלקטרוני יש גם מספר יתרונות על פני כינוי 'לתפוס-הכל' על תחום מותאם אישית: @@ -411,7 +438,7 @@ SimpleLogin [נרכשה על ידי Proton AG](https://proton.me/news/proton-and **המקרה הטוב ביותר:** -- מקבל ביטקוין, מזומן וצורות אחרות של מטבעות קריפטוגרפיים ו/או אפשרויות תשלום אנונימיות (כרטיסי מתנה וכו') +- מקבל [אפשרויות תשלום אנונימיות](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), מזומן, כרטיסי מתנה וכו') ### אבטחה @@ -428,7 +455,7 @@ SimpleLogin [נרכשה על ידי Proton AG](https://proton.me/news/proton-and - בתוקף [רשומות DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities). - בתוקף [רשומות SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) ו - [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail). - שיהיה לך מתאים [DMARC](https://en.wikipedia.org/wiki/DMARC) עבר ומדיניות או שימוש ב [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) לאימות. אם נעשה שימוש באימות DMARC, יש להגדיר את המדיניות ל- `דוחה` או `הסגר`. -- העדפת חבילת שרתים של TLS 1.2 ואילך ותוכנית עבור [הוצאה משימוש של TLSv1.0 ו- TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- העדפת חבילת שרת של TLS 1.2 ואילך ותוכנית עבור [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [שליחת SMTPS](https://en.wikipedia.org/wiki/SMTPS), בהנחה שנעשה שימוש ב - SMTP. - תקני אבטחת אתר אינטרנט כגון: - [אבטחת תעבורה קפדנית של HTTP](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ SimpleLogin [נרכשה על ידי Proton AG](https://proton.me/news/proton-and - תוכניות לחיפוש באגים ו/או תהליך גילוי - פגיעות מתואם. - תקני אבטחת אתר אינטרנט כגון: - [מדיניות אבטחת תוכן (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [‎ Expect - CT ‎](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### אמון @@ -481,5 +508,3 @@ SimpleLogin [נרכשה על ידי Proton AG](https://proton.me/news/proton-and ### פונקציונליות נוספת אמנם לא דרישות קפדניות, יש כמה גורמי נוחות או פרטיות אחרים שבדקנו בעת קביעת אילו ספקים להמליץ. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/encryption.md b/i18n/he/encryption.md index a015024c9..a52b22de1 100644 --- a/i18n/he/encryption.md +++ b/i18n/he/encryption.md @@ -1,6 +1,7 @@ --- title: "תוכנת הצפנה" icon: material/file-lock +description: הצפנה של נתונים היא הדרך היחידה לשלוט מי יכול לגשת אליו. These tools allow you to encrypt your emails and any other files. --- הצפנה של נתונים היא הדרך היחידה לשלוט מי יכול לגשת אליו. אם אינך משתמש כעת בתוכנת הצפנה עבור הדיסק הקשיח, הודעות הדוא"ל או הקבצים שלך, עליך לבחור אפשרות כאן. @@ -354,5 +355,3 @@ BitLocker [ נתמך רק](https://support.microsoft.com/en-us/windows/turn-on-d - אפליקציות הצפנה של מערכת הפעלה (FDE) צריכות להשתמש באבטחת חומרה כגון TPM או Secure Enclave. - אפליקציות להצפנת קבצים צריכות לקבל תמיכה של צד ראשון או שלישי עבור פלטפורמות ניידות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/file-sharing.md b/i18n/he/file-sharing.md index 529618654..3e669472c 100644 --- a/i18n/he/file-sharing.md +++ b/i18n/he/file-sharing.md @@ -1,6 +1,7 @@ --- title: "שיתוף וסנכרון קבצים" icon: material/share-variant +description: גלה כיצד לשתף את הקבצים שלך באופן פרטי בין המכשירים שלך, עם החברים והמשפחה שלך, או באופן אנונימי באינטרנט. --- גלה כיצד לשתף את הקבצים שלך באופן פרטי בין המכשירים שלך, עם החברים והמשפחה שלך, או באופן אנונימי באינטרנט. @@ -144,5 +145,3 @@ ffsend upload -- host https://send.vis.ee/ FILE - יש לו לקוחות ניידים עבור iOS ואנדרואיד, שלפחות תומכים בתצוגה מקדימה של מסמכים. - תומך בגיבוי תמונות מ-iOS ואנדרואיד, ותומך באופן אופציונלי בסנכרון קבצים/תיקיות באנדרואיד. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/financial-services.md b/i18n/he/financial-services.md new file mode 100644 index 000000000..f000896e3 --- /dev/null +++ b/i18n/he/financial-services.md @@ -0,0 +1,94 @@ +--- +title: שירותים פיננסיים +icon: material/bank +--- + +ביצוע תשלומים אונליין הוא אחד האתגרים הגדולים ביותר לפרטיות. שירותים אלה יכולים לסייע לך בהגנה על פרטיותך מפני סוחרים ועוקבים אחרים, בתנאי שיש לך הבנה טובה כיצד לבצע תשלומים פרטיים ביעילות. אנו ממליצים בחום שתקרא תחילה את מאמר סקירת התשלומים שלנו לפני ביצוע רכישות כלשהן: + +[ביצוע תשלומים פרטיים :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## שירותי מיסוך תשלומים + +ישנם מספר שירותים המספקים "כרטיסי חיוב וירטואליים" שבהם אתה יכול להשתמש עם סוחרים מקוונים מבלי לחשוף את פרטי הבנק או החיוב בפועל שלך ברוב המקרים. חשוב לציין ששירותים פיננסיים אלו הם **אינם** אנונימיים וכפופים לחוקי "הכר את הלקוח שלך" (KYC) ועשויים לדרוש את תעודת הזהות שלך או מידע מזהה אחר. שירותים אלה שימושיים בעיקר להגנה עליך מפני הפרות נתונים של סוחרים, מעקב פחות מתוחכם או מתאם רכישה על ידי סוכנויות שיווק וגניבת נתונים מקוונים; ו**לא** לביצוע רכישה באופן אנונימי לחלוטין. + +!!! tip "בדוק את הבנק הנוכחי שלך" + + בנקים וספקי כרטיסי אשראי רבים מציעים פונקציונליות מקורית של כרטיסים וירטואליים. אם אתה משתמש באחד שכבר מספק את האפשרות הזו, עליך להשתמש בו על פני ההמלצות הבאות ברוב המקרים. כך אינך סומך על מספר צדדים עם המידע האישי שלך. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com לוגו](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com לוגו](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + התוכנית החינמית של **Privacy.com** מאפשרת לך ליצור עד 12 כרטיסים וירטואליים בחודש, להגדיר מגבלות הוצאות על כרטיסים אלה ולכבות כרטיסים באופן מיידי. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: דף הבית](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=תיעוד} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (ארה"ב, בתשלום) + +!!! recommendation + + ![MySudo לוגו](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo לוגו](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** מספקת עד 9 כרטיסים וירטואליים בהתאם לתוכנית שתרכשו. התוכניות בתשלום שלהם כוללות בנוסף פונקציונליות שעשויה להיות שימושית לביצוע רכישות באופן פרטי, כגון מספרי טלפון וירטואליים וכתובות אימייל, אם כי בדרך כלל אנו ממליצים על [ספקי כינוי אימייל](email.md) אחרים לשימוש נרחב בכינויי אימייל. + + [:octicons-home-16: דף הבית](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=תיעוד} + +### קריטריונים + +**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. + +!!! example "חלק זה הוא חדש" + + אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך. + +- מאפשר יצירת כרטיסים מרובים שמתפקדים כמגן בין הסוחר לבין הכספים האישיים שלך. +- אסור שהכרטיסים ידרשו ממך לספק פרטי כתובת מדויקת לחיוב למוכר. + +## שווקים של כרטיסי מתנה + +שירותים אלו מאפשרים לך לרכוש כרטיסי מתנה עבור מגוון סוחרים באינטרנט באמצעות [מטבע קריפטוגרפי](cryptocurrency.md). חלק מהשירותים הללו מציעים אפשרויות אימות מזהה עבור מגבלות גבוהות יותר, אך הם גם מאפשרים חשבונות עם כתובת אימייל בלבד. מגבלות בסיסיות מתחילות בדרך כלל מ-$5,000-10,000 ליום עבור חשבונות בסיסיים, ומגבלות גבוהות משמעותית עבור חשבונות מאומתים מזהים (אם מוצעים). + +### Cake Pay + +!!! recommendation + + ![CakePay לוגו](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** מאפשרת לכם לרכוש כרטיסי מתנה ומוצרים נלווים עם מונרו. רכישות עבור סוחרים בארה"ב זמינות באפליקציית Cake Wallet לנייד, בעוד שאפליקציית האינטרנט Cake Pay כוללת מבחר רחב של סוחרים גלובליים. + + [:octicons-home-16: דף הבית](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=תיעוד} + +### CoinCards + +!!! recommendation + + ![CakePay לוגו](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (זמין בארה"ב, קנדה ובריטניה) מאפשר לך לרכוש כרטיסי מתנה עבור מגוון גדול של סוחרים. + + [:octicons-home-16: דף הבית](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=תיעוד} + +### קריטריונים + +**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. + +!!! example "חלק זה הוא חדש" + + אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך. + +- מקבל תשלום ב[מטבע קריפטוגרפי מומלץ](cryptocurrency.md). +- אין צורך בתעודת זהות. diff --git a/i18n/he/frontends.md b/i18n/he/frontends.md index ab9c0186a..ceec02128 100644 --- a/i18n/he/frontends.md +++ b/i18n/he/frontends.md @@ -1,6 +1,7 @@ --- title: "חזיתות" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- לפעמים שירותים ינסו לאלץ אותך להירשם לחשבון על ידי חסימת גישה לתוכן עם חלונות קופצים מעצבנים. הם יכולים להישבר גם ללא הפעלת JavaScript. חזיתות אלה יכולות לאפשר לך לעקוף את ההגבלות הללו. @@ -264,5 +265,3 @@ icon: material/flip-to-front אנו מתייחסים רק לחזיתות עבור אתרים שהם... - לא נגיש בדרך כלל ללא JavaScript. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/index.md b/i18n/he/index.md index 8f4be8459..c95f9f5f4 100644 --- a/i18n/he/index.md +++ b/i18n/he/index.md @@ -11,25 +11,25 @@ hide: ##### “אין לי מה להסתיר. למה שאדאג לפרטיות שלי?" -בדומה לזכות לנישואים בין-גזעיים, זכות בחירה לאישה, חופש הביטוי ורבים אחרים, זכותנו לפרטיות לא תמיד נשמרה. בכמה דיקטטורות, זה עדיין לא. דורות לפנינו נלחמו על זכותנו לפרטיות. ==פרטיות היא זכות אדם, הטבועה בכולנו,== שמגיעה לנו (ללא אפליה). +בדומה לזכות לנישואים בין-גזעיים, זכות בחירה לאישה, חופש הביטוי ורבים אחרים, זכותנו לפרטיות לא תמיד נשמרה. בכמה דיקטטורות, היא עדיין לא. דורות לפנינו נלחמו על זכותנו לפרטיות. ==פרטיות היא זכות אדם, הטבועה בכולנו,== שמגיעה לנו (ללא אפליה). -אתה לא צריך לבלבל פרטיות עם סודיות. אנחנו יודעים מה קורה בשירותים, אבל אתה עדיין סוגר את הדלת. זה בגלל שאתה רוצה פרטיות, לא סודיות. **לכל** אחד יש על מה להגן. פרטיות היא משהו שהופך אותנו לאנושיים. +אין לבלבל בין פרטיות לסודיות. אנחנו יודעים מה קורה בשירותים, אבל עדיין סוגרים את הדלת. זה בגלל שאתה רוצה פרטיות, לא סודיות. **לכל** אחד יש על מה להגן. פרטיות היא משהו שהופך אותנו לאנושיים. [:material-target-account: איומים נפוצים באינטרנט](basics/common-threats.md ""){.md-button.md-button--primary} -## מה עליי לעשות? +## מה אני צריך לעשות? -##### ראשית, אתה צריך להכין תוכנית +##### ראשית, עליך להכין תוכנית -ניסיון להגן על כל הנתונים שלך מפני כולם כל הזמן הוא לא מעשי, יקר ומתיש. אבל אל תדאג! אבטחה היא תהליך, ועל ידי חשיבה קדימה, אתה יכול להרכיב תוכנית שמתאימה לך. אבטחה אינה עוסקת רק בכלים שבהם אתה משתמש או בתוכנה שאתה מוריד. במקום זאת, זה מתחיל בהבנת האיומים הייחודיים שאתה מתמודד איתם, וכיצד אתה יכול להפחית אותם. +ניסיון להגן על כל הנתונים שלך מפני כולם כל הזמן הוא לא מעשי, יקר ומתיש. אבל אל תדאג! אבטחה היא תהליך, ועל ידי תכנון בריא, אתה יכול להרכיב תוכנית שמתאימה לך. אבטחה אינה עוסקת רק בכלים שבהם אתה משתמש או בתוכנות שאותם אתה מוריד. במקום זאת, היא מתחילה בהבנת האיומים הייחודיים שאתה מתמודד איתם, וכיצד אתה יכול למגר אותם. -==תהליך זה של זיהוי איומים והגדרת אמצעי נגד נקרא **מודלים של איומים**==, והוא מהווה את הבסיס לכל תוכנית אבטחה ופרטיות טובה. +==תהליך זה של זיהוי איומים והגדרת אמצעי נגד נקרא **מידול** (מלשון מודל) ** סיכונים ** ==, והוא מהווה את הבסיס לכל תוכנית אבטחה ופרטיות טובה. -[:material-book-outline: למד עוד על מודל איומים](basics/threat-modeling.md ""){.md-button.md-button--primary} +[:material-book-outline: למד עוד על מידול סיכונים](basics/threat-modeling.md ""){.md-button.md-button--primary} --- -## אנחנו זקוקים לך! הנה איך להיות מעורב: +## אנחנו זקוקים לך! יש כמה דרכים לעזור לנו: [:simple-discourse:](https://discuss.privacyguides.net/){ title="הצטרף לפורום שלנו" } [:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="עקבו אחרינו במסטודון" } @@ -39,6 +39,4 @@ hide: [:material-information-outline:](about/index.md){ title="למד עוד אודותינו" } [:material-hand-coin-outline:](about/donate.md){ title="תמכו בפרויקט" } -חשוב שאתר כמו Privacy Guides יישאר תמיד מעודכן. אנחנו צריכים שהקהל שלנו יפקח עין על עדכוני תוכנה עבור היישומים הרשומים באתר שלנו ויעקוב אחר החדשות האחרונות לגבי ספקים שאנחנו ממליצים עליהם. קשה לעמוד בקצב המהיר של האינטרנט, אבל אנחנו מנסים כמיטב יכולתנו. אם אתה מזהה שגיאה, חושב שספק לא צריך להיות רשום, שם לב שחסר ספק מוסמך, מאמין שתוסף דפדפן הוא כבר לא הבחירה הטובה ביותר, או חשף כל בעיה אחרת, אנא הודע לנו. - ---8<-- "includes/abbreviations.he.txt" +חשוב שאתר כמו Privacy Guides יישאר תמיד מעודכן. אנחנו צריכים שהקהל שלנו יפקח עין על עדכוני תוכנה עבור היישומים הרשומים באתר שלנו ויעקוב אחר התפתחויות לגבי ספקים שאנחנו ממליצים עליהם. קשה לעמוד בקצב המהיר של האינטרנט, אבל אנחנו מנסים כמיטב יכולתנו. אם אתה מזהה איזו שגיאה, חושב שספק לא צריך להיות רשום, שם לב שחסר ספק מוסמך, מאמין שתוסף דפדפן הוא כבר לא הבחירה הטובה ביותר, או מוצא כל בעיה אחרת, אנא הודיע לנו. diff --git a/i18n/he/kb-archive.md b/i18n/he/kb-archive.md index 9e276b562..33f2ba6e5 100644 --- a/i18n/he/kb-archive.md +++ b/i18n/he/kb-archive.md @@ -1,6 +1,7 @@ --- title: ארכיון KB icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # דפים הועברו לבלוג @@ -14,5 +15,3 @@ icon: material/archive - [מחיקת נתונים מאובטחת](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [הסרה משולבת של מטא נתונים](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [מדריך התצורה של iOS](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/meta/brand.md b/i18n/he/meta/brand.md index b9236d1f0..a5c7d73e6 100644 --- a/i18n/he/meta/brand.md +++ b/i18n/he/meta/brand.md @@ -20,5 +20,3 @@ title: הנחיות מיתוג "Privacy Guides" והלוגו של המגן הם סימנים מסחריים בבעלות Jonah Aragon, שימוש בלתי מוגבל מוענק לפרויקט Privacy Guides. מבלי לוותר על אף אחת מזכויותיה, Privacy Guides אינם מייעצים לאחרים לגבי היקף זכויות הקניין הרוחני שלה. Privacy Guides אינם מתירים או מסכימים לכל שימוש בסימנים המסחריים שלו בכל דרך העלולה לגרום לבלבול על ידי רמיזה של קשר או חסות על ידי Privacy Guides. אם אתה מודע לשימוש כזה, אנא צור קשר עם Jonah Aragon בכתובת jonah@privacyguides.org. התייעץ עם היועץ המשפטי שלך אם יש לך שאלות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/meta/git-recommendations.md b/i18n/he/meta/git-recommendations.md index 9152533bb..0c406db66 100644 --- a/i18n/he/meta/git-recommendations.md +++ b/i18n/he/meta/git-recommendations.md @@ -44,5 +44,3 @@ git config --global pull.rebase true git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/meta/uploading-images.md b/i18n/he/meta/uploading-images.md index 24e60cee9..6a91ec551 100644 --- a/i18n/he/meta/uploading-images.md +++ b/i18n/he/meta/uploading-images.md @@ -47,9 +47,9 @@ optipng -o7 file.png In the **SVG Output** tab under **Document options**: -- [ ] Turn off **Remove the XML declaration** -- [x] Turn on **Remove metadata** -- [x] Turn on **Remove comments** +- [ ] תכבה **הסר את הצהרת ה-XML** +- [x] הפעל **הסר מטא נתונים** +- [x] הפעל **הסר תגובות** - [x] Turn on **Embeded raster images** - [x] Turn on **Enable viewboxing** @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/meta/writing-style.md b/i18n/he/meta/writing-style.md index ec4bef794..6ee20e4a7 100644 --- a/i18n/he/meta/writing-style.md +++ b/i18n/he/meta/writing-style.md @@ -53,7 +53,7 @@ Privacy Guides כתובים באנגלית אמריקאית, וכדאי לעיי כדאי לנסות להימנע מקיצורי מילים במידת האפשר, אבל הטכנולוגיה מלאה בקיצורי מילים. באופן כללי, יש לאיית את הקיצור/ראשי התיבות בפעם הראשונה שבה נעשה בו שימוש בדף, והוסיפו את הקיצור מילים לקובץ מילון המונחים של הקיצור מילים כאשר נעשה בו שימוש חוזר. -> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: +> Kathy McGinty מציעה הוראות שפה אירוניות למשפטים הפשוטים והישירים שלך: > > > אין מנוס מהעובדה כי חשוב מאוד לציין כי מספר מחקרים ישימים שונים זיהו בדרך כלל את העובדה כי תעסוקה לילית מתאימה נוספת יכולה בדרך כלל לשמור על מתבגרים צעירים מחוץ לכבישים במהלך שעות הלילה, כולל אך לא מוגבל לזמן שלפני חצות בלילות השבוע ו/או 2 לפנות בוקר. בסופי שבוע. > @@ -85,5 +85,3 @@ Privacy Guides כתובים באנגלית אמריקאית, וכדאי לעיי > - "אסור" לאיסור > - "רשאי" לפעולה לפי שיקול דעת > - "צריך" להמלצה - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/mobile-browsers.md b/i18n/he/mobile-browsers.md index c9661e919..d3680c57f 100644 --- a/i18n/he/mobile-browsers.md +++ b/i18n/he/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "דפדפני אינטרנט לנייד" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- אלו הם דפדפני האינטרנט הניידים המומלצים כרגע והתצורות שלנו לגלישה רגילה/לא אנונימית באינטרנט. אם אתה צריך לגלוש באינטרנט באופן אנונימי, אתה צריך להשתמש [Tor](tor.md) במקום. באופן כללי, אנו ממליצים לשמור על הרחבות למינימום; יש להם גישה מוסמכת בתוך הדפדפן שלך, דורשים ממך לסמוך על המפתח, יכולים לגרום לך [להיות בולט](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), [ולהחליש](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) את בידוד האתר. @@ -189,5 +190,3 @@ Brave כולל כמה אמצעים נגד טביעת אצבע בתכונת [Shie - אסור לשכפל דפדפן מובנה או פונקציונליות מערכת הפעלה. - חייב להשפיע ישירות על פרטיות המשתמש, כלומר לא חייב פשוט לספק מידע. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/multi-factor-authentication.md b/i18n/he/multi-factor-authentication.md index 3dfb9fb8f..4fc9f40ab 100644 --- a/i18n/he/multi-factor-authentication.md +++ b/i18n/he/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "מאמתים מרובי גורמים" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## מפתחות אבטחה של חומרה @@ -140,5 +141,3 @@ icon: 'material/two-factor-authentication' - אסור לדרוש חיבור לאינטרנט. - אסור לסנכרן לשירות סנכרון/גיבוי בענן של צד שלישי. - **אופציונלי** תמיכה בסנכרון E2EE עם כלים מקוריים של מערכת ההפעלה מקובלת, למשל. סנכרון מוצפן באמצעות iCloud. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/news-aggregators.md b/i18n/he/news-aggregators.md index 313fc71f1..312c1d6bd 100644 --- a/i18n/he/news-aggregators.md +++ b/i18n/he/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "צוברי חדשות" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -[צובר חדשות](https://en.wikipedia.org/wiki/News_aggregator) הוא דרך לשמור על קשר עם הבלוגים ואתרי החדשות האהובים עליך. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## קליינטים צוברי חדשות @@ -169,5 +170,3 @@ Reddit מאפשר לך להירשם ל subreddits באמצעות RSS. ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/notebooks.md b/i18n/he/notebooks.md index df27fe7ca..a67ce5049 100644 --- a/i18n/he/notebooks.md +++ b/i18n/he/notebooks.md @@ -1,6 +1,7 @@ --- title: "פנקס רשימות" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- עקוב אחר ההערות והיומנים שלך מבלי למסור אותם לצד שלישי. @@ -111,5 +112,3 @@ Cryptee מציע 100MB של אחסון בחינם, עם אפשרויות בתש - פונקציונליות גיבוי/סנכרון מקומית אמורה לתמוך בהצפנה. - פלטפורמות מבוססות ענן צריכות לתמוך בשיתוף מסמכים. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/os/android-overview.md b/i18n/he/os/android-overview.md index e81644ca6..194ff1cb8 100644 --- a/i18n/he/os/android-overview.md +++ b/i18n/he/os/android-overview.md @@ -1,6 +1,7 @@ --- title: סקירה כללית של אנדרואיד icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- אנדרואיד היא מערכת הפעלה מאובטחת הכוללת [ארגז חול חזק של אפליקציות](https://source.android.com/security/app-sandbox), [אתחול מאומת](https://source.android.com/security/verifiedboot) (AVB) ומערכת בקרת [הרשאות](https://developer.android.com/guide/topics/permissions/overview) חזקה. @@ -49,13 +50,48 @@ Fairphone, למשל, משווקת את המכשירים שלהם כמקבלים ## גרסאות אנדרואיד -חשוב לא להשתמש בגרסת [סוף החיים](https://endoflife.date/android) של אנדרואיד. גרסאות חדשות יותר של אנדרואיד לא רק מקבלות עדכוני אבטחה עבור מערכת ההפעלה אלא גם עדכונים חשובים לשיפור הפרטיות. לדוגמה, [לפני אנדרואיד 10](https://developer.android.com/about/versions/10/privacy/changes), כל אפליקציה עם הרשאת [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) יכלו לגשת למספרים סידוריים רגישים וייחודיים של הטלפון שלך כגון [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), כרטיס ה-SIM שלך[IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), בעוד שכעת הם חייבים להיות אפליקציות מערכת כדי לעשות זאת. אפליקציות מערכת מסופקות רק על ידי הפצת OEM או אנדרואיד. +חשוב לא להשתמש בגרסת [סוף החיים](https://endoflife.date/android) של אנדרואיד. גרסאות חדשות יותר של אנדרואיד לא רק מקבלות עדכוני אבטחה עבור מערכת ההפעלה אלא גם עדכונים חשובים לשיפור הפרטיות. לדוגמה, [לפני אנדרואיד 10](https://developer.android.com/about/versions/10/privacy/changes), כל אפליקציה עם הרשאת [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) יכלו לגשת למספרים סידוריים רגישים וייחודיים של הטלפון שלך כגון [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), כרטיס ה-SIM שלך [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), בעוד שכעת הם חייבים להיות אפליקציות מערכת כדי לעשות זאת. אפליקציות מערכת מסופקות רק על ידי הפצת OEM או אנדרואיד. ## הרשאות אנדרואיד -[הרשאות ב-אנדרואיד](https://developer.android.com/guide/topics/permissions/overview) מעניקות לך שליטה על האפליקציות המורשות לגשת. גוגל מבצעת בקביעות [שיפורים](https://developer.android.com/about/versions/11/privacy/permissions) במערכת ההרשאות בכל גרסה עוקבת. כל האפליקציות שאתה מתקין הן אך ורק [ארגז חול](https://source.android.com/security/app-sandbox), לכן, אין צורך להתקין אפליקציות אנטי וירוס. סמארטפון עם הגרסה העדכנית ביותר של אנדרואיד תמיד יהיה מאובטח יותר מסמארטפון ישן עם אנטי וירוס ששילמת עליו. עדיף לא לשלם על תוכנת אנטי וירוס ולחסוך כסף בקניית סמארטפון חדש כמו גוגל פיקסל. +[הרשאות ב-אנדרואיד](https://developer.android.com/guide/topics/permissions/overview) מעניקות לך שליטה על האפליקציות המורשות לגשת. גוגל מבצעת בקביעות [שיפורים](https://developer.android.com/about/versions/11/privacy/permissions) במערכת ההרשאות בכל גרסה עוקבת. כל האפליקציות שאתה מתקין הן אך ורק [ארגז חול](https://source.android.com/security/app-sandbox), לכן, אין צורך להתקין אפליקציות אנטי וירוס. -אם תרצה להפעיל אפליקציה שאינך בטוח לגביה, שקול להשתמש בפרופיל משתמש או עבודה. +סמארטפון עם הגרסה העדכנית ביותר של אנדרואיד תמיד יהיה מאובטח יותר מסמארטפון ישן עם אנטי וירוס ששילמת עליו. עדיף לא לשלם על תוכנת אנטי וירוס ולחסוך כסף בקניית סמארטפון חדש כמו גוגל פיקסל. + +אנדרואיד 10: + +- [אחסון בהיקף](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) נותן לך שליטה רבה יותר על הקבצים שלך ויכול להגביל את מה שיכול [לגשת לאחסון חיצוני](https://developer.android.com/training/data-storage#permissions). לאפליקציות יכולות להיות ספרייה ספציפית באחסון חיצוני וכן יכולת לאחסן שם סוגים ספציפיים של מדיה. +- גישה הדוקה יותר ב[מיקום המכשיר](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) על ידי הצגת ההרשאה `ACCESS_BACKGROUND_LOCATION `. זה מונע מאפליקציות לגשת למיקום כשהן פועלות ברקע ללא אישור מפורש מהמשתמש. + +אנדרואיד 11: + +- [הרשאות חד פעמיות](https://developer.android.com/about/versions/11/privacy/permissions#one-time) מאפשרות לך להעניק הרשאה לאפליקציה פעם אחת בלבד. +- [הרשאות איפוס אוטומטי](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), המאפס [הרשאות זמן ריצה](https://developer.android.com/guide/topics/permissions/overview#runtime) שניתנו בעת פתיחת האפליקציה. +- הרשאות מפורטות לגישה לתכונות הקשורות ל[מספרי טלפון](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers). + +אנדרואיד 12: + +- הרשאה להעניק רק את ה[מיקום המשוער](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- איפוס אוטומטי של [אפליקציות במצב שינה](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [ביקורת גישה לנתונים](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) שמקלה לקבוע איזה חלק באפליקציה מבצע סוג מסוים של גישה לנתונים. + +אנדרואיד 13: + +- הרשאה ל[גישה לאינטרנט אלחוטי בקרבת מקום](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). כתובות ה-MAC של נקודות גישה אלחוטיות סמוכות היו דרך פופולרית עבור אפליקציות לעקוב אחר מיקומו של משתמש. +- [הרשאות מדיה מפורטות](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions) יותר, כלומר אתה יכול להעניק גישה לתמונות, סרטונים או קבצי אודיו בלבד. +- שימוש ברקע בחיישנים מחייב כעת את הרשאת [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission). + +אפליקציה עשויה לבקש הרשאה עבור תכונה ספציפית שיש לה. לדוגמה, כל אפליקציה שיכולה לסרוק קודי QR תדרוש את אישור המצלמה. אפליקציות מסוימות יכולות לבקש יותר הרשאות ממה שהן צריכות. + +[Exodus](https://exodus-privacy.eu.org/) יכול להיות שימושי כאשר משווים אפליקציות שיש להן מטרות דומות. אם אפליקציה דורשת הרבה הרשאות ויש לה הרבה פרסום וניתוח זה כנראה סימן רע. אנו ממליצים להסתכל על העוקבים הבודדים ולקרוא את התיאורים שלהם במקום פשוט **לספור את הסכום הכולל** ולהנחה שכל הפריטים הרשומים שווים. + +!!! warning "אזהרה" + + אם אפליקציה היא ברובה שירות מבוסס אינטרנט, המעקב עשוי להתרחש בצד השרת. [פייסבוק](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) מציג "ללא עוקבים" אבל בהחלט עוקב אחר תחומי העניין וההתנהגות של המשתמשים ברחבי האתר. אפליקציות עשויות להתחמק מזיהוי על ידי אי שימוש בספריות קוד סטנדרטיות המיוצרות על ידי תעשיית הפרסום, אם כי זה לא סביר. + +!!! note "הערה" + + אפליקציות ידידותיות לפרטיות כגון [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) עשויות להציג עוקבים מסוימים כגון [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). ספרייה זו כוללת את [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) שיכולה לספק [הודעות דחיפה](https://en.wikipedia.org/wiki/Push_technology) באפליקציות. זה [המקרה](https://fosstodon.org/@bitwarden/109636825700482007) עם Bitwarden. זה לא אומר ש-Bitwarden משתמש בכל תכונות הניתוח שמסופקות על ידי Google Firebase Analytics. ## גישה למדיה @@ -81,9 +117,9 @@ Fairphone, למשל, משווקת את המכשירים שלהם כמקבלים אנדרואיד 7 ומעלה תומך ב-VPN Killswitch והוא זמין ללא צורך בהתקנת אפליקציות של צד שלישי. תכונה זו יכולה למנוע דליפות אם ה-VPN מנותק. ניתן למצוא אותו ב:gear: **הגדרות** ← **רשת & אינטרנט** ← **VPN** ← :gear: ← **חסום חיבורים ללא VPN**. -## חילופי מצבים גלובליים +## בוררים גלובליים -למכשירי אנדרואיד מודרניים יש בוררים גלובליים לביטול Bluetooth ושירותי מיקום. אנדרואיד 12 הציגה את המתגים למצלמה ולמיקרופון. כאשר לא בשימוש, אנו ממליצים להשבית תכונות אלה. אפליקציות לא יכולות להשתמש בתכונות מושבתות (גם אם ניתנה להן הרשאה פרטנית) עד להפעלה מחדש. +למכשירי אנדרואיד מודרניים יש בוררים גלובליים לביטול Bluetooth ושירותי מיקום. אנדרואיד 12 הציגה מתגים למצלמה ולמיקרופון. כאשר אינו בשימוש, אנו ממליצים להשבית את התכונות הללו. אפליקציות לא יכולות להשתמש בתכונות מושבתות (גם אם ניתנה הרשאה אישית) עד להפעלה מחדש. ## גוגל @@ -91,38 +127,38 @@ Fairphone, למשל, משווקת את המכשירים שלהם כמקבלים ### תוכנית הגנה מתקדמת -אם יש לך חשבון Google, אנו מציעים להירשם ל[תוכנית ההגנה המתקדמת](https://landing.google.com/advancedprotection/). הוא זמין ללא עלות לכל מי שיש לו שני מפתחות אבטחה חומרה או יותר עם תמיכה ב[FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online). +אם יש לך חשבון Google, אנו מציעים להירשם ל[תוכנית ההגנה המתקדמת](https://landing.google.com/advancedprotection/). הוא זמין ללא עלות לכל מי שיש לו שני מפתחות אבטחה חומרה או יותר עם תמיכה ב-[FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online). תוכנית ההגנה המתקדמת מספקת ניטור איומים משופר ומאפשרת: -- אימות דו-גורמי מחמיר יותר; למשל שחייבים להשתמש ב-[FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** ואוסר את השימוש ב- [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) ו [OAuth](https://en.wikipedia.org/wiki/OAuth) +- אימות דו-גורמי מחמיר יותר; למשל שחייבים להשתמש ב-[FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **** ואוסר את השימוש ב- [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) ו [OAuth](https://en.wikipedia.org/wiki/OAuth) - רק גוגל ואפליקציות צד שלישי מאומתות יכולות לגשת לנתוני החשבון -- סריקה של הודעות דוא"ל נכנסות בחשבונות Gmail עבור ניסיונות [דיוג](https://en.wikipedia.org/wiki/Phishing#Email_phishing) +- סריקה של הודעות אימייל נכנסות בחשבונות Gmail עבור ניסיונות [דיוג](https://en.wikipedia.org/wiki/Phishing#Email_phishing) - [סריקת דפדפן בטוחה](https://www.google.com/chrome/privacy/whitepaper.html#malware) מחמירה יותר עם Google Chrome -- תהליך שחזור מחמיר יותר עבור חשבונות עם אישורים שאבדו +- תהליך שחזור מחמיר עבור חשבונות עם אישורים שאבדו - עבור משתמשים שמשתמשים בשירותי Google Play המועדפים (הנפוצים במערכות הפעלה שמגיעות בברירת מחדל), תוכנית ההגנה המתקדמת מגיעה גם עם [הטבות נוספות](https://support.google.com/accounts/answer/9764949?hl=en) כגון: + אם אתה משתמש בשירותי Google Play שאינם בארגז חול (נפוצים במערכות הפעלה במלאי), תוכנית ההגנה המתקדמת מגיעה גם עם [הטבות נוספות](https://support.google.com/accounts/answer/9764949?hl=en) כגון: -- לא לאפשר התקנת אפליקציות מחוץ לחנות Google Play, חנות האפליקציות של ספק מערכת ההפעלה או דרך [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) -- סריקת התקן אוטומטית חובה עם [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) -- אזהרה לגבי יישומים לא מאומתים +- לא מאפשר התקנת אפליקציה מחוץ לחנות Google Play, לחנות האפליקציות של ספק מערכת ההפעלה או דרך [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) +- סריקת מכשיר אוטומטי חובה עם [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) +- מזהיר אותך לגבי יישומים לא מאומתים ### עדכוני מערכת Google Play בעבר, עדכוני אבטחה אנדרואיד היו צריכים להישלח על ידי ספק מערכת ההפעלה. אנדרואיד הפכה מודולרית יותר החל מאנדרואיד 10, וגוגל יכולה לדחוף עדכוני אבטחה עבור **חלק** רכיבי מערכת באמצעות שירותי Play המועדפים. -אם יש לך מכשיר EOL שנשלח עם אנדרואיד 10 ומעלה ואינך יכול להריץ אף אחת ממערכות ההפעלה המומלצות שלנו במכשיר שלך, סביר להניח שעדיף לך להישאר עם התקנת האנדרואיד של היצרן ציוד המקורי (בניגוד למערכת הפעלה שאינה מופיעה ברשימה כאן כגון LineageOS או /e/ OS). זה יאפשר לך לקבל **כמה**תיקוני אבטחה מגוגל, מבלי להפר את מודל האבטחה של אנדרואיד על ידי שימוש בנגזרת אנדרואיד לא מאובטחת והגדלת משטח ההתקפה שלך. אנו עדיין ממליצים לשדרג למכשיר נתמך בהקדם האפשרי. +אם יש לך מכשיר EOL שנשלח עם אנדרואיד 10 ומעלה ואינך יכול להריץ אף אחת ממערכות ההפעלה המומלצות שלנו במכשיר שלך, סביר להניח שעדיף לך להישאר עם התקנת האנדרואיד של היצרן ציוד המקורי (בניגוד למערכת הפעלה שאינה מופיעה ברשימה כאן כגון LineageOS או /e/ OS). זה יאפשר לך לקבל **כמה** תיקוני אבטחה מגוגל, מבלי להפר את מודל האבטחה של אנדרואיד על ידי שימוש בנגזרת אנדרואיד לא מאובטחת והגדלת משטח ההתקפה שלך. אנו עדיין ממליצים לשדרג למכשיר נתמך בהקדם האפשרי. ### מזהה פרסום -כל המכשירים עם שירותי Google Play מותקנים באופן אוטומטי מייצרים [>מזהה פרסום](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) המשמש לפרסום ממוקד. השבת תכונה זו כדי להגביל את הנתונים שנאספו עליך. +כל המכשירים עם שירותי Google Play מותקנים באופן אוטומטי מייצרים [מזהה פרסום](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) המשמש לפרסום ממוקד. השבת תכונה זו כדי להגביל את הנתונים שנאספו עליך. -בהפצות אנדרואיד עם [Google Play בארגז חול](https://grapheneos.org/usage#sandboxed-google-play), עבור אל :gear: **הגדרות** ← **אפליקציות** → **Google Play בארגז חול** ← **הגדרות גוגל** ← **מודעות**, ותבחר *מחק מזהה פרסום*. +בהפצות אנדרואיד עם [Google Play בארגז חול](https://grapheneos.org/usage#sandboxed-google-play), עבור אל :gear: **הגדרות** ← **אפליקציות** ← **Google Play בארגז חול** ← **הגדרות גוגל** ← **מודעות**, ותבחר *מחק מזהה פרסום*. בהפצות אנדרואיד עם שירותי Google Play מורשים (כגון מערכת הפעלה ברירת מחדל), ההגדרה עשויה להיות באחד מכמה מיקומים. בדיקה - :gear: **הגדרות** ← **גוגל** ← **מודעות** -- :gear: **הגדרות** ← **גוגל** ← **מודעות** +- :gear: **הגדרות** ← **פרטיות** ← **מודעות** תינתן לך האפשרות למחוק את מזהה הפרסום שלך או *לבטל את הסכמתך למודעות מבוססות עניין*, זה משתנה בין הפצות OEM של אנדרואיד. אם מוצגת האפשרות למחוק את מזהה הפרסום המועדף. אם לא, הקפד לבטל את הסכמתך ולאפס את מזהה הפרסום שלך. @@ -131,5 +167,3 @@ Fairphone, למשל, משווקת את המכשירים שלהם כמקבלים [SafetyNet](https://developer.android.com/training/safetynet/attestation) וה[ממשק API של Play Integrity](https://developer.android.com/google/play/integrity) משמשים בדרך כלל עבור [אפליקציות בנקאיות](https://grapheneos.org/usage#banking-apps). אפליקציות בנקאות רבות יעבדו מצוין ב-GrapheneOS עם שירותי Play בארגז חול, אולם לחלק מהאפליקציות הלא פיננסיות יש מנגנוני אנטי-שיבוש גולמיים משלהם שעלולים להיכשל. GrapheneOS עובר את בדיקת `basicIntegrity`, אך לא את בדיקת האישור `ctsProfileMatch`. למכשירים עם אנדרואיד 8 ואילך יש תמיכה באישורי חומרה שלא ניתן לעקוף ללא מפתחות דלופים או פגיעויות חמורות. לגבי ארנק Google, אנו לא ממליצים על כך בשל [ מדיניות הפרטיות שלהם](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), הקובעת שעליך לבטל את הסכמתך אם אינך רוצה שדירוג האשראי והמידע האישי שלך ישותפו עם שירותי שיווק שותפים. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/os/linux-overview.md b/i18n/he/os/linux-overview.md index a0815905d..90af2374a 100644 --- a/i18n/he/os/linux-overview.md +++ b/i18n/he/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: סקירה כללית של לינוקס icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -לעתים קרובות מאמינים שתוכנת [קוד פתוח](https://en.wikipedia.org/wiki/Open-source_software) מאובטחת מטבעה מכיוון שקוד המקור זמין. קיימת ציפייה שאימות קהילה מתרחש באופן קבוע; עם זאת, זה לא תמיד [המקרה](https://seirdy.one/posts/2022/02/02/floss-security/). זה אכן תלוי במספר גורמים, כגון פעילות הפרויקט, חוויית מפתח, רמת הקפדה על [ביקורות קוד](https://en.wikipedia.org/wiki/Code_review), וכן באיזו תדירות ניתנת תשומת לב לחלקים ספציפיים של [בסיס הקוד](https://en.wikipedia.org/wiki/Codebase) שעלולים להישאר ללא נגיעה במשך שנים. +לעתים קרובות מאמינים שתוכנת [קוד פתוח](https://en.wikipedia.org/wiki/Open-source_software) מאובטחת מטבעה מכיוון שקוד המקור זמין. קיימת ציפייה שאימות קהילה מתרחש באופן קבוע; עם זאת, זה לא תמיד [המקרה](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. נכון לעכשיו, ללינוקס שולחני יש כמה תחומים שניתן לשפר טוב יותר בהשוואה לעמיתיהם הקנייניים, למשל.: @@ -139,5 +140,3 @@ icon: simple/linux [אפשרות](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) זו כבויה כעת כברירת מחדל. אנו ממליצים להוסיף את `countme=false` ל-`/etc/dnf/dnf.conf` למקרה שהוא יופעל בעתיד. במערכות המשתמשות ב-`rpm-ostree` כגון Silverblue, אפשרות ה-countme מושבתת על ידי מיסוך של [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) טיימר. openSUSE משתמשת גם ב[מזהה ייחודי](https://en.opensuse.org/openSUSE:Statistics) כדי לספור מערכות, אותן ניתן להשבית על ידי מחיקת הקובץ `/var/lib/zypp/AnonymousUniqueId`. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/os/qubes-overview.md b/i18n/he/os/qubes-overview.md index 1f3464e18..183cf5fac 100644 --- a/i18n/he/os/qubes-overview.md +++ b/i18n/he/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "סקירה כללית של Qubes" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) היא מערכת הפעלה המשתמשת ב [Xen](https://en.wikipedia.org/wiki/Xen) היפרוויזר לספק אבטחה חזקה עבור מחשוב שולחני באמצעות מכונות וירטואליות מבודדות. כל VM נקרא *Qube* ואתה יכול להקצות לכל Qube רמת אמון על סמך מטרתו. מכיוון שמערכת ההפעלה Qubes מספקת אבטחה על ידי שימוש בבידוד, ומתירה רק פעולות על בסיס כל מקרה, זה ההפך מ[ספירת רעות](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ Qubes משתמשת ב[מידור](https://www.qubes-os.org/intro/) כדי לשמ - J. Rutkowska: [*מידור תוכנה לעומת הפרדה פיזית*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*חלוקת החיים הדיגיטליים שלי לתחומי אבטחה*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*מאמרים קשורים*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/passwords.md b/i18n/he/passwords.md index a28dc688d..e87a7b54a 100644 --- a/i18n/he/passwords.md +++ b/i18n/he/passwords.md @@ -1,6 +1,7 @@ --- title: "מנהלי סיסמאות" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- מנהלי סיסמאות מאפשרים לך לאחסן ולנהל בצורה מאובטחת סיסמאות ואישורים אחרים עם שימוש בסיסמת אב. @@ -136,7 +137,7 @@ Psono מספקת תיעוד נרחב עבור המוצר שלהם. לקוח הא ![KeePassXC לוגו](assets/img/password-management/keepassxc.svg){ align=right } - **KeePassXC** הוא מזלג קהילתי של KeePassX, יציאה מקורית בין פלטפורמות של KeePass Password Safe, במטרה להרחיב ולשפר אותה עם תכונות חדשות ותיקוני באגים כדי לספק גישה עשירה בתכונות, חוצת פלטפורמות ומודרנית פתוחה- מנהל סיסמאות מקור. + **KeePassXC** הוא מזלג קהילתי של KeePassX, יציאה מקורית בין פלטפורמות של KeePass Password Safe, במטרה להרחיב ולשפר אותו עם תכונות חדשות ותיקוני באגים כדי לספק תכונות עשירות בתכונות, מנהל סיסמאות חוצה פלטפורמות ומודרני בקוד פתוח. [:octicons-home-16: דף הבית](https://keepassxc.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="מדיניות פרטיות" } @@ -219,12 +220,10 @@ KeePassXC מאחסן את נתוני הייצוא שלו כקובצי [CSV](http ### קריטריונים -**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. +**שימו לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל[קריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו מערכת ברורה של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. !!! example "חלק זה הוא חדש" אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך. - חייב להיות חוצה פלטפורמות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/productivity.md b/i18n/he/productivity.md index bcde91ed7..99953524d 100644 --- a/i18n/he/productivity.md +++ b/i18n/he/productivity.md @@ -1,6 +1,7 @@ --- title: "כלי פרודוקטיביות" icon: material/file-sign +description: רוב חבילות המשרד המקוונות אינן תומכות ב-E2EE, כלומר לספק הענן יש גישה לכל מה שאתה עושה. --- רוב חבילות המשרד המקוונות אינן תומכות ב-E2EE, כלומר לספק הענן יש גישה לכל מה שאתה עושה. מדיניות הפרטיות עשויה להגן על זכויותיך באופן חוקי, אך היא אינה מספקת אילוצי גישה טכניים. @@ -152,5 +153,3 @@ icon: material/file-sign [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="מופעים ציבוריים"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=תיעוד} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="קוד מקור" } - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/real-time-communication.md b/i18n/he/real-time-communication.md index ce4d7cb62..b307bd77f 100644 --- a/i18n/he/real-time-communication.md +++ b/i18n/he/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "תקשורת בזמן אמת" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- אלו ההמלצות שלנו לתקשורת מוצפנת בזמן אמת. @@ -191,5 +192,3 @@ Oxen ביקשה ביקורת בלתי תלויה למפגש במרץ 2020. הב - צריך להיות מבוזר, כלומר מאוחד או P2P. - אמור להשתמש ב- E2EE עבור כל ההודעות כברירת מחדל. - צריך לתמוך בלינוקס, macOS, ווינדוס, אנדרואיד ו-iOS. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/router.md b/i18n/he/router.md index 17fe452b7..8975c0210 100644 --- a/i18n/he/router.md +++ b/i18n/he/router.md @@ -1,6 +1,7 @@ --- title: "קושחת הנתב" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- להלן מספר מערכות הפעלה חלופיות, שניתן להשתמש בהן בנתבים, נקודות גישה ל-Wi-Fi וכו'. @@ -47,5 +48,3 @@ OPNsense פותחה במקור כמזלג של [pfSense](https://en.wikipedia.or - חייב להיות קוד פתוח. - חייב לקבל עדכונים שוטפים. - חייב לתמוך במגוון רחב של חומרה. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/search-engines.md b/i18n/he/search-engines.md index fca5b8f09..2f64f6d4e 100644 --- a/i18n/he/search-engines.md +++ b/i18n/he/search-engines.md @@ -1,6 +1,7 @@ --- title: "מנועי חיפוש" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- השתמש במנוע חיפוש שאינו בונה פרופיל פרסום על סמך החיפושים שלך. @@ -105,5 +106,3 @@ Startpage מבוסס בהולנד. לפי [מדיניות הפרטיות](https: - צריך להיות מבוסס על תוכנת קוד פתוח. - אין לחסום את כתובות ה - IP של צומת היציאה של Tor. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/tools.md b/i18n/he/tools.md index 10a1a55c7..48d1dad8f 100644 --- a/i18n/he/tools.md +++ b/i18n/he/tools.md @@ -3,6 +3,7 @@ title: "כלי פרטיות" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- אם אתם מחפשים פתרון ספציפי למשהו, אלו הם כלי החומרה והתוכנה שאנו ממליצים עליהם במגוון קטגוריות. כלי הפרטיות המומלצים שלנו נבחרים בעיקר על סמך תכונות אבטחה, עם דגש נוסף על כלים מבוזרים וקוד פתוח. הם ישימים למגוון מודלים של איומים, החל מהגנה מפני תוכניות מעקב המוני גלובליות והימנעות מחברות טכנולוגיה גדולות ועד למיתון התקפות, אבל רק אתה יכול לקבוע מה יעבוד הכי טוב עבור הצרכים שלך. @@ -84,9 +85,9 @@ hide:
-- ![Aurora Store לוגו](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store לוגו](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter לוגו](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) -- ![Auditor לוגו](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Auditor לוגו](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS לוגו](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera לוגו](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera לוגו](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) - ![Secure PDF Viewer לוגו](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS לוגו](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer) @@ -199,6 +200,29 @@ hide: [למד עוד :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### שירותים פיננסיים + +#### שירותי מיסוך תשלומים + +
+ +- ![Privacy.com לוגו](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com לוגו](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo לוגו](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo לוגו](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[למד עוד :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### שוק כרטיסי מתנה אונליין + +
+ +- ![Cake Pay לוגו](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards לוגו](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[למד עוד :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### מנועי חיפוש
@@ -226,9 +250,9 @@ hide:
-- ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN לוגו](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad לוגו](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ hide: [למד עוד :material-arrow-right-drop-circle:](calendar.md) +### מטבעות קריפטוגרפיים + +
+ +- ![Monero לוגו](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[למד עוד :material-arrow-right-drop-circle:](cryptocurrency.md) + ### הפחתת נתונים ומטא נתונים
@@ -438,5 +472,3 @@ hide:
[למד עוד :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/tor.md b/i18n/he/tor.md index 6ab55678c..61204111d 100644 --- a/i18n/he/tor.md +++ b/i18n/he/tor.md @@ -1,6 +1,7 @@ --- title: "רשת טור (Tor Network)" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ icon: simple/torproject Tor פועלת על ידי ניתוב תעבורת האינטרנט שלך דרך אותם שרתים המופעלים על ידי מתנדבים, במקום ליצור חיבור ישיר לאתר שבו אתה מנסה לבקר. זה מטשטש מהיכן מגיעה התעבורה, ואף שרת בנתיב החיבור לא מסוגל לראות את הנתיב המלא של המקום ממנו מגיעה התנועה והולכת, כלומר אפילו השרתים שבהם אתה משתמש כדי להתחבר לא יכולים לשבור את האנונימיות שלך. -
- ![נתיב Tor ](assets/img/how-tor-works/tor-path.svg#only-light) - ![נתיב Tor](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
מסלול מעגל Tor - צמתים בנתיב יכולים לראות רק את השרתים שאליהם הם מחוברים ישירות, למשל הצומת "כניסה" המוצג יכול לראות את כתובת ה-IP שלך, ואת הכתובת של הצומת "האמצעי", אבל אין לו דרך לראות איזה האתר שאתה מבקר בו.
-
- -- [מידע נוסף על אופן הפעולה של Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[סקירת Tor מפורטת :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## התחברות ל - Tor @@ -120,5 +115,3 @@ Tor פועלת על ידי ניתוב תעבורת האינטרנט שלך דר Snowflake אינו מגדיל את פרטיותך בשום צורה, ואינו משמש לחיבור לרשת Tor בתוך הדפדפן האישי שלך. עם זאת, אם חיבור האינטרנט שלך אינו מצונזר, עליך לשקול להפעיל אותו כדי לעזור לאנשים ברשתות מצונזרות להשיג פרטיות טובה יותר בעצמם. אין צורך לדאוג לאילו אתרים אנשים ניגשים דרך ה-proxy שלך - כתובת ה-IP הגלויה של הגלישה שלהם תתאים לצומת היציאה של Tor, לא שלך. הפעלת פרוקסי של Snowflake היא בסיכון נמוך, אפילו יותר מהפעלת ממסר Tor או גשר שהם כבר מאמצים לא מסוכנים במיוחד. עם זאת, היא עדיין עושה תעבורת פרוקסי דרך הרשת שלך, מה שיכול להשפיע במובנים מסוימים, במיוחד אם הרשת שלך מוגבלת ברוחב הפס. ודא שאתה מבין [איך Snowflake עובד](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) לפני שתחליט אם להפעיל פרוקסי. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/video-streaming.md b/i18n/he/video-streaming.md index a1eb4e431..4d6fc84fe 100644 --- a/i18n/he/video-streaming.md +++ b/i18n/he/video-streaming.md @@ -1,6 +1,7 @@ --- title: "הזרמת וידאו" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- האיום העיקרי בעת שימוש בפלטפורמת הזרמת וידאו הוא שהרגלי הסטרימינג ורשימות המנויים שלך יוכלו לשמש אותך כדי ליצור פרופיל. עליך לשלב את הכלים האלה עם [VPN](vpn.md) או [Tor](https://www.torproject.org/) כדי להקשות על פרופיל השימוש שלך. @@ -48,5 +49,3 @@ icon: material/video-wireless - חייב לא לדרוש חשבון מרוכז כדי לצפות בסרטונים. - אימות מבוזר, כגון באמצעות מפתח פרטי של ארנק נייד מקובל. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/vpn.md b/i18n/he/vpn.md index 6beefa1c3..5c4dddd5e 100644 --- a/i18n/he/vpn.md +++ b/i18n/he/vpn.md @@ -1,11 +1,20 @@ --- title: "שירותי VPN" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -מצא מפעיל VPN ללא רישום שאינו מתכוון למכור או לקרוא את תעבורת האינטרנט שלך. +אם אתה מחפש **פרטיות** נוספת מ-ISP שלך, ברשת Wi-Fi ציבורית, או תוך כדי טורנט קבצים, VPN עשוי להיות הפתרון עבורך כל עוד אתה מבין את הסיכונים הכרוכים בכך. אנו חושבים שהספקים האלה הם חתך מעל השאר: -??? danger סכנה "רשתות VPN לא מספקות אנונימיות" +
+ +- ![IVPN לוגו](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad לוגו](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger סכנה "רשתות VPN לא מספקות אנונימיות" שימוש ב-VPN **לא** ישמור על הרגלי הגלישה שלך אנונימיים, וגם לא יוסיף אבטחה לתעבורה לא מאובטחת (HTTP). @@ -15,80 +24,11 @@ icon: material/vpn [הורד את Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & שאלות נפוצות](advanced/tor-overview.md){ .md-button } -??? question שאלה "מתי VPNs שימושיים?" - - אם אתה מחפש **פרטיות** נוספת מ-ISP שלך, ברשת Wi-Fi ציבורית, או תוך כדי טורנט קבצים, VPN עשוי להיות הפתרון עבורך כל עוד אתה מבין את הסיכונים הכרוכים בכך. - - [מידע נוסף ](basics/vpn-overview.md){ .md-button } +[סקירת VPN מפורטת :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## ספקים מומלצים -!!! סיכום "קריטריונים" - - הספקים המומלצים שלנו משתמשים בהצפנה, מקבלים Monero, תומכים ב-WireGuard & OpenVPN, ויש להם מדיניות ללא רישום. קרא את [רשימת הקריטריונים המלאה](#our-criteria) שלנו למידע נוסף. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** הוא מתחרה חזק בתחום ה-VPN, והם פועלים מאז 2016. Proton AG מבוססת בשוויץ ומציעה רמה מוגבלת בחינם, כמו גם אפשרות פרימיום מומלצת יותר. - - [:octicons-home-16: דף הבית](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="מדיניות פרטיות" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=תיעוד} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="קוד מקור" } - - ??? downloads "הורדות" - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? check annotate ב 67 מדינות - - ל-Proton VPN יש [שרתים ב-67 מדינות](https://protonvpn.com/vpn-servers) (1). בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. - - אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כגון [ שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. נבדק אחרון: 2022-09-16 - -??? success הצלחה "מבוקר באופן עצמאי" - - החל מינואר 2020, Proton VPN עבר ביקורת בלתי תלויה על ידי SEC Consult. SEC Consult מצא כמה נקודות תורפה בסיכון בינוני ונמוך ביישומי Windows, Android ו-iOS של Proton VPN, שכולן תוקנו כראוי על ידי Proton VPN לפני פרסום הדוחות. אף אחת מהבעיות שזוהו לא הייתה מספקת לתוקף גישה מרחוק למכשיר או לתעבורה שלך. אתה יכול להציג דוחות בודדים עבור כל פלטפורמה בכתובת [protonvpn.com](https://protonvpn.com/blog/open-source/). באפריל 2022 Proton VPN עבר [ביקורת נוספת](https://protonvpn.com/blog/no-logs-audit/) והדוח הופק על ידי Securitum](https://protonvpn.com/blog/wp- content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). [מכתב אישור](https://proton.me/blog/security-audit-all-proton-apps) סופק עבור האפליקציות של Proton VPN ב-9 בנובמבר 2021 על ידי [Securitum](https://research.securitum. com). - -??? success הצלחה "לקוחות קוד פתוח" - - Proton VPN מספק את קוד המקור עבור לקוחות שולחניים וניידים שלהם ב[ארגון GitHub](https://github.com/ProtonVPN). - -??? success הצלחה "מקבל מזומן" - - Proton VPN, בנוסף לקבל כרטיסי אשראי/חיוב ו-PayPal, מקבל ביטקוין ו-**מזומן/מטבע מקומי** כאמצעי תשלום אנונימיים. - -??? success "תמיכה ב-WireGuard" - - Proton VPN תומך בעיקר בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר שמשתמש ב[cryptography](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. - - Proton VPN [ממליץ](https://protonvpn.com/blog/wireguard/) משתמש ב - WireGuard בשירות שלהם. באפליקציות Windows, macOS, iOS, Android, ChromeOS ו-Android TV של Proton VPN, WireGuard הוא פרוטוקול ברירת המחדל; עם זאת, [תמיכה](https://protonvpn.com/support/how-to-change-vpn-protocols/) עבור הפרוטוקול אינו קיים באפליקציית הלינוקס שלהם. - -??? warning "העברת יציאות מרחוק" - - נכון לעכשיו, Proton VPN תומך רק בהעברה מרחוק של [port forwarding](https://protonvpn.com/support/port-forwarding/) ב - Windows, דבר שעשוי להשפיע על יישומים מסוימים. במיוחד יישומי Peer - to - peer כמו לקוחות Torrent. - -??? check "קליינטים ניידים" - - בנוסף לאספקת קבצי תצורה סטנדרטיים של OpenVPN, ל-Proton VPN יש לקוחות ניידים עבור [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases)מה שמאפשר חיבורים קלים לשרתים שלהם. - -??? info "פונקציונליות נוספת" - - תוכנות Proton VPN תומכים באימות דו - שלבי בכל הפלטפורמות מלבד Linux כרגע. ל - Proton VPN יש שרתים ומרכזי נתונים משלו בשוויץ, איסלנד ושוודיה. הם מציעים חסימת מודעות ודומיינים ידועים של תוכנות זדוניות שחוסמים באמצעות שירות ה - DNS שלהם. בנוסף, Proton VPN מציע גם שרתי "Tor" המאפשרים לך להתחבר בקלות לאתרי בצל, אבל אנחנו עדיין ממליצים בחום להשתמש [בדפדפן Tor הרשמי]( https://www.torproject.org/) למטרה זו. - -!!! danger "תכונת Killswitch שבורה במחשבי מקינטוש מבוססי אינטל" - - קריסות מערכת [עלולות להתרחש](https://protonvpn.com/support/macos-t2-chip-kill-switch/) במחשבי מקינטוש מבוססי אינטל בעת שימוש במתג השבתה של VPN. אם אתם זקוקים לתכונה זו, ואתם משתמשים ב - Mac עם ערכת שבבים של Intel, כדאי לכם לשקול להשתמש בשירות VPN אחר. +הספקים המומלצים שלנו משתמשים בהצפנה, מקבלים Monero, תומכים ב-WireGuard & OpenVPN, ויש להם מדיניות ללא רישום. קרא את [רשימת הקריטריונים המלאה](#criteria) שלנו למידע נוסף. ### IVPN @@ -111,43 +51,44 @@ icon: material/vpn - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate הערת הצלחה 35 מדינות +#### :material-check:{ .pg-green } 35 מדינות - ל-IVPN יש [שרתים ב-35 מדינות](https://www.ivpn.net/server-locations) (1). בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. - - אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כגון [ שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). +ל-IVPN יש [שרתים ב-35 מדינות](https://www.ivpn.net/server-locations).(1) בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. +{ .annotate } 1. נבדק אחרון: 2022-09-16 -??? success הצלחה "מבוקר באופן עצמאי" +אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כמו [שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN עבר ביקורת [ביקורת אי-תיעוד מ-Cure53](https://cure53.de/audit-report_ivpn.pdf) שהסתיימה בהסכמה עם תביעת האי - רישום של IVPN. IVPN גם השלים [דוח pentest מקיף Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) בינואר 2020. IVPN גם אמר שהם מתכננים לקבל [דוחות שנתיים]( https://www.ivpn.net/blog/independent-security-audit-concluded) בעתיד. בדיקה נוספת נערכה [באפריל 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) והופק על ידי Cure53 [באתר האינטרנט שלהם]( https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } נבדק באופן עצמאי -??? success הצלחה "לקוחות קוד פתוח" +IVPN [עבר ביקורת ללא רישום מ-](https://cure53.de/audit-report_ivpn.pdf)Cure53 שהסתיים בהסכמה עם טענת VPN ללא רישום. IVPN השלימה גם [דוח בדיקה מקיף ](https://cure53.de/summary-report_ivpn_2019.pdf)Cure53 בינואר 2020. IVPN גם אמר שהם מתכננים לקבל [דוחות שנתיים](https://www.ivpn.net/blog/independent-security-audit-concluded) בעתיד. סקירה נוספת נערכה [באפריל ](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/)2022 והופקה על ידי Cure53 [באתר האינטרנט שלהם](https://cure53.de/pentest-report_IVPN_2022.pdf). - החל מפברואר 2020 [יישומי IVPN הם כעת קוד פתוח](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). ניתן לקבל את קוד המקור מ[GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } לקוחות קוד פתוח -??? success "מקבל מזומן ומונרו" +החל מפברואר 2020 [יישומי IVPN הם כעת בקוד פתוח](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). קוד המקור ניתן לקבל מ[ארגון GitHub שלהם](https://github.com/ivpn). - בנוסף לקבלת כרטיסי אשראי/חיוב ו-PayPal, IVPN מקבל ביטקוין, **Monero** ו**מזומן/מטבע מקומי** (בתוכניות שנתיות) כאמצעי תשלום אנונימיים. +#### :material-check:{ .pg-green } מקבל מזומן ומונרו -??? success "תמיכה ב-WireGuard" +בנוסף לקבלת כרטיסי אשראי/חיוב ופייפאל, IVPN מקבל ביטקוין, **מונרו** ו**מזומן/מטבע מקומי** (בתוכניות שנתיות) כאמצעי תשלום אנונימיים. - IVPN תומך בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר שמשתמש ב[cryptography](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. - - IVPN [recommends](https://www.ivpn.net/wireguard/) משתמש ב-WireGuard עם השירות שלהם, וככזה, הפרוטוקול הוא ברירת המחדל בכל האפליקציות של IVPN. IVPN מציע גם מחולל תצורת WireGuard לשימוש עם WireGuard הרשמי [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } תמיכה ב-WireGuard -??? success "העברת יציאות מרחוק" +IVPN תומך בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר המשתמש ב[קריפטוגרפיה](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. - מרחוק [העברת יציאות](https://en.wikipedia.org/wiki/Port_forwarding) אפשרית עם תוכנית Pro. העברת יציאות [ניתן להפעיל](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) דרך אזור הלקוח. העברת פורט זמינה רק ב - IVPN בעת שימוש בפרוטוקולי WireGuard או OpenVPN והיא [מושבתת בשרתים בארה"ב]( https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [ממליצה](https://www.ivpn.net/wireguard/) להשתמש ב-WireGuard עם השירות שלהם, וככזה, הפרוטוקול הוא ברירת המחדל בכל האפליקציות של IVPN. IVPN מציע גם מחולל תצורה של WireGuard לשימוש עם [אפליקציות](https://www.wireguard.com/install/) WireGuard הרשמיות. -??? check "קליינטים ניידים" +#### :material-check:{ .pg-green } העברת פורטים מרחוק - בנוסף לאספקת קבצי תצורה סטנדרטיים של OpenVPN, ל-IVPN יש לקוחות ניידים עבור [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), ו [GitHub](https://github.com/ivpn/android-app/releases) המאפשרים חיבורים קלים לשרתים שלהם. +[העברת פורטים](https://en.wikipedia.org/wiki/Port_forwarding) מרחוק אפשרית עם תוכנית Pro. [ניתן להפעיל](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) פורטים מרחוק דרך אזור הלקוח. העברת פורטים זמינה רק ב-IVPN בעת שימוש בפרוטוקולי WireGuard או OpenVPN [ומושבתת בשרתים בארה"ב](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "פונקציונליות נוספת" +#### :material-check:{ .pg-green } לקוחות ניידים - תוכונת IVPN תומכים באימות דו - שלבי (הלקוחות של Mullvad לא תומכים). IVPN מספק גם פונקציונליות של "[AntiTracker](https://www.ivpn.net/antitracker)", שחוסמת רשתות פרסום ועוקבים מרמת הרשת. +בנוסף לאספקת קובצי תצורה סטנדרטיים של OpenVPN, ל-IVPN יש לקוחות ניידים עבור [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), ו- [GitHub](https://github.com/ivpn/android-app/releases) המאפשרים חיבורים קלים לשרתים שלהם. + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +תוכונת IVPN תומכים באימות דו - שלבי (הלקוחות של Mullvad לא תומכים). IVPN מספקת גם פונקציונליות של "[AntiTracker](https://www.ivpn.net/antitracker)", החוסמת רשתות פרסום ועוקבים מרמת הרשת. ### Mullvad @@ -172,55 +113,120 @@ icon: material/vpn - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 מדינות" +#### :material-check:{ .pg-green } 41 מדינות - ל-Mullvad יש [שרתים ב-41 מדינות](https://mullvad.net/servers/) (1). בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. - - אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כגון [ שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). +ל-Mullvad יש [שרתים ב-41 מדינות](https://mullvad.net/servers/).(1) בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. +{ .annotate } 1. נבדק לאחרונה: 2022 -09 -16 -??? success הצלחה "מבוקר באופן עצמאי" +אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כמו [שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). - לקוחות ה-VPN של Mullvad עברו ביקורת על ידי Cure53 ו-Assured AB בדוח בדיקה [פורסם בכתובת cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). חוקרי האבטחה הגיעו למסקנה: +#### :material-check:{ .pg-green } נבדק באופן עצמאי + +לקוחות ה-VPN של Mullvad נבדקו על ידי Cure53 ו-Assured AB בדו"ח חדיש [שפורסם ב-](https://cure53.de/pentest-report_mullvad_v2.pdf)cure53.de. חוקרי האבטחה הגיעו למסקנה: + +> Cure53 ו-Assured AB מרוצים מתוצאות הביקורת והתוכנה משאירה רושם חיובי כללי. עם מסירות אבטחה של הצוות הפנימי במתחם ה-VPN של Mullvad, לבודקים אין ספק לגבי הפרויקט בדרך הנכונה מבחינה אבטחה. + +בשנת 2020 [הוכרזה](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) ביקורת שנייה ו[דוח הביקורת הסופי](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) הפך לזמין באתר האינטרנט של Cure53: + +> התוצאות של פרויקט מאי-יוני 2020 המתמקד במתחם Mullvad הן חיוביות למדי. [...] המערכת האקולוגית הכוללת של היישום המשמשת את Mullvad משאירה רושם קול ומובנה. המבנה הכללי של היישום מקל על גלגול תיקונים ותיקונים באופן מובנה. יותר מכל, הממצאים שנצפו על ידי Cure53 מדגימים את החשיבות של ביקורת מתמדת והערכה מחדש של וקטורי הדליפה הנוכחיים, על מנת להבטיח תמיד את פרטיותם של משתמשי הקצה. עם זאת, Mullvad עושה עבודה נהדרת בהגנה על משתמש הקצה מפני דליפות PII נפוצות וסיכונים הקשורים לפרטיות. + +בשנת 2021 [הוכרזה](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) ביקורת תשתית ו[דוח הביקורת הסופי](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) הפך לזמין באתר האינטרנט של Cure53. דוח נוסף הוזמן [ביוני 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) והוא זמין [ באתר של Assured's](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } לקוחות קוד פתוח + +Mullvad מספק את קוד המקור עבור לקוחות שולחן העבודה והנייד שלהם ב[ארגון GitHub שלהם](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } מקבל מזומן ומונרו + +Mullvad, בנוסף לקבל כרטיסי אשראי/חיוב ופייפאל, מקבל ביטקוין, ביטקוין מזומן, **מונרו** ו**מזומן/מטבע מקומי** כאמצעי תשלום אנונימיים. הם גם מקבלים סוויש והעברות בנקאיות. + +#### :material-check:{ .pg-green } תמיכה ב-WireGuard + +Mullvad תומך בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר המשתמש ב[קריפטוגרפיה](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. + +Mullvad [ממליץ](https://mullvad.net/en/help/why-wireguard/) על השימוש ב-WireGuard עם השירות שלהם. זהו פרוטוקול ברירת המחדל או היחיד באפליקציות אנדרואיד, iOS, macOS ו-Linux של Mullvad, אך ב-Windows אתה צריך להפעיל את WireGuard [באופן ידני](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/). Mullvad מציע גם מחולל תצורה של WireGuard לשימוש עם [אפליקציות](https://www.wireguard.com/install/) הרשמיות של WireGuard. + +#### :material-check:{ .pg-green } תמיכה ב-IPv6 + +Mullvad תומך בעתיד של רשת [IPv6](https://en.wikipedia.org/wiki/IPv6). הרשת שלהם מאפשרת לך [לגשת לשירותים המתארחים ב-IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) בניגוד לספקים אחרים שחוסמים חיבורי IPv6. + +#### :material-check:{ .pg-green } העברת פורטים מרחוק + +[העברת פורטים](https://en.wikipedia.org/wiki/Port_forwarding) מרחוק מותרת לאנשים המבצעים תשלומים חד פעמיים, אך אסורה עבור חשבונות עם אמצעי תשלום חוזר/מבוסס מנוי. זאת כדי למנוע מ-Mullvad להיות מסוגל לזהות אותך על סמך השימוש שלך בנמל ופרטי המנוי המאוחסנים. ראה [העברת פורטים עם Mullvad VPN ](https://mullvad.net/help/port-forwarding-and-mullvad/) למידע נוסף. + +#### :material-check:{ .pg-green } לקוחות ניידים + +Mullvad פרסמה לקוחות [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) ו- [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), שניהם תומכים בממשק קל לשימוש, בניגוד לדרישה ממך להגדיר באופן ידני את חיבור ה-WireGuard שלך. לקוח אנדרואיד זמין גם ב-[GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +Mullvad מאוד שקוף לגבי אילו צמתים הם [בעלים או שוכרים](https://mullvad.net/en/servers/). הם משתמשים ב-[ShadowSocks](https://shadowsocks.org/) בתצורת ShadowSocks + OpenVPN שלהם, מה שהופך אותם לעמידות יותר בפני חומות אש עם [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) שמנסה לחסום VPNs. לכאורה, [סין צריכה להשתמש בשיטה אחרת כדי לחסום שרתי ShadowSocks ](https://github.com/net4people/bbs/issues/22). האתר של Mullvad נגיש גם דרך Tor בכתובת [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 ו-Assured AB מרוצים מתוצאות הביקורת והתוכנה משאירה רושם חיובי כללי. עם מסירות אבטחה של הצוות הפנימי במתחם ה-VPN של Mullvad, לבודקים אין ספק לגבי הפרויקט בדרך הנכונה מבחינה אבטחה. + **Proton VPN** הוא מתחרה חזק בתחום ה-VPN, והם פועלים מאז 2016. Proton AG מבוססת בשוויץ ומציעה רמה מוגבלת בחינם, כמו גם אפשרות פרימיום מומלצת יותר. - בשנת 2020 [הוכרזה] ביקורת שנייה (https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) ו[דוח הביקורת הסופי](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) הפך זמין באתר האינטרנט של Cure53: + [:octicons-home-16: דף הבית](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=תיעוד} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="קוד מקור" } - > התוצאות של פרויקט מאי-יוני 2020 המתמקד במתחם Mullvad הן חיוביות למדי. [...] המערכת האקולוגית הכוללת של היישום המשמשת את Mullvad משאירה רושם קול ומובנה. המבנה הכללי של היישום מקל על גלגול תיקונים ותיקונים באופן מובנה. יותר מכל, הממצאים שנצפו על ידי Cure53 מדגימים את החשיבות של ביקורת מתמדת והערכה מחדש של וקטורי הדליפה הנוכחיים, על מנת להבטיח תמיד את פרטיותם של משתמשי הקצה. עם זאת, Mullvad עושה עבודה נהדרת בהגנה על משתמש הקצה מפני דליפות PII נפוצות וסיכונים הקשורים לפרטיות. + ??? downloads "הורדות" - בשנת 2021 [הוכרזה] ביקורת תשתית [https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacyleaks-found-cure53s-infrastructure-audit/] ו [דוח הביקורת הסופי](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) הפך לזמין באתר האינטרנט של Cure53. דוח נוסף הוזמן [ביוני 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success הצלחה "לקוחות קוד פתוח" +#### :material-check:{ .pg-green } 67 מדינות - Mullvad מספקת את קוד המקור עבור הלקוחות שלהם בשולחן העבודה ובנייד בארגון שלהם [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +ל-Proton VPN יש [שרתים ב-67 מדינות](https://protonvpn.com/vpn-servers).(1) בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. +{ .annotate } -??? success "מקבל מזומן ומונרו" +1. נבדק אחרון: 2022-09-16 - Mullvad, בנוסף לקבל כרטיסי אשראי/חיוב ו-PayPal, מקבל ביטקוין, ביטקוין מזומן, **Monero** ו**מזומן/מטבע מקומי** כאמצעי תשלום אנונימיים. הם גם מקבלים סוויש והעברות בנקאיות. +אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כמו [שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "תמיכה ב-WireGuard" +#### :material-check:{ .pg-green } נבדק באופן עצמאי - Mullvad תומך בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר שמשתמש ב[cryptography](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) משתמש ב WireGuard בשירות שלהם. זהו פרוטוקול ברירת המחדל או הפרוטוקול היחיד באפליקציות Android, iOS, macOS ו - Linux של Mullvad, אך ב - Windows עליך [להפעיל ידנית](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad גם מציע גנרטור תצורה WireGuard לשימוש עם הרשמי [apps](https://www.wireguard.com/install/)./install/). +החל מינואר 2020, Proton VPN עבר ביקורת בלתי תלויה על ידי SEC Consult. SEC Consult מצא כמה נקודות תורפה בסיכון בינוני ונמוך ביישומי Windows, Android ו-iOS של Proton VPN, שכולן תוקנו כראוי על ידי Proton VPN לפני פרסום הדוחות. אף אחת מהבעיות שזוהו לא הייתה מספקת לתוקף גישה מרחוק למכשיר או לתעבורה שלך. אתה יכול להציג דוחות בודדים עבור כל פלטפורמה בכתובת [protonvpn.com](https://protonvpn.com/blog/open-source/). באפריל 2022 Proton VPN עבר [ביקורת נוספת](https://protonvpn.com/blog/no-logs-audit/) והדוח [הופק על ידי Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). [מכתב אישור](https://proton.me/blog/security-audit-all-proton-apps) סופק עבור האפליקציות של Proton VPN ב-9 בנובמבר 2021 על ידי [Securitum](https://research.securitum.com). -??? check "תמיכת IPv6" +#### :material-check:{ .pg-green } לקוחות קוד פתוח - Mullvad תומך בעתיד של הרשתות [IPv6](https://en.wikipedia.org/wiki/IPv6). הרשת שלהם מאפשרת לך [לגשת לשירותים המתארחים ב - IPv6]( https://mullvad.net/en/blog/2014/9/15/ipv6-support/) בניגוד לספקים אחרים שחוסמים חיבורי IPv6. +Proton VPN מספק את קוד המקור עבור לקוחות שולחן העבודה והנייד שלהם ב[ארגון GitHub](https://github.com/ProtonVPN) שלהם. -??? success "העברת יציאות מרחוק" +#### :material-check:{ .pg-green } מקבל מזומן - [העברת יציאות] (https://en.wikipedia.org/wiki/Port_forwarding) מרחוק מותרת לאנשים המבצעים תשלומים חד-פעמיים, אך אינה מותרת עבור חשבונות עם אמצעי תשלום חוזר/מבוסס מנוי. זה כדי למנוע מ - Mullvad להיות מסוגל לזהות אותך בהתבסס על השימוש שלך בפורט ופרטי המנוי המאוחסנים. ראה [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) לקבלת מידע נוסף. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? check "קליינטים ניידים" +#### :material-check:{ .pg-green } תמיכה ב-WireGuard - Mullvad פרסם את [App Store]( https://apps.apple.com/app/mullvad-vpn/id1488466513) ואת [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) לקוחות, שניהם תומכים בממשק קל לשימוש במקום לדרוש ממך להגדיר באופן ידני את חיבור WireGuard שלך. קליינט של אנדרואיד מפורסם גם ב [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN תומך בעיקר בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר המשתמש ב[קריפטוגרפיה](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. -??? info "פונקציונליות נוספת" +Proton VPN [ממליץ](https://protonvpn.com/blog/wireguard/) על השימוש ב-WireGuard עם השירות שלהם. באפליקציות Windows, macOS, iOS, Android, ChromeOS ו-Android TV של Proton VPN, פרוטוקול WireGuard הוא ברירת המחדל; עם זאת, [תמיכה](https://protonvpn.com/support/how-to-change-vpn-protocols/) בפרוטוקול אינה קיימת באפליקציית הלינוקס שלהם. - Mullvad מאוד שקוף לגבי אילו צמתים הם [בעלים או שוכרים](https://mullvad.net/en/servers/). הם משתמשים ב-[ShadowSocks](https://shadowsocks.org/) בתצורת ShadowSocks + OpenVPN שלהם, מה שהופך אותם לעמידים יותר בפני חומות אש כאשר [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) מנסה כדי לחסום VPNs. לכאורה, [סין צריכה להשתמש בשיטה אחרת כדי לחסום שרתי ShadowSocks](https://github.com/net4people/bbs/issues/22). האתר של Mullvad נגיש גם דרך Tor בכתובת [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvad.mac7kwad.cn). +#### :material-alert-outline:{ .pg-orange } העברת פורטים מרחוק + +Proton VPN תומך כרגע רק ב[העברת פורטים](https://protonvpn.com/support/port-forwarding/) מרחוק ב-Windows, מה שעשוי להשפיע על יישומים מסוימים. במיוחד יישומי Peer - to - peer כמו לקוחות Torrent. + +#### :material-check:{ .pg-green } לקוחות ניידים + +בנוסף לאספקת קובצי תצורה סטנדרטיים של OpenVPN, ל-Proton VPN יש לקוחות ניידים עבור [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), ו- [GitHub](https://github.com/ProtonVPN/android-app/releases) המאפשרים חיבורים קלים לשרתים שלהם. + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +תוכנות Proton VPN תומכים באימות דו-שלבי בכל הפלטפורמות מלבד לינוקס כרגע. ל - Proton VPN יש שרתים ומרכזי נתונים משלו בשוויץ, איסלנד ושוודיה. הם מציעים חסימת מודעות ודומיינים ידועים של תוכנות זדוניות שחוסמים באמצעות שירות ה - DNS שלהם. בנוסף, Proton VPN מציע גם שרתי "Tor" המאפשרים לך להתחבר בקלות לאתרי בצל, אך אנו עדיין ממליצים בחום להשתמש ב[דפדפן Tor הרשמי](https://www.torproject.org/) למטרה זו. + +#### :material-alert-outline:{ .pg-orange } תכונת Killswitch שבורה במחשבי Mac מבוססי אינטל + +קריסות מערכת [עשויות להתרחש](https://protonvpn.com/support/macos-t2-chip-kill-switch/) במחשבי Mac מבוססי אינטל בעת שימוש במתג ההרוג של VPN. אם אתם זקוקים לתכונה זו, ואתם משתמשים ב - Mac עם ערכת שבבים של Intel, כדאי לכם לשקול להשתמש בשירות VPN אחר. ## קריטריונים @@ -228,7 +234,7 @@ icon: material/vpn חשוב לציין ששימוש בספק VPN לא יהפוך אתכם לאנונימיים, אבל הוא ייתן לכם פרטיות טובה יותר במצבים מסוימים. VPN הוא לא כלי לפעילויות בלתי חוקיות. אל תסמכו על מדיניות "ללא תיעוד ". -**לידיעתך, איננו קשורים לאף אחד מהספקים שאנו ממליצים עליהם. זה מאפשר לנו לספק המלצות אובייקטיביות לחלוטין.** פיתחנו קבוצה ברורה של דרישות עבור כל ספק VPN שרוצה להיות מומלץ, כולל הצפנה חזקה, ביקורות אבטחה עצמאיות, טכנולוגיה מודרנית, ועוד. מומלץ להכיר את הרשימה לפני שבוחרים ספק אימייל, ולבצע מחקר משלך כדי לוודא שספק האימייל שבחרתם הוא הבחירה הנכונה עבורכם. +**לידיעתך, איננו קשורים לאף אחד מהספקים שאנו ממליצים עליהם. זה מאפשר לנו לספק המלצות אובייקטיביות לחלוטין.** בנוסף ל[הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו מערכת ברורה של דרישות עבור כל ספק VPN שרוצה מומלץ, כולל הצפנה חזקה, ביקורות אבטחה עצמאיות, טכנולוגיה מודרנית ועוד. מומלץ להכיר את הרשימה לפני שבוחרים ספק אימייל, ולבצע מחקר משלך כדי לוודא שספק האימייל שבחרתם הוא הבחירה הנכונה עבורכם. ### טכנולוגיה @@ -255,13 +261,13 @@ icon: material/vpn **מינימום כדי לעמוד בדרישות:** -- Monero או אפשרות תשלום במזומן. +- [מטבע קריפטוגרפי אנונימי](cryptocurrency.md) **או** אפשרות תשלום במזומן. - אין צורך במידע אישי כדי להירשם: רק שם משתמש, סיסמה ודוא"ל לכל היותר. **המקרה הטוב ביותר:** -- מקבל Monero, מזומן וצורות אחרות של מטבעות קריפטוגרפיים ו/או אפשרויות תשלום אנונימיות (כרטיסי מתנה וכו') -- לא התקבל מידע אישי (שם משתמש שנוצר באופן אוטומטי, אין צורך בדוא"ל וכו') +- מקבל [אפשרויות תשלום אנונימיות מרובות](advanced/payments.md). +- לא מתקבל מידע אישי (שם משתמש שנוצר אוטומטית, אין צורך באימייל וכו'). ### אבטחה @@ -319,5 +325,3 @@ VPN הוא חסר טעם אם הוא אפילו לא יכול לספק אבטח ### פונקציונליות נוספת אמנם לא דרישות קפדניות, אך ישנם כמה גורמים שבדקנו בעת קביעה על אילו ספקים להמליץ. אלה כוללים פונקציונליות של חסימת מודעות/חסימת מעקב, כנריות, חיבורי מולטי-הופ, תמיכת לקוחות מצוינת, מספר החיבורים המותרים בו זמנית וכו'. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/hi/404.md b/i18n/hi/404.md index ea8d0fb00..25c1c7805 100644 --- a/i18n/hi/404.md +++ b/i18n/hi/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/criteria.md b/i18n/hi/about/criteria.md index 878a68e54..3084230bd 100644 --- a/i18n/hi/about/criteria.md +++ b/i18n/hi/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/donate.md b/i18n/hi/about/donate.md index 000784786..8accd67a1 100644 --- a/i18n/hi/about/donate.md +++ b/i18n/hi/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/index.md b/i18n/hi/about/index.md index e62a6246c..619406fee 100644 --- a/i18n/hi/about/index.md +++ b/i18n/hi/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/notices.md b/i18n/hi/about/notices.md index ba8c57dc1..bb32edd50 100644 --- a/i18n/hi/about/notices.md +++ b/i18n/hi/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/privacy-policy.md b/i18n/hi/about/privacy-policy.md index 50f13af33..26c668d1a 100644 --- a/i18n/hi/about/privacy-policy.md +++ b/i18n/hi/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/privacytools.md b/i18n/hi/about/privacytools.md index 629182c55..515c21f59 100644 --- a/i18n/hi/about/privacytools.md +++ b/i18n/hi/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/services.md b/i18n/hi/about/services.md index 47b16537d..71f2c95b7 100644 --- a/i18n/hi/about/services.md +++ b/i18n/hi/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/statistics.md b/i18n/hi/about/statistics.md index 57fc3201b..8f17240c3 100644 --- a/i18n/hi/about/statistics.md +++ b/i18n/hi/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/advanced/communication-network-types.md b/i18n/hi/advanced/communication-network-types.md index ee4dba11a..1f07a2c4c 100644 --- a/i18n/hi/advanced/communication-network-types.md +++ b/i18n/hi/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/advanced/dns-overview.md b/i18n/hi/advanced/dns-overview.md index f8bee7578..b47af2809 100644 --- a/i18n/hi/advanced/dns-overview.md +++ b/i18n/hi/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/advanced/payments.md b/i18n/hi/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/hi/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/hi/advanced/tor-overview.md b/i18n/hi/advanced/tor-overview.md index 391dcf44c..dd9d2a951 100644 --- a/i18n/hi/advanced/tor-overview.md +++ b/i18n/hi/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.hi.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/hi/android.md b/i18n/hi/android.md index c7b2365ec..3da86daae 100644 --- a/i18n/hi/android.md +++ b/i18n/hi/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/account-creation.md b/i18n/hi/basics/account-creation.md index 1c3411fd0..afa5d429f 100644 --- a/i18n/hi/basics/account-creation.md +++ b/i18n/hi/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/account-deletion.md b/i18n/hi/basics/account-deletion.md index c56e5fd7d..2498d6045 100644 --- a/i18n/hi/basics/account-deletion.md +++ b/i18n/hi/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/common-misconceptions.md b/i18n/hi/basics/common-misconceptions.md index 2063c0993..41997417f 100644 --- a/i18n/hi/basics/common-misconceptions.md +++ b/i18n/hi/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.hi.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/hi/basics/common-threats.md b/i18n/hi/basics/common-threats.md index 63a0da877..e278c0cbf 100644 --- a/i18n/hi/basics/common-threats.md +++ b/i18n/hi/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.hi.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/hi/basics/email-security.md b/i18n/hi/basics/email-security.md index e84865455..f0c2fb579 100644 --- a/i18n/hi/basics/email-security.md +++ b/i18n/hi/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/multi-factor-authentication.md b/i18n/hi/basics/multi-factor-authentication.md index cb0fd3d50..ae57848d5 100644 --- a/i18n/hi/basics/multi-factor-authentication.md +++ b/i18n/hi/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/passwords-overview.md b/i18n/hi/basics/passwords-overview.md index 7eeecf900..6858d8b5b 100644 --- a/i18n/hi/basics/passwords-overview.md +++ b/i18n/hi/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/threat-modeling.md b/i18n/hi/basics/threat-modeling.md index 12e4631c9..fc1b3b411 100644 --- a/i18n/hi/basics/threat-modeling.md +++ b/i18n/hi/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/vpn-overview.md b/i18n/hi/basics/vpn-overview.md index cc8a6dc07..a1a007f52 100644 --- a/i18n/hi/basics/vpn-overview.md +++ b/i18n/hi/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/calendar.md b/i18n/hi/calendar.md index cbbbf3ef2..bbcb033ad 100644 --- a/i18n/hi/calendar.md +++ b/i18n/hi/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/cloud.md b/i18n/hi/cloud.md index 4c7bdf333..2bcc2596f 100644 --- a/i18n/hi/cloud.md +++ b/i18n/hi/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/cryptocurrency.md b/i18n/hi/cryptocurrency.md new file mode 100644 index 000000000..ba06ba1ea --- /dev/null +++ b/i18n/hi/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/hi/data-redaction.md b/i18n/hi/data-redaction.md index 6e399daad..961594a8d 100644 --- a/i18n/hi/data-redaction.md +++ b/i18n/hi/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/desktop-browsers.md b/i18n/hi/desktop-browsers.md index 8e09bd84b..1c21c296f 100644 --- a/i18n/hi/desktop-browsers.md +++ b/i18n/hi/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.hi.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/hi/desktop.md b/i18n/hi/desktop.md index 5aa6085cb..2db4d1191 100644 --- a/i18n/hi/desktop.md +++ b/i18n/hi/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/dns.md b/i18n/hi/dns.md index af197583b..a8cc21dac 100644 --- a/i18n/hi/dns.md +++ b/i18n/hi/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.hi.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/hi/email-clients.md b/i18n/hi/email-clients.md index f8fa806ae..eec0e2923 100644 --- a/i18n/hi/email-clients.md +++ b/i18n/hi/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/email.md b/i18n/hi/email.md index f889db93c..7ab4c31d5 100644 --- a/i18n/hi/email.md +++ b/i18n/hi/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/encryption.md b/i18n/hi/encryption.md index 95f38ae10..ded8533b1 100644 --- a/i18n/hi/encryption.md +++ b/i18n/hi/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/file-sharing.md b/i18n/hi/file-sharing.md index eda8ee23b..3e79d791f 100644 --- a/i18n/hi/file-sharing.md +++ b/i18n/hi/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/financial-services.md b/i18n/hi/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/hi/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/hi/frontends.md b/i18n/hi/frontends.md index ba452c967..7f245f412 100644 --- a/i18n/hi/frontends.md +++ b/i18n/hi/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/index.md b/i18n/hi/index.md index 98f3b7a68..8beca3227 100644 --- a/i18n/hi/index.md +++ b/i18n/hi/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/kb-archive.md b/i18n/hi/kb-archive.md index bd5240aaf..92daee33b 100644 --- a/i18n/hi/kb-archive.md +++ b/i18n/hi/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/meta/brand.md b/i18n/hi/meta/brand.md index c69aebc09..53cb9ac42 100644 --- a/i18n/hi/meta/brand.md +++ b/i18n/hi/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/meta/git-recommendations.md b/i18n/hi/meta/git-recommendations.md index 29f476994..f59b5f81f 100644 --- a/i18n/hi/meta/git-recommendations.md +++ b/i18n/hi/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/meta/uploading-images.md b/i18n/hi/meta/uploading-images.md index 993aeddc5..55f136f8a 100644 --- a/i18n/hi/meta/uploading-images.md +++ b/i18n/hi/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/meta/writing-style.md b/i18n/hi/meta/writing-style.md index 9d1a71dcc..b9e47a716 100644 --- a/i18n/hi/meta/writing-style.md +++ b/i18n/hi/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/mobile-browsers.md b/i18n/hi/mobile-browsers.md index 372e68618..d7adee8f3 100644 --- a/i18n/hi/mobile-browsers.md +++ b/i18n/hi/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/multi-factor-authentication.md b/i18n/hi/multi-factor-authentication.md index 0ca3889ae..41030fe3b 100644 --- a/i18n/hi/multi-factor-authentication.md +++ b/i18n/hi/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/news-aggregators.md b/i18n/hi/news-aggregators.md index cb274afbe..2dad5ac09 100644 --- a/i18n/hi/news-aggregators.md +++ b/i18n/hi/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/notebooks.md b/i18n/hi/notebooks.md index c9a384a9c..0739f6680 100644 --- a/i18n/hi/notebooks.md +++ b/i18n/hi/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/os/android-overview.md b/i18n/hi/os/android-overview.md index 2c160eb4d..a78631a2a 100644 --- a/i18n/hi/os/android-overview.md +++ b/i18n/hi/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/os/linux-overview.md b/i18n/hi/os/linux-overview.md index f9fd41ec4..8ec2c9e78 100644 --- a/i18n/hi/os/linux-overview.md +++ b/i18n/hi/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/os/qubes-overview.md b/i18n/hi/os/qubes-overview.md index 03ead5d16..17b286b9f 100644 --- a/i18n/hi/os/qubes-overview.md +++ b/i18n/hi/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/passwords.md b/i18n/hi/passwords.md index 60b444a1a..e81f1186e 100644 --- a/i18n/hi/passwords.md +++ b/i18n/hi/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/productivity.md b/i18n/hi/productivity.md index 9ceadc585..4490325da 100644 --- a/i18n/hi/productivity.md +++ b/i18n/hi/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/real-time-communication.md b/i18n/hi/real-time-communication.md index 0173ca22d..68f9d767b 100644 --- a/i18n/hi/real-time-communication.md +++ b/i18n/hi/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/router.md b/i18n/hi/router.md index 83ec4b440..a494c017d 100644 --- a/i18n/hi/router.md +++ b/i18n/hi/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/search-engines.md b/i18n/hi/search-engines.md index 9c28c3d2c..911525d7d 100644 --- a/i18n/hi/search-engines.md +++ b/i18n/hi/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/tools.md b/i18n/hi/tools.md index 14260007f..ef945a945 100644 --- a/i18n/hi/tools.md +++ b/i18n/hi/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/tor.md b/i18n/hi/tor.md index f7433836f..ce93c961d 100644 --- a/i18n/hi/tor.md +++ b/i18n/hi/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/video-streaming.md b/i18n/hi/video-streaming.md index e69793472..8f8ebd0b8 100644 --- a/i18n/hi/video-streaming.md +++ b/i18n/hi/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/vpn.md b/i18n/hi/vpn.md index cc88b7486..6bba25466 100644 --- a/i18n/hi/vpn.md +++ b/i18n/hi/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hu/404.md b/i18n/hu/404.md index 5897ccbe8..5aa957fcc 100644 --- a/i18n/hu/404.md +++ b/i18n/hu/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Nem Található @@ -13,5 +17,3 @@ Nem található az oldal, amit kerestél! Lehet, hogy ezek közül kerested vala - [Legjobb VPN Szolgáltatók](vpn.md) - [Privacy Guides Fórum](https://discuss.privacyguides.net) - [Blogunk](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/criteria.md b/i18n/hu/about/criteria.md index abd53f329..5697f9e36 100644 --- a/i18n/hu/about/criteria.md +++ b/i18n/hu/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/donate.md b/i18n/hu/about/donate.md index 90abeda88..d96f624fc 100644 --- a/i18n/hu/about/donate.md +++ b/i18n/hu/about/donate.md @@ -40,7 +40,7 @@ A weboldalra érkező forgalom több száz gigabájtnyi adatot használ havonta, **Online Szolgáltatások** : -[Internetes szolgáltatásokat](https://privacyguides.net) üzemeltetünk a különböző adatvédelmi termékek teszteléséhez és bemutatásához amiket kedvelünk és [ajánlunk](../tools.md). Ezek közül néhányat nyilvánosan elérhetővé teszünk a közösségünk számára (SearXNG, Tor, stb.), néhányat pedig a csapatunk tagjai számára biztosítunk (e-mail, stb.). +[Internetes szolgáltatásokat](https://privacyguides.net) üzemeltetünk a különböző adatvédelmi termékek teszteléséhez és bemutatásához amiket kedvelünk és [ajánlunk](../tools.md). Ezek közül néhányat nyilvánosan elérhetővé teszünk a közösségünk számára (SearXNG, Tor, stb.), néhányat pedig a csapatunk tagjai számára biztosítunk (email, stb.). **Termékvásárlások** : @@ -48,5 +48,3 @@ A weboldalra érkező forgalom több száz gigabájtnyi adatot használ havonta, Alkalmanként vásárolunk termékeket és szolgáltatásokat az [ajánlott eszközeink](../tools.md) tesztelése céljából. Még mindig dolgozunk a pénzügyi házigazdánkkal (az Open Collective Foundation-nel), hogy fogadni tudjunk kriptovaluta adományokat, jelenleg a könyvelés sok kisebb tranzakció esetében kivitelezhetetlen, de ez a jövőben valószínűleg változni fog. Addig is, ha szeretnél egy nagyobb összegű (> $100) kriptovaluta adományt tenni, kérjük, írj a [jonah@privacyguides.org](mailto:jonah@privacyguides.org) címre. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/index.md b/i18n/hu/about/index.md index 0ab39295f..8d79c5f68 100644 --- a/i18n/hu/about/index.md +++ b/i18n/hu/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "A Privacy Guides-ról" +description: A Privacy Guides egy szociálisan motivált weboldal, amely információkat nyújt az adatbiztonság és a magánélet védelméről. --- -A **Privacy Guides** egy szociálisan motivált weboldal, amely az adatbiztonságról és az adatvédelemről nyújt tájékoztatást. Mi egy non-profit csoport vagyunk, ameit teljes egészében önkéntes [csapattagok](https://discuss.privacyguides.net/g/team) és közreműködők működtetnek. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: A projekt támogatása](donate.md ""){.md-button.md-button--primary} +A **Privacy Guides** egy szociálisan motivált weboldal, amely [információkat nyújt](/kb) az adatbiztonság és a magánélet védelméről. Mi egy non-profit csoport vagyunk, ameit teljes egészében önkéntes [csapattagok](https://discuss.privacyguides.net/g/team) és közreműködők működtetnek. Weboldalunk reklámoktól mentes, és nem áll kapcsolatban egy említett szolgáltatóval sem. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Honlap } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Forráskód" } +[:octicons-heart-16:](donate.md){ .card-link title=Közreműködés } + +A Privacy Guides célja, hogy tájékoztassa közösségünket az online adatvédelem és magánélet fontosságáról és nemzetközi kormányzati programokról, amelyek célja az összes online tevékenységed nyomon követése. + +> Hogy [adatvédelemre összpontosító alternatív] alkalmazásokat találj, tekints meg olyan oldalakat, mint a Good Reports és a **Privacy Guides**, amelyek adatvédelemre összpontosító alkalmazásokat sorolnak fel különböző kategóriákban, beleértve az olyan (általában fizetős) e-mail szolgáltatókat is, amelyeket nem big tech vállalatok üzemeltetnek. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> Ha egy új VPN-t keresel, akkor szinte bármelyik podcastban találsz egy kedvezménykódot. Ha egy **jó** VPN-t keresel, akkor profi segítségre van szükséged. Ugyanez vonatkozik e-mail kliensekre, böngészőkre, operációs rendszerekre és jelszókezelőkre. Honnan tudhatod, hogy melyik a legjobb, legbiztonságosabb, a magánéletet legjobban tisztelő választás? Ehhez van itt a **Privacy Guides**, egy olyan platform, amelyen számos önkéntes nap mint nap keresi a legjobb adatvédelmi eszközöket az interneten. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Hollandról Fordítva] + +Szintén szerepelt: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)] és [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## Történet + +A Privacy Guides 2021 szeptemberében indult a [kihalt](privacytools.md) "PrivacyTools" nyílt forráskódú tájékoztatási projekt folytatásaként. Felismertük a független, kritériumokra összpontosító termékajánlások és az általános ismeretek fontosságát az adatvédelmi térben, ezért kellett megőriznünk a 2015 óta oly sok közreműködő által létrehozott munkát, és gondoskodnunk kellett arról, hogy az információknak stabil otthont biztosítsunk a weben, nem meghatározott időre. + +2022-ben befejeztük a fő weboldal keretrendszerünk átállítását Jekyllről MkDocs-ra, az `mkdocs-material` dokumentációs szoftver használatával. Ez a változtatás jelentősen megkönnyítette a nyílt forráskódú hozzájárulásokat az oldalunkhoz kívülállók számára, mivel ahelyett, hogy bonyolult szintaxist kellene ismerni a hozzájárulások hatékony megírásához, a közreműködés mostantól annyira egyszerű, mint egy hagyományos Markdown dokumentum megírása. + +Emellett elindítottuk új vitafórumunkat a [discuss.privacyguides.net](https://discuss.privacyguides.net/) címen, amely közösségi platformként szolgál a küldetésünkkel kapcsolatos ötletek megosztására és kérdések feltevésére. Ez kiegészíti a Matrixon már meglévő közösségünket, és felváltja a korábbi GitHub Discussions platformunkat, csökkentve ezzel a jogvédett vitaplatformoktól való függőségünket. + +Eddig 2023-ban elindítottuk honlapunk nemzetközi fordításait [francia](/fr/), [héber](/he/), és [holland](/nl/) nyelveken, továbbiakkal készülőben, amit kiváló fordítócsapatunk tesz lehetővé a [Crowdin](https://crowdin.com/project/privacyguides)-on. Úgy tervezzük, hogy továbbra is folytatjuk a tájékoztató és oktató tevékenységünket, valamint hogy több módját találjuk meg annak, hogy még tisztábban kiemeljük az adatvédelmi tudatosság hiányának veszélyeit a modern digitális korban, valamint a biztonsági rések elterjedtségét és ártalmait a technológiai iparágban. ## Csapatunk @@ -48,9 +76,9 @@ A **Privacy Guides** egy szociálisan motivált weboldal, amely az adatbiztonsá - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Továbbá, [többen is](https://github.com/privacyguides/privacyguides.org/graphs/contributors) hozzá járultak a projekthez. Akár te is, nyílt forráskódúak vagyunk a GitHub-on! +Továbbá, [többen is](https://github.com/privacyguides/privacyguides.org/graphs/contributors) hozzájárultak a projekthez. Te is megteheted, nyílt forráskódúak vagyunk GitHubon, és fordítási javaslatokat fogadunk el [Crowdin](https://crowdin.com/project/privacyguides)-on. -Csapatunk tagjai felülvizsgálják a weboldalon végrehajtott összes változtatást, és olyan adminisztratív feladatokat látnak el, mint a webes üzemeltetés és a pénzügyek, azonban személyesen nem profitálnak a weboldalon tett hozzájárulásokból. Pénzügyi adatainkat átláthatóan az Open Collective Foundation 501(c)(3) szervezi az [opencollective.com/privacyguides](https://opencollective.com/privacyguides) címen. A Privacy Guides-nak adott adományok általában jogosultak adólevonásra az Egyesült Államokban. +Csapatunk tagjai felülvizsgálják a weboldalon végrehajtott összes változtatást, és olyan adminisztratív feladatokat látnak el, mint a webes üzemeltetés és a pénzügyek, azonban személyesen nem profitálnak a weboldalon tett hozzájárulásokból. Pénzügyi adatainkat átláthatóan az Open Collective Foundation 501(c)(3) szervezi az [opencollective.com/privacyguides](https://opencollective.com/privacyguides) címen. A Privacy Guides-nak adott adományok általában adólevonásra jogosultak az Egyesült Államokban. ## Webhelylicenc @@ -59,5 +87,3 @@ Csapatunk tagjai felülvizsgálják a weboldalon végrehajtott összes változta :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Eltérő megjegyzés hiányában a weboldal eredeti tartalma a [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE) alatt érhető el. Ez azt jelenti, hogy te szabadon másolhatod és terjesztheted az anyagot bármilyen médiumban vagy formátumban, bármilyen célból, akár kereskedelmi céllal is; feltéve, hogy megfelelően hivatkozol a `Privacy Guides (www.privacyguides.org)` címre, és biztosítasz egy linket a licenchez. Te **nem** használhatod a Privacy Guides márkajelzéseit saját projektedben ennek a projektnek a kifejezett jóváhagyása nélkül. Ha a weboldal tartalmát remixeled, átalakítod, vagy arra építesz, a módosított anyagot nem terjesztheted. Ez a licenc azért van érvényben, hogy megakadályozzuk, a munkánk megfelelő elismerés nélküli megosztását és félrevezetésre használt módosítását. Ha úgy találod, hogy a licenc feltételei túlságosan korlátozóak a projekthez, amelyen dolgozol, kérjük, fordulj hozzánk a `jonah@privacyguides.org` címen. Örömmel biztosítunk alternatív licencelési lehetőségeket jó szándékú projektek számára adatvédelmi térben! - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/notices.md b/i18n/hu/about/notices.md index 8661b83f7..b1c378197 100644 --- a/i18n/hu/about/notices.md +++ b/i18n/hu/about/notices.md @@ -41,5 +41,3 @@ Kifejezett írásbeli hozzájárulás nélkül nem végezhetsz semmilyen sziszte * Scrapelés * Adatbányászat * 'Framelés' (IFramek) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/privacy-policy.md b/i18n/hu/about/privacy-policy.md index 4633a141b..ea536d3c3 100644 --- a/i18n/hu/about/privacy-policy.md +++ b/i18n/hu/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Adatvédelmi Nyilatkozat" +title: "Adatvédelmi Tájékoztató" --- A Privacy Guides egy közösségi projekt, amelyet számos aktív önkéntes közreműködő működtet. A csapattagok nyilvános listája [megtalálható a GitHub-on](https://github.com/orgs/privacyguides/people). @@ -25,7 +25,7 @@ Az összegyűjtött adatok közé tartoznak a hivatkozási források, a legnéps Egyes általunk kínált weboldalon és szolgáltatáson számos funkcióhoz fiókra lehet szükség. Egy fórumplatformon például a témákhoz való posztoláshoz és hozzászóláshoz fiókra lehet szükség. -A legtöbb fiókhoz való regisztrációhoz egy nevet, felhasználónevet, e-mail címet és jelszót kell megadnod. Amennyiben egy weboldal az említett adatoknál több információt igényel, az egyértelműen jelezve lesz, és külön adatvédelmi nyilatkozatban lesz feltüntetve. +A legtöbb fiókhoz való regisztrációhoz egy nevet, felhasználónevet, email címet és jelszót kell megadnod. Amennyiben egy weboldal az említett adatoknál több információt igényel, az egyértelműen jelezve lesz, és külön adatvédelmi tájékoztatóban lesz feltüntetve. A fiókadataidat arra használjuk, hogy azonosítsunk a weboldalon, és hogy jellemző oldalakat, például a profiloldaladat létrehozzuk. A fiókadataidat arra is felhasználjuk, hogy nyilvános profilt tegyünk közzé számodra a szolgáltatásainkban. @@ -56,8 +56,6 @@ GDPR alá eső általános panaszok esetében a helyi adatvédelmi felügyeleti ## A Jelen Szabályzatról -A nyilatkozat bármely új verzióját [itt fogjuk közzétenni](privacy-policy.md). Előfordulhat, hogy a dokumentum jövőbeli verzióinál megváltoztatjuk a változások bejelentésének módját. Időközben bármikor frissíthetjük elérhetőségeinket anélkül, hogy a változást bejelentenénk. A legfrissebb elérhetőségekért kérjük, hivatkozz bármikor az [Adatvédelmi tájékoztatóra](privacy-policy.md). +A tájékoztató bármely új verzióját [itt fogjuk közzétenni](privacy-policy.md). Előfordulhat, hogy a dokumentum jövőbeli verzióinál megváltoztatjuk a változások bejelentésének módját. Időközben bármikor frissíthetjük elérhetőségeinket anélkül, hogy a változást bejelentenénk. A legfrissebb elérhetőségekért kérjük, hivatkozz bármikor az [Adatvédelmi Tájékoztatóra](privacy-policy.md). Az oldal teljes [előzménye](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) a GitHub-on található meg. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/privacytools.md b/i18n/hu/about/privacytools.md index 3a543f2b6..f54fe7226 100644 --- a/i18n/hu/about/privacytools.md +++ b/i18n/hu/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/services.md b/i18n/hu/about/services.md index ef8e061bb..3d8eb6b03 100644 --- a/i18n/hu/about/services.md +++ b/i18n/hu/about/services.md @@ -36,5 +36,3 @@ Számos webes szolgáltatást futtatunk, hogy teszteljünk funkciókat és néps - Elérhetőség: Félig Nyilvános Az Invidioust elsősorban beágyazott YouTube-videók szolgáltatásához üzemeltetjük a webhelyünkön, ez az instance általános célú használatra nem szolgál, és bármikor korlátozható. - Forrás: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/statistics.md b/i18n/hu/about/statistics.md index 6ecfd1489..4285a5af6 100644 --- a/i18n/hu/about/statistics.md +++ b/i18n/hu/about/statistics.md @@ -59,5 +59,3 @@ title: Forgalom Statisztikák }) }) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/advanced/communication-network-types.md b/i18n/hu/advanced/communication-network-types.md index 0b376b8db..b8ed4ac75 100644 --- a/i18n/hu/advanced/communication-network-types.md +++ b/i18n/hu/advanced/communication-network-types.md @@ -1,11 +1,12 @@ --- title: "Kommunikációs Hálózatok Típusai" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- -Emberek közötti üzenetek továbbítására többféle hálózati architektúra használható. Ezek a hálózatok különböző magánéleti garanciákat nyújthatnak, ezért érdemes figyelembe venned a [védelmk modelledet](../basics/threat-modeling.md), amikor eldöntöd, hogy melyik alkalmazást fogod használni. +Személyek közötti üzenetek továbbítására többféle hálózati architektúra használható. Ezek a hálózatok különböző magánéleti garanciákat nyújthatnak, ezért érdemes figyelembe venned a [védelmk modelledet](../basics/threat-modeling.md), amikor eldöntöd, hogy melyik alkalmazást fogod használni. -[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} +[Ajánlott Azonnali Üzenetküldők](../real-time-communication.md ""){.md-button} ## Központosított Hálózatok @@ -78,7 +79,7 @@ P2P networks do not use servers, as peers communicate directly between each othe - Some common messenger features may not be implemented or incompletely, such as message deletion. - Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../vpn.md) or [Tor](../tor.md). Many countries have some form of mass surveillance and/or metadata retention. -## Anoním Forgalomirányítás +## Anonim Forgalomirányítás ![Anoním forgalomirányítási diagram](../assets/img/layout/network-anonymous-routing.svg){ align=left } @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/advanced/dns-overview.md b/i18n/hu/advanced/dns-overview.md index 374454886..b47af2809 100644 --- a/i18n/hu/advanced/dns-overview.md +++ b/i18n/hu/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/advanced/payments.md b/i18n/hu/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/hu/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/hu/advanced/tor-overview.md b/i18n/hu/advanced/tor-overview.md index 2e5d990e1..6b3f89c2e 100644 --- a/i18n/hu/advanced/tor-overview.md +++ b/i18n/hu/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- -title: "Tor Overview" +title: "Tor Áttekintés" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.hu.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/hu/android.md b/i18n/hu/android.md index cacaf7367..8b518ba2b 100644 --- a/i18n/hu/android.md +++ b/i18n/hu/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -320,11 +322,11 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Operációs Rendszerek @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/account-creation.md b/i18n/hu/basics/account-creation.md index 6e85bfaa5..19433a61f 100644 --- a/i18n/hu/basics/account-creation.md +++ b/i18n/hu/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/account-deletion.md b/i18n/hu/basics/account-deletion.md index a5526014f..c80330191 100644 --- a/i18n/hu/basics/account-deletion.md +++ b/i18n/hu/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Fiókok törlése" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/common-misconceptions.md b/i18n/hu/basics/common-misconceptions.md index 43826ee5f..4dcf10933 100644 --- a/i18n/hu/basics/common-misconceptions.md +++ b/i18n/hu/basics/common-misconceptions.md @@ -1,34 +1,35 @@ --- -title: "Common Misconceptions" +title: "Gyakori Tévhitek" icon: 'material/robot-confused' +description: Az adatvédelem nem egy egyszerű téma, és könnyű belekeveredni marketinges állításokba és egyéb dezinformációkba. --- -## "Open-source software is always secure" or "Proprietary software is more secure" +## "A nyílt forráskódú szoftverek mindig biztonságosak" vagy "A jogvédett szoftverek biztonságosabbak" -These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. +Ezek a mítoszok számos előítéletből fakadnak, de az, hogy a forráskód elérhető-e, és hogy a szoftverek licencelése hogyan történik, nem befolyásolja annak biztonságát semmilyen módon. ==A nyílt forráskódú szoftverek potenciálisan ** biztonságosabbak, mint a jogvédett szoftverek, de egyáltalán nem garantálható, hogy ez így is van.== Egy szoftver elbírálásánál az egyes eszközök hírnevét és biztonságát egyénileg kell megvizsgálni. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1] +Nyílt forráskódú szoftverek felülvizsgál*hatók* harmadik felek által, és gyakran átláthatóbbak lehetséges sebezhetőségek esetében, mint a jogvédett szoftverek. Azt is lehetővé teszi, hogy felülvizsgáld a kódot, és letiltsd a gyanús funkciókat, amiket találsz. Azonban, *ha nem így teszel*, nincs garancia arra, hogy a kód valaha is el lett bírálva, különösen a kisebb szoftverprojektek esetében. A nyílt fejlesztési folyamat is ki lett használva arra, hogy új sebezhetőségeket építsenek be még nagyobb projektekbe is.[^1] -On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. +A másik oldalon a jogvédett szoftverek kevésbé átláthatóak, de ez nem jelenti azt, hogy nem biztonságosak. A nagyobb jogvédett szoftverprojektek belső és harmadik fél által is felülvizsgálhatók, és független biztonsági kutatók továbbra is találhatnak sebezhetőségeket olyan technikákkal, mint a reverse engineering. -To avoid biased decisions, it's *vital* that you evaluate the privacy and security standards of the software you use. +Az elfogult döntések elkerülése érdekében *létfontosságú*, hogy elbíráld az általad használt szoftverek adatvédelmi és biztonsági szabványait. -## "Shifting trust can increase privacy" +## "A bizalom áthelyezése növelheti a magánélet védelmét" -We talk about "shifting trust" a lot when discussing solutions like VPNs (which shift the trust you place in your ISP to the VPN provider). While this protects your browsing data from your ISP *specifically*, the VPN provider you choose still has access to your browsing data: Your data isn't completely secured from all parties. This means that: +Sokat beszélünk a "bizalom áthelyezéséről", amikor olyan megoldásokról beszélünk, mint a VPN-ek (amelyek az internetszolgáltatódba vetett bizalmat a VPN-szolgáltatóra helyezik át). Míg ez megvédi a böngészési adataid az internetszolgáltatódtól *konkrétan*, a választott VPN szolgáltató továbbra is hozzáfér a böngészési adatokhoz: Az adataid nincsenek teljesen védve minden féltől. Ez azt jelenti, hogy: -1. You must exercise caution when choosing a provider to shift trust to. -2. You should still use other techniques, like E2EE, to protect your data completely. Merely distrusting one provider to trust another is not securing your data. +1. Óvatosan kell eljárnod, amikor kiválasztasz egy szolgáltatót, akire áthelyezed a bizalmat. +2. Az adatok teljes védelme érdekében továbbra is egyéb technikákat kell alkalmaznod, például End-to-End titkosítást. Ha csak azért nem bízol egy szolgáltatóban, hogy egy másikban bíz, az nem jelenti az adataid védelmét. -## "Privacy-focused solutions are inherently trustworthy" +## "Az adatvédelemre összpontosító megoldások eredendően megbízhatóak" -Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../encryption.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider. +Ha kizárólag egy eszköz vagy szolgáltató adatvédelmi szabályzatára és marketingjére koncentrálsz, az elvakíthat annak gyengeségeivel szemben. Ha privát megoldást keresel, meg kell határozni, hogy mi az az mögött megbúvó probléma, és műszaki megoldásokat kell találni erre a problémára. Érdemes például elkerülni a Google Drive-ot, amely a Google számára hozzáférést biztosít az összes adatodhoz. A probléma ebben az esetben az End-to-End titkosítás hiánya, ezért meg kell győződnöd arról, hogy a szolgáltató, amelyre váltasz, valóban megvalósítja az End-to-End titkosítást, vagy olyan eszközt használsz (mint például a [Cryptomator](../encryption.md#cryptomator-cloud)), amely bármely felhőszolgáltatónál biztosítja az End-to-End titkosítást. Azzal, hogy egy "adatvédelemre összpontosító" szolgáltatóra váltasz (amely nem alkalmaz End-to-End titkoítást), nem oldja meg a problémádat: csak a bizalmat helyezi át a Google-tól az adott szolgáltatóra. -The privacy policies and business practices of providers you choose are very important, but should be considered secondary to technical guarantees of your privacy: You shouldn't shift trust to another provider when trusting a provider isn't a requirement at all. +Az általad választott szolgáltatók adatvédelmi irányelvei és üzleti gyakorlatai nagyon fontosak, de másodlagosnak kell tekinteni az adatvédelmed technikai garanciáihoz képest: Ne helyezd át a bizalmat egy másik szolgáltatóra, ha a szolgáltatóban való bizalom egyáltalán nem is szükséges. -## "Complicated is better" +## "A bonyolult jobb" -We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?" +Gyakran látjuk, hogy az emberek túlságosan összetett adatvédelmi védelmi modelleket írnak le. Ezek a megoldások gyakran olyan problémákat tartalmaznak, mint sok különböző email fiók vagy bonyolult felállások sok mozgó alkatrésszel és feltétellel. A válaszok általában a "Mi a legjobb módja, hogy *X*-t csinálj?" kérdésre adnak választ. Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips: @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.hu.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/hu/basics/common-threats.md b/i18n/hu/basics/common-threats.md index 708ae5176..6f9a3cac3 100644 --- a/i18n/hu/basics/common-threats.md +++ b/i18n/hu/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Gyakori veszélyek" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.hu.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/hu/basics/email-security.md b/i18n/hu/basics/email-security.md index 77db867da..f0c2fb579 100644 --- a/i18n/hu/basics/email-security.md +++ b/i18n/hu/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/multi-factor-authentication.md b/i18n/hu/basics/multi-factor-authentication.md index 78176d0dc..e2b40a9b4 100644 --- a/i18n/hu/basics/multi-factor-authentication.md +++ b/i18n/hu/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication - Többlépcsős Hitelesítés" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/passwords-overview.md b/i18n/hu/basics/passwords-overview.md index 8c7a57cb9..060100139 100644 --- a/i18n/hu/basics/passwords-overview.md +++ b/i18n/hu/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/threat-modeling.md b/i18n/hu/basics/threat-modeling.md index 3e2e5a94e..fc1b3b411 100644 --- a/i18n/hu/basics/threat-modeling.md +++ b/i18n/hu/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/vpn-overview.md b/i18n/hu/basics/vpn-overview.md index 774af7595..a1a007f52 100644 --- a/i18n/hu/basics/vpn-overview.md +++ b/i18n/hu/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/calendar.md b/i18n/hu/calendar.md index d81f428d6..6683d53ef 100644 --- a/i18n/hu/calendar.md +++ b/i18n/hu/calendar.md @@ -1,6 +1,7 @@ --- title: "Naptár Szinkronizálás" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to-End titkosítást megvalósító termékeket, hogy megakadályozd, hogy a szolgáltató elolvassa ezeket. @@ -12,12 +13,12 @@ A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to ![Tutanota logo](assets/img/calendar/tutanota.svg#only-light){ align=right } ![Tutanota logo](assets/img/calendar/tutanota-dark.svg#only-dark){ align=right } - **A **Tutanota** ingyenes és titkosított naptárat kínál a támogatott platformjain keresztül. A funkciók közé tartoznak: az összes adat automatikus End-to-End titkosítása, megosztási funkciók, import/export funkciók, multifaktoros hitelesítés és még [sok más](https://tutanota.com/calendar-app-comparison/). + **A **Tutanota** ingyenes és titkosított naptárat kínál a támogatott platformjain keresztül. A funkciók közé tartoznak: az összes adat automatikus End-to-End titkosítása, megosztási funkciók, import/export funkciók, többlépcsős hitelesítés és még [sok más](https://tutanota.com/calendar-app-comparison/). A több naptár és kiterjesztett megosztási funkciók csak a fizetett előfizetőknek elérhető. [:octicons-home-16: Honlap](https://tutanota.com/calendar){ .md-button .md-button--primary } - [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentáció} [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Forráskód" } [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Közreműködés } @@ -41,7 +42,7 @@ A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to A **Proton Calendar** egy titkosított naptárszolgáltatás, amely a Proton-tagok számára webes vagy mobilklienseken keresztül érhető el. A funkciók közé tartoznak: az összes adat automatikus End-to-End titkosítása, megosztási funkciók, import/export funkciók és még [sok más](https://proton.me/support/proton-calendar-guide). Az ingyenes előfizetéssel rendelkezők egyetlen naptárhoz kapnak hozzáférést, míg a fizetett előfizetők akár 20 naptárat is létrehozhatnak. Kiterjesztett megosztási funkciók szintén csak a fizetett előfizetőknek elérhető. [:octicons-home-16: Honlap](https://proton.me/calendar){ .md-button .md-button--primary } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Forráskód" } @@ -52,7 +53,7 @@ A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -67,5 +68,3 @@ A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy tökéletes projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon. - Adott esetben integrálódnia kell az operációs rendszer natív naptár- és névjegykezelő alkalmazásaival. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/cloud.md b/i18n/hu/cloud.md index caa4d4009..324fe5631 100644 --- a/i18n/hu/cloud.md +++ b/i18n/hu/cloud.md @@ -1,6 +1,7 @@ --- title: "Felhőtárhely" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Sok felhőalapú tárhelyszolgáltatónak elvárása a teljes bizalmad abban, hogy nem fogják megnézni a fájljaidat. Az lent felsorolt alternatívák kiküszöbölik a bizalom szükségességét azáltal, hogy a te kezedbe helyezik az adataid fölötti kontrollt, vagy End-to-End titkosítást használnak. @@ -17,10 +18,10 @@ Ha ezek az alternatívák nem felelnek meg az igényeidnek, javasoljuk, hogy tek ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } - A **Proton Drive** egy End-to-End titkosított általános fájltároló szolgáltatás a népszerű titkosított e-mail szolgáltatótól a [Proton Mail](https://proton.me/mail)-től. + A **Proton Drive** egy End-to-End titkosított általános fájltároló szolgáltatás a népszerű titkosított email szolgáltatótól a [Proton Mail](https://proton.me/mail)-től. [:octicons-home-16: Honlap](https://proton.me/drive){ .md-button .md-button--primary } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Forráskód" } @@ -29,11 +30,10 @@ Ha ezek az alternatívák nem felelnek meg az igényeidnek, javasoljuk, hogy tek - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -A Proton Drive mobil kliensei 2022 decemberében jelentek meg, és még nem nyílt forráskódúak. Proton szokás szerint a forráskód közzétételét a termék első kiadásának utánra halasztja, és [a terveik szerint](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) 2023 végére teszi közzé a forráskódot. A Proton Drive asztali kliensek még fejlesztés alatt állnak. ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -43,7 +43,7 @@ A Proton Drive mobil kliensei 2022 decemberében jelentek meg, és még nem nyí - Végponttól végpontig terjedő titkosítást kell érvényesítenie. - Ingyenes csomagot vagy próbaidőszakot kell kínálnia a teszteléshez. -- Támogatnia kell TOTP vagy FIDO2 többfaktoros hitelesítés használatát, vagy Passkey bejelentkezéseket. +- Támogatnia kell TOTP vagy FIDO2 többlépcsős hitelesítés használatát, vagy Passkey bejelentkezéseket. - Olyan webes felületet kell kínálnia, amely támogat alapvető fájlkezelési funkciókat. - Lehetővé kell tennie az összes fájl/dokumentum egyszerű exportálását. - Szabványos, felülvizsgált titkosítást kell használnia. @@ -52,11 +52,9 @@ A Proton Drive mobil kliensei 2022 decemberében jelentek meg, és még nem nyí A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy tökéletes projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon. -- A klienseknek nyílt forráskódúnak kell lenniük. +- A klienseknek nyílt forráskódúaknak kell lenniük. - A klienseket teljes egészükben független harmadik félnek kell felülvizsgálnia. - Natív klienseket kell kínálnia Linux, Android, Windows, macOS és iOS rendszerekre. - Ezeknek a klienseknek integrálódniuk kell natív operációs rendszer eszközökkel, amik felhőtárhely szolgáltatóknak lettek létrehozva, például a Files alkalmazás integrációjával iOS-en, vagy a DocumentsProvider funkcióval Androidon. - Támogatnia kell az egyszerű fájlmegosztást más felhasználókkal. - Legalább alapvető fájlelőnézeti és szerkesztési funkciókat kell kínálnia a webes felületen. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/cryptocurrency.md b/i18n/hu/cryptocurrency.md new file mode 100644 index 000000000..06d7e7607 --- /dev/null +++ b/i18n/hu/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Követelmények + +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. + +!!! example "Ez a szakasz új" + + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/hu/data-redaction.md b/i18n/hu/data-redaction.md index cee5392b8..2bc754a32 100644 --- a/i18n/hu/data-redaction.md +++ b/i18n/hu/data-redaction.md @@ -1,11 +1,12 @@ --- title: "Adat és Metaadat Eltávolítás" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- -When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. +Fájlok megosztásakor ügyelj a kapcsolódó metaadatok eltávolítsára. A képfájlok gyakran tartalmaznak [Exif](https://en.wikipedia.org/wiki/Exif) adatokat. A fényképek időnként még GPS-koordinátákat is tartalmaznak a fájl metaadataiban. -## Desktop +## Asztal ### MAT2 @@ -13,13 +14,13 @@ When sharing files, be sure to remove associated metadata. Image files commonly ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right } - **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org). + A **MAT2** ingyenes szoftver, amely lehetővé teszi a metaadatok eltávolítását kép, hang, torrent és dokumentum fájltípusokból. Egy parancssor eszközt és egy grafilus felhasználói felületet is biztosít egy [Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus) és [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin) bővítményen keresztül, amik közül az előbbi a [GNOME](https://www.gnome.org), az utóbbi a [KDE](https://kde.org) alapértelmezett fájlkezelője. - On Linux, a third-party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). + Linuxon létezik egy harmadik féltől származó grafikus eszköz, a [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner), amely alapját a MAT2 adja, és ez [el is érhető a Flathubon](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). - [:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary } - [:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation} - [:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" } + [:octicons-repo-16: Adattár](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary } + [:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Forráskód" } ??? downloads @@ -36,13 +37,13 @@ When sharing files, be sure to remove associated metadata. Image files commonly ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right } - **ExifEraser** is a modern, permissionless image metadata erasing application for Android. + Az **ExifEraser** egy modern, engedély nélküli képmetaadat-törlő alkalmazás Androidra. - It currently supports JPEG, PNG and WebP files. + Jelenleg támogatja a JPEG, PNG és WebP fájlokat. - [:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" } + [:octicons-repo-16: Adattár](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Forráskód" } ??? downloads @@ -50,21 +51,21 @@ When sharing files, be sure to remove associated metadata. Image files commonly - [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser) - [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases) -The metadata that is erased depends on the image's file type: +A törlésre kerülő metaadat a kép fájltípusától függ: -* **JPEG**: ICC Profile, Exif, Photoshop Image Resources and XMP/ExtendedXMP metadata will be erased if it exists. -* **PNG**: ICC Profile, Exif and XMP metadata will be erased if it exists. -* **WebP**: ICC Profile, Exif and XMP metadata will be erased if it exists. +* **JPEG**: ICC Profil, Exif, Photoshop Image Resources és XMP/ExtendedXMP metaadatok fognak törlődni, ha vannak. +* **PNG**: ICC Profil, Exif és XMP metaadatok fognak törlődni, ha vannak. +* **WebP**: ICC Profil, Exif és XMP metaadatok fognak törlődni, ha vannak. -After processing the images, ExifEraser provides you with a full report about what exactly was removed from each image. +A képek feldolgozása után ExifEraser teljes jelentést ad arról, hogy pontosan mit távolított el egyes képekről. -The app offers multiple ways to erase metadata from images. Namely: +Az alkalmazás többféle módszert nyújt metaadatokat törléséhez a képekről. Név szerint: -* You can share an image from another application with ExifEraser. -* Through the app itself, you can select a single image, multiple images at once, or even an entire directory. -* It features a "Camera" option, which uses your operating system's camera app to take a photo, and then it removes the metadata from it. -* It allows you to drag photos from another app into ExifEraser when they are both open in split-screen mode. -* Lastly, it allows you to paste an image from your clipboard. +* Az megoszthat egy képet egy másik alkalmazásból az ExifEraser-nek. +* Magán az alkalmazáson keresztül egyetlen képet, egyszerre több képet vagy akár egy egész könyvtárat is kiválaszthatsz. +* Rendelkezik egy "Kamera" opcióval, amely az operációs rendszer kameraalkalmazását használja egy fénykép készítéséhez, majd eltávolítja arról a metaadatokat. +* Lehetővé teszi, hogy fényképeket húzz át egy másik alkalmazásból az ExifEraser-be, ha mindkét app osztott képernyős módban van megnyitva. +* Végül, lehetővé teszi egy kép beillesztését a vágólapról. ### Metapho (iOS) @@ -72,10 +73,10 @@ The app offers multiple ways to erase metadata from images. Namely: ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right } - **Metapho** is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location. + A **Metapho** egy egyszerű és letisztult megjelenítője fényképek metaadatainak, mint például dátum, fájlnév, méret, fényképező modell, zársebesség és helyszín. - [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary } - [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" } + [:octicons-home-16: Honlap](https://zininworks.com/metapho){ .md-button .md-button--primary } + [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Adatvédelmi Nyilatkozat" } ??? downloads @@ -87,12 +88,12 @@ The app offers multiple ways to erase metadata from images. Namely: ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right } - **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online. + A **PrivacyBlur** egy ingyenes alkalmazás, amely képes elmosni képek érzékeny részeit, mielőtt online megosztanád azokat. - [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" } + [:octicons-home-16: Honlap](https://privacyblur.app/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Forráskód" } ??? downloads @@ -101,9 +102,9 @@ The app offers multiple ways to erase metadata from images. Namely: !!! warning - You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid). + **Soha** ne használd a homályosítást [képekben lévő szöveg](https://bishopfox.com/blog/unredacter-tool-never-pixelation) szerkesztésére. Ha egy képen lévő szöveget szeretnél eltávolítani, rajzolj egy négyzetet a szöveg fölé. Ehhez olyan alkalmazásokat ajánlunk, mint a [Pocket Paint](https://github.com/Catrobat/Paintroid). -## Command-line +## Parancssor ### ExifTool @@ -111,14 +112,14 @@ The app offers multiple ways to erase metadata from images. Namely: ![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right } - **ExifTool** is the original perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more). + Az **ExifTool** az eredeti perl könyvtár és parancssor alkalmazás a metainformációk (Exif, IPTC, XMP stb.) olvasására, írására és szerkesztésére a legkülönbözőbb fájlformátumok (JPEG, TIFF, PNG, PDF, RAW stb.) esetében. - It's often a component of other Exif removal applications and is in most Linux distribution repositories. + Gyakran más Exif eltávolító alkalmazások része, és megtalálható a legtöbb Linux disztribúció addattáraiban. - [:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" } - [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute } + [:octicons-home-16: Honlap](https://exiftool.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Forráskód" } + [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Közreműködés } ??? downloads @@ -126,21 +127,19 @@ The app offers multiple ways to erase metadata from images. Namely: - [:simple-apple: macOS](https://exiftool.org) - [:simple-linux: Linux](https://exiftool.org) -!!! example "Deleting data from a directory of files" +!!! example "Adatok törlése egy fájlkönyvtárból" ```bash - exiftool -all= *.file_extension + exiftool -all= *.fájl_kiterjesztés ``` ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. -- Apps developed for open-source operating systems must be open-source. -- Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.hu.txt" +- Nyílt forráskódú operációs rendszerekre fejlesztett alkalmazásoknak nyílt forráskódúnak kell lenniük. +- Az alkalmazásoknak ingyenesnek kell lenniük, és nem tartalmazhatnak reklámokat vagy egyéb korlátozásokat. diff --git a/i18n/hu/desktop-browsers.md b/i18n/hu/desktop-browsers.md index af3b392f5..a8b47efa7 100644 --- a/i18n/hu/desktop-browsers.md +++ b/i18n/hu/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -224,11 +225,11 @@ These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashb ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimum Requirements @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.hu.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/hu/desktop.md b/i18n/hu/desktop.md index b69e48aa2..79662918b 100644 --- a/i18n/hu/desktop.md +++ b/i18n/hu/desktop.md @@ -1,6 +1,7 @@ --- title: "Asztal/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -166,11 +167,11 @@ The Qubes OS operating system secures the computer by isolating subsystems (e.g. ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. Our recommended operating systems: @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/dns.md b/i18n/hu/dns.md index 54211872c..81c5cc8be 100644 --- a/i18n/hu/dns.md +++ b/i18n/hu/dns.md @@ -1,28 +1,27 @@ --- title: "DNS Resolverek" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Használjak-e titkosított DNS-t?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. A titkosított DNS nem fog segíteni elrejteni a böngészési tevékenységedet. - Titkosított DNS-t harmadik féltől származó szerverekkel csak alapvető [DNS-blokkolás](https://en.wikipedia.org/wiki/DNS_blocking) megkerülésére kellene használni, ha biztos vagy benne, hogy nem lesz semmilyen következménye. A titkosított DNS nem fog segíteni elrejteni a böngészési tevékenységedet. - - [További információk a DNS-ről](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Ajánlott Szolgáltatók -| DNS Szolgáltatók | Adatvédelmi Nyilatkozat | Protokollok | Naplózás | ECS | Szűrés | +| DNS Szolgáltatók | Adatvédelmi Tájékoztató | Protokollok | Naplózás | ECS | Szűrés | | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------- | | [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Nyílt szöveg
DoH/3
DoT
DNSCrypt | Némi[^1] | Nem | Választott szerver alapján. A használt szűrőlista itt található. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Nyílt szöveg
DoH/3
DoT | Némi[^2] | Nem | Választott szerver alapján. | | [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Nyílt szöveg
DoH/3
DoT
DoQ | Választható[^3] | Nem | Választott szerver alapján. | | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | Nem[^4] | Nem | Választott szerver alapján. A használt szűrőlista itt található. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Nyílt szöveg
DoH/3
DoT | Választható[^5] | Választható | Választott szerver alapján. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Nyílt szöveg
DoH
DoT
DNSCrypt | Némi[^6] | Választható | Választott szerver alapján, Kártékiony szoftver blokkolás alapértelmezetten. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Nyílt szöveg
DoH
DoT
DNSCrypt | Némi[^6] | Választható | Választott szerver alapján, Kártékony szoftver blokkolás alapértelmezetten. | ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -30,7 +29,7 @@ icon: material/dns - Támogatnia kell a [DNSSEC](advanced/dns-overview.md#what-is-dnssec)-et. - [QNAME Minimalizáció](advanced/dns-overview.md#what-is-qname-minimization). -- Lehetővé teszi az [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) kikapcsolását. +- Lehetővé teszi az [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) letiltását. - Előnyben részesíti az [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods), vagy a geo-steering támogatását. ## Natív Operációs Rendszer Támogatás @@ -67,7 +66,7 @@ Egy titkosított DNS proxy szoftver helyi proxy-t biztosít a [titkosítatlan DN A **RethinkDNS** egy nyílt forráskódú Android kliens, amely támogatja a [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) és DNS Proxy funkciókat, valamint a DNS-válaszok gyorsítótárazását, a DNS-lekérdezések helyi naplózását, de használható tűzfalként is. [:octicons-home-16: Honlap](https://rethinkdns.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Forráskód" } @@ -112,7 +111,7 @@ Egy saját üzemeltetésű DNS-megoldás hasznos ellenőrzött platformokon, pé Az AdGuard Home egy kifinomult webes felületet kínál az betekintések megtekintéséhez és blokkolt tartalmak kezeléséhez. [:octicons-home-16: Honlap](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } - [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Forráskód" } @@ -127,16 +126,14 @@ Egy saját üzemeltetésű DNS-megoldás hasznos ellenőrzött platformokon, pé A Pi-hole-t úgy tervezték, hogy egy Raspberry Pi-n lehessen üzemeltetni, de az nem korlátozott erre a hardverre. Az szoftver egy kifinomult webes felületet kínál az betekintések megtekintéséhez és blokkolt tartalmak kezeléséhez. [:octicons-home-16: Honlap](https://pi-hole.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Forráskód" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Közreműködés } ---8<-- "includes/abbreviations.hu.txt" - [^1]: Az AdGuard tárolja a DNS szervereik összesített teljesítményméréseit, nevezetesen az adott szerverhez érkező teljes kérések számát, a blokkolt kérések számát és a kérések feldolgozásának sebességét. Az elmúlt 24 órában igényelt domainek adatbázisát is eltárolják. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/hu/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: A Cloudflare csak azokat a korlátozott DNS-lekérdezési adatokat gyűjti és tárolja ami az 1.1.1.1 resolverhez érkezik. Az 1.1.1.1 resolver szolgáltatás nem naplóz személyes adatokat, és a korlátozott, személyazonosításra nem alkalmas lekérdezési adatok nagy részét csak 25 órán keresztül tárolja. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) -[^3]: A Control D csak az egyéni DNS-profilokkal rendelkező Premium resolverek esetében naplóz. Az ingyenes resolverek nem naplóznak adatokat. [https://controld.com/privacy](https://controld.com/privacy) +[^3]: A Control D csak az egyedi DNS-profilokkal rendelkező Premium resolverek esetében naplóz. Az ingyenes resolverek nem naplóznak adatokat. [https://controld.com/privacy](https://controld.com/privacy) [^4]: A Mullvad DNS szolgáltatása a Mullvad VPN előfizetői és nem előfizetői számára egyaránt elérhető. Az adatvédelmi irányelvük kifejezetten azt állítja, hogy semmilyen módon nem naplóznak DNS-kéréseket. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) [^5]: A NextDNS beleegyezési alapon betekintési és naplózási funkciókat biztosíthat. A kiválasztott naplók megőrzési idejét és tárolási helyét is kiválaszthatod. Ha erre nincs külön kérés, akkor nem kerül naplózásra semmilyen adat. [https://nextdns.io/privacy](https://nextdns.io/privacy) [^6]: A Quad9 bizonyos adatokat a fenyegetések megfigyelése és elhárítása céljából gyűjt. Ezek az adatok ezután összekeverhetők és megoszthatók, például biztonsági kutatások céljából. A Quad9 nem gyűjt vagy rögzít IP-címeket vagy más, személyazonosításra alkalmasnak ítélt adatokat. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) diff --git a/i18n/hu/email-clients.md b/i18n/hu/email-clients.md index e0a6c560e..420600a17 100644 --- a/i18n/hu/email-clients.md +++ b/i18n/hu/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email kliensek" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -214,15 +215,15 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimális Fenttartások -- Apps developed for open-source operating systems must be open-source. +- Nyílt forráskódú operációs rendszerekre fejlesztett alkalmazásoknak nyílt forráskódúnak kell lenniük. - Must not collect telemetry, or have an easy way to disable all telemetry. - Must support OpenPGP message encryption. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/email.md b/i18n/hu/email.md index 66cdcc639..6b4cf3c47 100644 --- a/i18n/hu/email.md +++ b/i18n/hu/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Szolgáltatások An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -376,11 +403,11 @@ For a more manual approach we've picked out these two articles: **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. -### Technology +### Technológia We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. -**Minimum to Qualify:** +**Minimális Elvárások:** - Encrypts email account data at rest with zero-access encryption. - Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. @@ -398,11 +425,11 @@ We regard these features as important in order to provide a safe and optimal ser - Catch-all or alias functionality for those who own their own domains. - Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. -### Privacy +### Adatvédelem -We prefer our recommended providers to collect as little data as possible. +Jobban szeretjük, ha az általunk ajánlott szolgáltatók a lehető legkevesebb adatot gyűjtik. -**Minimum to Qualify:** +**Minimális Elvárások:** - Protect sender's IP address. Filter it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. @@ -411,13 +438,13 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) -### Security +### Adatbiztonság Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. -**Minimum to Qualify:** +**Minimális Elvárások:** - Protection of webmail with 2FA, such as TOTP. - Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -440,46 +467,44 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. - Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). -- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Bug-bounty programok és/vagy összehangolt sebezhetőség-közzétételi folyamat. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) -### Trust +### Bizalom -You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. +You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? Az általunk ajánlott szolgáltatóktól elvárjuk, hogy nyilvánosak legyenek a tulajdonlásukról vagy vezetésükről. Szeretnénk továbbá gyakori átláthatósági jelentéseket látni, különösen a kormányzati kérelmek kezelésének módját illetően. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Public-facing leadership or ownership. +- Nyilvános vezetés vagy tulajdonlás. **Best Case:** -- Public-facing leadership. -- Frequent transparency reports. +- Nyilvános vezetés. +- Gyakori átláthatósági jelentések. ### Marketing With the email providers we recommend we like to see responsible marketing. -**Minimum to Qualify:** +**Minimális Elvárások:** - Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. -Must not have any marketing which is irresponsible: +Nem használhat felelőtlen marketinget: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Az anonimitás 100%-os védelmének garantálása. Ha valaki azt állítja, hogy valami 100%-os, az azt jelenti, hogy nincs bizonyosság meghibásodásra. Tudjuk, hogy személyek elég könnyen és számos módon deanonimizálni tudják magukat, pl.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc) -- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- [Böngésző fingerprintelés](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** - Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. -### Additional Functionality +### További Funkciók While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/encryption.md b/i18n/hu/encryption.md index c3b7a8a96..31d780746 100644 --- a/i18n/hu/encryption.md +++ b/i18n/hu/encryption.md @@ -1,6 +1,7 @@ --- title: "Titkosító Szoftverek" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -203,7 +204,7 @@ Browser-based encryption can be useful when you need to encrypt a file but canno [:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" } [:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" } -## Command-line +## Parancssor Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script). @@ -334,11 +335,11 @@ When encrypting with PGP, you have the option to configure different options in ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimális Fenttartások @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/file-sharing.md b/i18n/hu/file-sharing.md index 73494415f..1bc1eb619 100644 --- a/i18n/hu/file-sharing.md +++ b/i18n/hu/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Fájlmegosztás és Szinkronizálás" icon: material/share-variant +description: Fedezd fel, hogyan oszthatod meg fájljaid privát módon készülékek között, barátaiddal és családtagjaiddal vagy névtelenül online. --- Fedezd fel, hogyan oszthatod meg fájljaid privát módon készülékek között, barátaiddal és családtagjaiddal vagy névtelenül online. @@ -48,7 +49,7 @@ ffsend upload --host https://send.vis.ee/ FÁJL ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -126,7 +127,7 @@ ffsend upload --host https://send.vis.ee/ FÁJL ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -144,5 +145,3 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn - Van mobil kliense iOS és Android rendszerekre, amelyek legalább dokumentum előnézeteket támogatnak. - Támogatja fényképek biztonsági mentését iOS-ről és Androidról, és opcionálisan támogatja a fájl/mappa szinkronizálást Androidon. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/financial-services.md b/i18n/hu/financial-services.md new file mode 100644 index 000000000..739fb474f --- /dev/null +++ b/i18n/hu/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Pénzügyi Szolgáltatások +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Követelmények + +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. + +!!! example "Ez a szakasz új" + + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Követelmények + +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. + +!!! example "Ez a szakasz új" + + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/hu/frontends.md b/i18n/hu/frontends.md index 3506384f8..c884f61b9 100644 --- a/i18n/hu/frontends.md +++ b/i18n/hu/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontendek" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -249,11 +250,11 @@ When you are using a Piped instance, make sure to read the privacy policy of tha ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. Recommended frontends... @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/index.md b/i18n/hu/index.md index ac17d4279..18bb77228 100644 --- a/i18n/hu/index.md +++ b/i18n/hu/index.md @@ -40,5 +40,3 @@ Megpróbálni az összes adatodat mindenkitől és mindig megvédeni nem praktik [:material-hand-coin-outline:](about/donate.md){ title="Támogasd a projektet" } Fontos, hogy egy olyan weboldal, mint a Privacy Guides, mindig naprakész maradjon. Szükségünk van arra, hogy a közönségünk figyelemmel kísérje az oldalunkon felsorolt alkalmazások frissítéseit, és kövesse az általunk ajánlott szolgáltatókkal kapcsolatos legújabb híreket. Nehéz lépést tartani az internet gyors tempójával, de mi megteszünk minden tőlünk telhetőt. Ha hibát észlelsz, úgy gondolod, hogy egy szolgáltatónak nem kellene szerepelnie a listán, észreveszed, hogy egy alkalmas szolgáltató hiányzik, úgy véled, hogy egy böngésző bővítmény már nem a legjobb választás, vagy ha bármilyen más problémát észlelsz, kérjük, jelezd nekünk. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/kb-archive.md b/i18n/hu/kb-archive.md index 072f926d4..9faacbd9c 100644 --- a/i18n/hu/kb-archive.md +++ b/i18n/hu/kb-archive.md @@ -1,6 +1,7 @@ --- title: TB Archívum icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Az Oldalak Át Lettek Helyezve a Blogokhoz @@ -14,5 +15,3 @@ Néhány oldal, amely korábban a tudásbázisunkban volt, most a blogunkon tal - [Biztonságos Adattörlés](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Metaadatok Eltávolításának Integrálása](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Konfigurációs Útmutató](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/meta/brand.md b/i18n/hu/meta/brand.md index abbf3cff2..53cb9ac42 100644 --- a/i18n/hu/meta/brand.md +++ b/i18n/hu/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/meta/git-recommendations.md b/i18n/hu/meta/git-recommendations.md index 7237b78a3..f59b5f81f 100644 --- a/i18n/hu/meta/git-recommendations.md +++ b/i18n/hu/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/meta/uploading-images.md b/i18n/hu/meta/uploading-images.md index a08eac669..55f136f8a 100644 --- a/i18n/hu/meta/uploading-images.md +++ b/i18n/hu/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/meta/writing-style.md b/i18n/hu/meta/writing-style.md index 0fcee20d8..b9e47a716 100644 --- a/i18n/hu/meta/writing-style.md +++ b/i18n/hu/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/mobile-browsers.md b/i18n/hu/mobile-browsers.md index acdc78013..702a55dce 100644 --- a/i18n/hu/mobile-browsers.md +++ b/i18n/hu/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -170,11 +171,11 @@ Additional filter lists do slow things down and may increase your attack surface ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimum Requirements @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/multi-factor-authentication.md b/i18n/hu/multi-factor-authentication.md index 7885770ff..01ff9456c 100644 --- a/i18n/hu/multi-factor-authentication.md +++ b/i18n/hu/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -64,11 +65,11 @@ Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern N ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. #### Minimum Requirements @@ -130,15 +131,13 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Must be open-source software. - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/news-aggregators.md b/i18n/hu/news-aggregators.md index 4725fac76..2fff413c9 100644 --- a/i18n/hu/news-aggregators.md +++ b/i18n/hu/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "Híraggregátorok" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -123,11 +124,11 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Must be open-source software. - Must operate locally, i.e. must not be a cloud service. @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/notebooks.md b/i18n/hu/notebooks.md index e0b1b6f2f..1b7210b0d 100644 --- a/i18n/hu/notebooks.md +++ b/i18n/hu/notebooks.md @@ -1,6 +1,7 @@ --- title: "Jegyzetfüzetek" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Kövesd nyomon jegyzeteid és naplóid anélkül, hogy harmadik félnek adnád át azokat. @@ -34,7 +35,7 @@ Ha jelenleg olyan alkalmazást használsz, mint az Evernote, a Google Keep vagy - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek) -A Joplin nem támogatja a jelszavas/PIN-kódos védelmet magához az [alkalmazáshoz vagy egyes jegyzetekhez és jegyzetfüzetekhez](https://github.com/laurent22/joplin/issues/289). Ettől függetlenül az adatok szállítás közben és a szinkronizáció helyén is titkosítva lesznek a főkulcs segítségével. Since January 2023, Joplin supports biometrics app lock for [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) and [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). +A Joplin nem támogatja a jelszavas/PIN-kódos védelmet magához az [alkalmazáshoz vagy egyes jegyzetekhez és jegyzetfüzetekhez](https://github.com/laurent22/joplin/issues/289). Ettől függetlenül az adatok szállítás közben és a szinkronizáció helyén is titkosítva lesznek a főkulcs segítségével. 2023 januárjától a Joplin támogatja a biometrikus alkalmazászárat az [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) és a [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z) rendszerekhez. ### Standard Notes @@ -42,13 +43,13 @@ A Joplin nem támogatja a jelszavas/PIN-kódos védelmet magához az [alkalmazá ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } - **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). + A **Standard Notes** egy egyszerű és privát jegyzetkezelő alkalmazás, amely megkönnyíti és elérhetővé teszi a feljegyzéseid kezelését bárhol is legyél. Minden platformon End-to-End titkosítást, valamint erőteljes asztali élményt kínál témákkal és egyedi szerkesztőkkel. Emellett [felül is lett vizsgálva egy független fél által (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). - [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" } - [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute } + [:octicons-home-16: Honlap](https://standardnotes.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Forráskód" } + [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Közreműködés } ??? downloads @@ -67,20 +68,20 @@ A Joplin nem támogatja a jelszavas/PIN-kódos védelmet magához az [alkalmazá ![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right } ![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right } - **Cryptee** is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform. + A **Cryptee** egy nyílt forráskódú, webalapú End-to-End titkosított dokumentumszerkesztő és fotótároló alkalmazás. A Cryptee egy PWA, ami azt jelenti, hogy minden modern eszközön zökkenőmentesen működik anélkül, hogy minden egyes platformra natív alkalmazás igényelne. - [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary } - [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" } + [:octicons-home-16: Honlap](https://crypt.ee){ .md-button .md-button--primary } + [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Forráskód" } ??? downloads - [:octicons-globe-16: PWA](https://crypt.ee/download) -Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information. +A Cryptee 100MB tárhelyet kínál ingyenesen, fizetős lehetőséggel, ha többre lenne szükség. A regisztrációhoz nincs szükség e-mailre vagy más személyazonosításra alkalmas információra. -## Local notebooks +## Helyi Jegyzetfüzetek ### Org-mode @@ -88,28 +89,26 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right } - **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools. + Az **Org-mode** egy [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) a GNU Emacs számára. Az Org-mode jegyzetek vezetésére, teendő listák fenttartására, projektek tervezésére és dokumentumok írására szolgál egy gyors és hatékony nyílt szöveges rendszerrel. Szinkronizálás a [fájlszinkronizációs](file-sharing.md#file-sync) eszközökkel lehetséges. - [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation} - [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" } - [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute } + [:octicons-home-16: Honlap](https://orgmode.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Forráskód" } + [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Közreműködés } ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. -- Clients must be open-source. -- Any cloud sync functionality must be E2EE. -- Must support exporting documents into a standard format. +- A klienseknek nyílt forráskódúaknak kell lenniük. +- Minden felhőszinkronizálás funkciónak End-to-End titkosítottnak kell lennie. +- Támogatnia kell dokumentumok szabványos formátumba történő exportálását. -### Best Case +### Legjobb Esetben -- Local backup/sync functionality should support encryption. -- Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.hu.txt" +- A helyi mentési/szinkronizálási funkcióknak támogatniuk kell a titkosítást. +- A felhőalapú platformoknak támogatniuk kell a dokumentumok megosztását. diff --git a/i18n/hu/os/android-overview.md b/i18n/hu/os/android-overview.md index 3f3a63e72..e0a5a4743 100644 --- a/i18n/hu/os/android-overview.md +++ b/i18n/hu/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Áttekintés icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Az Android egy biztonságos operációs rendszer, amely erős [app sandboxoló](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB) és egy robusztus [engedély](https://developer.android.com/guide/topics/permissions/overview) ellenőrző rendszerrel rendelkezik. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/os/linux-overview.md b/i18n/hu/os/linux-overview.md index 18334732b..8ec2c9e78 100644 --- a/i18n/hu/os/linux-overview.md +++ b/i18n/hu/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/os/qubes-overview.md b/i18n/hu/os/qubes-overview.md index 9e19e9cef..2b667a1f0 100644 --- a/i18n/hu/os/qubes-overview.md +++ b/i18n/hu/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/passwords.md b/i18n/hu/passwords.md index 09e7aec22..aff33c716 100644 --- a/i18n/hu/passwords.md +++ b/i18n/hu/passwords.md @@ -1,6 +1,7 @@ --- title: "Jelszókezelők" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -105,11 +106,11 @@ Psono provides extensive documentation for their product. The web-client for Pso ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. #### Minimum Requirements @@ -193,7 +194,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). This version is stripped down in an attempt to reduce attack surface. -### Command-line +### Parancssor These products are minimal password managers that can be used within scripting applications. @@ -219,12 +220,10 @@ These products are minimal password managers that can be used within scripting a ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Cross-platformnak kell lennie. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/productivity.md b/i18n/hu/productivity.md index 303810190..c517cbb4d 100644 --- a/i18n/hu/productivity.md +++ b/i18n/hu/productivity.md @@ -1,9 +1,10 @@ --- title: "Produktivitás Eszközök" icon: material/file-sign +description: A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítást, ami azt jelenti, hogy a felhőszolgáltató hozzáfér mindenhez, amit csinálsz. --- -A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítást, ami azt jelenti, hogy a felhőszolgáltató hozzáfér mindenhez, amit csinálsz. Az adatvédelmi nyilatkozat törvényileg védheti a jogaidat, de nem biztosít technikai hozzáférési korlátokat. +A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítást, ami azt jelenti, hogy a felhőszolgáltató hozzáfér mindenhez, amit csinálsz. Az adatvédelmi tájékoztató törvényileg védheti a jogaidat, de nem biztosít technikai hozzáférési korlátokat. ## Kollaborációs Platformok @@ -16,7 +17,7 @@ A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítás A **Nextcloud** egy ingyenes és nyílt forráskódú kliens-szerver szoftvercsomag, amellyel saját fájltárhely-szolgáltatásokat hozhatsz létre egy privát általad ellenőrzött szerveren. [:octicons-home-16: Honlap](https://nextcloud.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Forráskód" } [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Közreműködés } @@ -44,14 +45,14 @@ A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítás A **CryptPad** egy a népszerű irodai eszközök privátra tervezett alternatívája. A webes szolgáltatás minden tartalma végponttól végpontig titkosított, és könnyen megosztható más felhasználókkal. [:octicons-home-16: Honlap](https://cryptpad.fr){ .md-button .md-button--primary } - [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://docs.cryptpad.fr/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Forráskód" } [:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Közremőködés } ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -71,7 +72,7 @@ A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítás A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy tökéletes projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon. - Fájlokat egy hagyományos fájlrendszerben kell tárolnia. -- Támogatnia kell TOTP vagy FIDO2 többfaktoros hitelesítés használatát, vagy Passkey bejelentkezéseket. +- Támogatnia kell TOTP vagy FIDO2 többlépcsős hitelesítés használatát, vagy Passkey bejelentkezéseket. ## Irodai Programcsomagok @@ -84,7 +85,7 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn **A **LibreOffice** egy ingyenes és nyílt forráskódú irodai programcsomag széleskörű funkcionalitással. [:octicons-home-16: Honlap](https://www.libreoffice.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://documentation.libreoffice.org/en/english-documentation/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://www.libreoffice.org/about-us/source-code){ .card-link title="Forráskód" } [:octicons-heart-16:](https://www.libreoffice.org/donate/){ .card-link title=Közreműködés } @@ -108,7 +109,7 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn Az **OnlyOffice** egy felhőalapú, ingyenes és nyílt forráskódú irodai programcsomag, amely széleskörű funkciókkal rendelkezik, beleértve a Nextclouddal való integrációt is. [:octicons-home-16: Honlap](https://www.onlyoffice.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://helpcenter.onlyoffice.com/userguides.aspx){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/ONLYOFFICE){ .card-link title="Forráskód" } @@ -124,7 +125,7 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -152,5 +153,3 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Publikus Példányok"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Forráskód" } - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/real-time-communication.md b/i18n/hu/real-time-communication.md index 33b34535d..2f5e3ce5e 100644 --- a/i18n/hu/real-time-communication.md +++ b/i18n/hu/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Videó streamelő kliensek" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -171,11 +172,11 @@ Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Must have open-source clients. - Must use E2EE for private messages by default. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/router.md b/i18n/hu/router.md index b9837eaa5..e35d840a8 100644 --- a/i18n/hu/router.md +++ b/i18n/hu/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Lejjebb bemutatunk néhány alternatív operációs rendszert, amelyek használhatók routereken, Wi-Fi hozzáférési pontokon stb. @@ -35,7 +36,7 @@ Az OPNsense eredetileg a [pfSense](https://en.wikipedia.org/wiki/PfSense) forkja ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -44,5 +45,3 @@ Az OPNsense eredetileg a [pfSense](https://en.wikipedia.org/wiki/PfSense) forkja - Nyílt forráskódúnak kell lennie. - Rendszeres frissítéseket kell kapnia. - Sokféle hardvert kell támogatnia. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/search-engines.md b/i18n/hu/search-engines.md index 3879232ad..aaf0a3d35 100644 --- a/i18n/hu/search-engines.md +++ b/i18n/hu/search-engines.md @@ -1,6 +1,7 @@ --- title: "Keresőmotorok" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -88,11 +89,11 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't b ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimum Requirements @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/tools.md b/i18n/hu/tools.md index 9044bfea2..d8ad6f313 100644 --- a/i18n/hu/tools.md +++ b/i18n/hu/tools.md @@ -3,6 +3,7 @@ title: "Adatvédelmi Eszközök" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Ha valamilyen konkrét megoldást keresel, ezek a hardver- és szoftvereszközök amiket ajánlunk, különböző kategóriákban. Az általunk ajánlott adatvédelmi eszközöket elsősorban biztonsági funkciók alapján választottuk ki, további hangsúlyt fektetve a decentralizált és nyílt forráskódú eszközökre. Ezek számos védelmi modellre alkalmazhatók, globális tömeges megfigyelési programok elleni védelemtől kezdve, big tech cégek elkerüléstől, támadások enyhítéséig, de csak te tudod meghatározni, hogy a te igényeidek mi felel meg a legjobban. @@ -21,7 +22,7 @@ Ha további információt szeretnél megtudni az egyes projektekről, hogy miér
-1. Snowflake nem növeli az adatvédelmet, azonban lehetővé teszi, hogy könnyedén hozzájárulj a Tor-hálózathoz, és segíts a cenzúrázott hálózatokon lévő embereknek jobb adatvédelmet elérni. +1. Snowflake nem növeli az adatvédelmet, azonban lehetővé teszi, hogy könnyedén hozzájárulj a Tor-hálózathoz, és segíts a cenzúrázott hálózatokon lévő személyeknek jobb magánéletet elérni. [További információ :material-arrow-right-drop-circle:](tor.md) @@ -84,7 +85,7 @@ Ha további információt szeretnél megtudni az egyes projektekről, hogy miér
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Kliens)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Kliens)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Munka Profilok)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Támogatott Eszközök)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t [További információ :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Pénzügyi Szolgáltatások + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[További információ :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[További információ :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Keresőmotorok
@@ -226,9 +250,9 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t [További információ :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[További információ :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Adat és Metaadat Eltávolítás
@@ -272,7 +306,7 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t - ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome) - ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android) - ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde) -- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP szabványos webmailben)](email-clients.md#mailvelope-browser) +- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP hagyományos webmailben)](email-clients.md#mailvelope-browser) - ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli)
@@ -344,7 +378,7 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t [További információ :material-arrow-right-drop-circle:](frontends.md) -### Többfaktoros Hitelesítési Eszközök +### Többlépcsős Hitelesítési Eszközök
@@ -439,5 +473,3 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t
[További információ :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/tor.md b/i18n/hu/tor.md index c1642f39e..a7f57caba 100644 --- a/i18n/hu/tor.md +++ b/i18n/hu/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Hálózat" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ A **Tor** hálózat egy önkéntesek által üzemeltetett szerverekből álló c A Tor úgy működik, hogy az internetes forgalmadat ezeken az önkéntesek által üzemeltetett szervereken keresztül irányítja át, ahelyett, hogy közvetlen kapcsolatot létesítene a meglátogatni kívánt oldallal. Ez elrejti, hogy honnan érkezik a forgalom, és a kapcsolat útvonalában egyetlen szerver sem látja a teljes útvonalat, ahonnan a forgalom érkezik és ahová tart, ami azt jelenti, hogy még az általad csatlakozásra használt szerverek sem tudják megtörni az anonimitásodat. -
- ![Tor útvonal](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor útvonal](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor útvonal - Az útvonal nodejai csak azokat a szervereket látják, amelyekhez közvetlenül kapcsolódnak, például a "Belépő" node látja a te IP-címedet és a "Közép" node címét, de nem látja, hogy éppen melyik weboldalt látogatod.
-
- -- [További információ a Tor működéséről :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Csatlakozás a Torhoz @@ -76,7 +71,7 @@ A Tor böngészőt úgy tervezték, hogy megakadályozza az fingerprintelést, v - [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599) - [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases) -A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a *Célcím elszigetelés* engedélyezését a :material-menu: → **Beállítások** → **Connectivity** menüpontban. Ez egy teljesen más Tor útvonalat fog használni (különböző közép relay és kilépő nodeokokat) minden egyes domainhez, amelyhez csatlakozol. +A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a *Célcím elszigetelés* engedélyezését a :material-menu: → **Beállítások** → **Connectivity** menüpontban. Ez egy teljesen más Tor áramkört fog használni (különböző közép elosztó és kilépő csomópontokat) minden egyes domainhez, amelyhez csatlakozol. !!! tip "Tippek Androidhoz" @@ -86,7 +81,7 @@ A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a Minden verzió ugyanazzal az aláírással van tanusítva, így kompatibilisnek kéne egymással lenniük. -## Relayek and Hidak +## Elosztók and Hidak ### Snowflake @@ -97,7 +92,7 @@ A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a A **Snowflake** lehetővé teszi, hogy sávszélességet adományozz a Tor projektnek azáltal, hogy egy "Snowflake proxy"-t működtetsz a böngésződben. - Azok, akik cenzúra alatt állnak, Snowflake proxykat tudnak használni a Tor-hálózathoz való csatlakozáshoz. A Snowflake egy nagyszerű módja annak, hogy hozzájárulj a hálózathoz, még akkor is, ha nincs meg a technikai tudásod egy Tor relay vagy híd üzemeltetéséhez. + Azok, akik cenzúra alatt állnak, Snowflake proxykat tudnak használni a Tor-hálózathoz való csatlakozáshoz. A Snowflake egy nagyszerű módja annak, hogy hozzájárulj a hálózathoz, még akkor is, ha nincs meg a technikai tudásod egy Tor elosztó vagy híd üzemeltetéséhez. [:octicons-home-16: Honlap](https://snowflake.torproject.org/){ .md-button .md-button--primary } [:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Dokumentáció} @@ -117,8 +112,6 @@ A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a
Ha a beágyazás nem jelenik meg nálad, győződj meg róla, hogy nem blokkolod a harmadik féltől származó keretet a `torproject.org`-ról. Alternatív megoldásként látogasson el [erre az oldalra](https://snowflake.torproject.org/embed.html). -A Snowflake semmilyen módon nem növeli az magánéletedet, és a személyes böngésződön keresztül a Tor-hálózathoz kapcsolódni sem használatos. Ha azonban az internetkapcsolatod nincs cenzúrázva, érdemes megfontolni a futtatását, hogy cenzúrázott hálózatokban élő embereknek is segíts jobb magánéletet elérni. Nem kell aggódnod amiatt, hogy személyek milyen weboldalakhoz férnek hozzá a proxydon keresztül - a látható böngészési IP-címük majd megegyezik a Tor kilépő nodejukkal nem pedig tieddel. +A Snowflake semmilyen módon nem növeli az magánéletedet, és a személyes böngésződön keresztül a Tor-hálózathoz kapcsolódni sem használatos. Ha azonban az internetkapcsolatod nincs cenzúrázva, érdemes megfontolni a futtatását, hogy segíts cenzúrázott hálózatokon lévő személyeknek jobb magánéletet elérni. Nem kell aggódnod amiatt, hogy személyek milyen weboldalakhoz férnek hozzá a proxydon keresztül - a látható böngészési IP-címük majd megegyezik a Tor kilépő csomópontjukkal nem pedig tieddel. -Egy Snowflake proxy futtatása alacsony kockázatú, még inkább, mint egy Tor relay vagy híd futtatása, amelyek már eleve sem különösebben kockázatos vállalkozások. Ettől függetlenül még mindig forgalom kerül átküldésre a hálózatodon ami bizonyos szempontból hatással lehet arra, különösen, ha a hálózatod sávszélessége korlátozott. Győződj meg róla, hogy érted [hogyan működik a Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) mielőtt eldöntöd, hogy futtatsz-e proxyt. - ---8<-- "includes/abbreviations.hu.txt" +Egy Snowflake proxy futtatása alacsony kockázatú, még inkább, mint egy Tor elosztó vagy híd futtatása, amelyek már eleve sem különösebben kockázatos vállalkozások. Ettől függetlenül még mindig forgalom kerül átküldésre a hálózatodon ami bizonyos szempontból hatással lehet arra, különösen, ha a hálózatod sávszélessége korlátozott. Győződj meg róla, hogy érted [hogyan működik a Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) mielőtt eldöntöd, hogy futtatsz-e proxyt. diff --git a/i18n/hu/video-streaming.md b/i18n/hu/video-streaming.md index 004d1c162..060092f6f 100644 --- a/i18n/hu/video-streaming.md +++ b/i18n/hu/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Videó Streamelés" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- A videó streamelő platformok használatakor az az elsődleges veszély, hogy a streaming-szokásaid és feliratkozás listáid felhasználhatók profilalkotásra rólad. Ezeket az eszközöket érdemes keverned egy [VPN](vpn.md)-nel vagy [Tor](https://www.torproject.org/)-ra, hogy megnehezítsd a felhasználás szokásaidról készített profilalkotást. @@ -16,7 +17,7 @@ A videó streamelő platformok használatakor az az elsődleges veszély, hogy a **A LBRY asztali kliens** segít videókat streamelni a LBRY hálózatról, és a feliratkozás listádat a saját LBRY tárcádban tárolni. [:octicons-home-16: Honlap](https://lbry.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://lbry.com/faq){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Forráskód" } @@ -40,13 +41,11 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Nem igényelhet egy központi fiókot videók megtekintéséhez. - Elfogadható a decentralizált hitelesítés, mint például a mobiltárca privát kulcsán keresztül. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/vpn.md b/i18n/hu/vpn.md index aa12dfb68..5ed45e63b 100644 --- a/i18n/hu/vpn.md +++ b/i18n/hu/vpn.md @@ -1,11 +1,20 @@ --- -title: "VPN Services" +title: "VPN Szolgáltatások" icon: material/vpn +description: Ezek a legjobb VPN-szolgáltatások az online magánéleted és biztonságod megvédéséhez. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "A VPN-ek nem nyújtanak anonimitást" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "A VPN-ek nem nyújtanak anonimitást" Egy VPN használata **nem** fogja anonimizálni a böngészési szokásaidat, és nem biztosít további védelmet nem biztonságos (HTTP) forgalomnak. @@ -13,82 +22,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. Ha több **biztonságot** keresel, mindig győződj meg arról, hogy a weboldalakhoz HTTPS használatával csatlakozol. Egy VPN nem helyettesít helyes biztonsági gyakorlatokat. - [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } + [A Tor Letöltése(https://www.torproject.org/){ .md-button .md-button--primary } [Tor Tévhitek és GYIK](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Ajánlott Szolgáltatók -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Az általunk ajánlott szolgáltatók titkosítást használnak, elfogadják a Monero-t, támogatják a WireGuard-ot és OpenVPN-t, valamint naplózásmentes irányelvekkel rendelkeznek. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -96,12 +36,12 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar. + Az **IVPN** egy másik prémium VPN szolgáltató, és 2009 óta vannak működésben. Az IVPN székhelye Gibraltáron található. - [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" } + [:octicons-home-16: Honlap](https://www.ivpn.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Forráskód" } ??? downloads @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ennek oka a célállomáshoz vezető rövidebb útvonal (kevesebb ugrás). +{ .annotate } -1. Last checked: 2022-09-16 +1. Utoljára ellenőrizve: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +Az IVPN támogatja a WireGuard® protokollt. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Emellett a WireGuard célja, hogy egyszerűbb és hatékonyabb legyen. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Az IVPN kliensei támogatják a kétfaktoros hitelesítést (a Mullvad kliensei nem). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -155,13 +96,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } - **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial. + A **Mullvad** egy gyors és olcsó VPN, amely komoly hangsúlyt fektet az átláthatóságra és a biztonságra. **2009** óta vannak működésben. A Mullvad székhelye Svédországban van, és nem rendelkezik ingyenes próbaverzióval. - [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } - [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" } + [:octicons-home-16: Honlap](https://mullvad.net){ .md-button .md-button--primary } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Szolgáltatás" } + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Forráskód" } ??? downloads @@ -172,152 +113,215 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ennek oka a célállomáshoz vezető rövidebb útvonal (kevesebb ugrás). +{ .annotate } + +1. Utoljára ellenőrizve: 2023-01-19 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Emellett a WireGuard célja, hogy egyszerűbb és hatékonyabb legyen. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2023-01-19 - -??? success "Independently Audited" - - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + A **Proton VPN** egy erős pályázó a VPN-térben, és 2016 óta vannak működésben. A svájci székhelyű Proton AG egy korlátozott ingyenes előfizetést, valamint egy jobban felszerelt prémium opciót is kínál. - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + [:octicons-home-16: Honlap](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Forráskód" } - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + ??? downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ennek oka a célállomáshoz vezető rövidebb útvonal (kevesebb ugrás). +{ .annotate } -??? success "Accepts Cash and Monero" +1. Utoljára ellenőrizve: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +A Proton VPN átesett a SEC Consult független felülvizsálatán 2020 januárjában. A SEC Consult közepes és alacsony kockázatú sebezhetőségeket talált a Proton VPN Windows, Android és iOS alkalmazásaiban, amelyeket a Proton VPN a jelentések közzététele előtt "megfelelően kijavított". Az azonosított problémák egyike sem biztosított volna egy támadó számára távoli hozzáférést az eszközödhöz vagy forgalmadhoz. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Elfogad Készpénzt - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +A Proton VPN többnyire támogatja a WireGuard® protokollt. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Emellett a WireGuard célja, hogy egyszerűbb és hatékonyabb legyen. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Különösen Peer-to-Peer alkalmazások, mint Torrent-kliensek. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +A Proton VPN kliensek jelenleg a Linux kivételével minden platformon támogatják a kétlépcsős hitelesítést. A Proton VPN saját szerverekkel és adatközpontokkal rendelkezik Svájcban, Izlandon és Svédországban. A DNS-szolgáltatásukkal együtt reklámblokkolást és ismert kártékony szoftverek domainjeinek blokkolását is kínálják. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Ha szükséged van erre a funkcióra, és Intel chipsettel rendelkező Mac-et használsz, akkor fontold meg egy másik VPN szolgáltatás használatát. ## Követelmények !!! danger - It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. + Fontos megjegyezni, hogy egy VPN szolgáltató használata nem teszi téged anonimmá, de bizonyos helyzetekben jobb magánéletet biztosít. Egy VPN nem illegális tevékenységek eszköze. Ne hagyatkozz "no log" irányelvekre. -**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem. Ez lehetővé teszi számunkra, hogy teljesen objektív ajánlásokat tegyünk.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki minden olyan VPN-szolgáltató számára, amelyet ajánlani kívánunk, beleértve az erős titkosítást, független biztonsági felülvizsgálatokat, modern technológiát és még sok mást. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy VPN-szolgáltatót, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy az általad választott VPN-szolgáltató a lehető legmegbízhatóbb. -### Technology +### Technológia -We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected. +Minden általunk ajánlott VPN-szolgáltatótól elvárjuk, hogy biztosítson OpenVPN konfigurációs fájlokat, amelyeket bármilyen kliensben használni lehet. **Ha** egy VPN saját egyedi klienst biztosít, akkor hálózati kapcsolat megszakadásakor az adatszivárgások megakadályozása miatt egy killswitch beépítését várjuk el. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Support for strong protocols such as WireGuard & OpenVPN. -- Killswitch built in to clients. -- Multihop support. Multihopping is important to keep data private in case of a single node compromise. -- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- Olyan erős protokollok támogatása, mint a WireGuard és az OpenVPN. +- Kliensekbe beépített killswitch. +- Multihop támogatás. Multihopping is important to keep data private in case of a single node compromise. +- Ha biztosítva vannak VPN-kliensek, akkor azoknak [nyílt forráskódúaknak](https://en.wikipedia.org/wiki/Open_source) kell lenniük, épp mint a VPN-szoftver, ami általában beléjük van építve. Úgy véljük, hogy a [forráskód](https://en.wikipedia.org/wiki/Source_code) elérhetősége nagyobb átláthatóságot biztosít arról, hogy az eszközöd valójában mit csinál. -**Best Case:** +**Legjobb Esetben:** -- WireGuard and OpenVPN support. -- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) -- Easy-to-use VPN clients -- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. -- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). +- WireGuard és OpenVPN támogatás. +- Killswitch jól konfigurálható beállításokkal (engedélyezés/tiltás bizonyos hálózatokon, indításkor stb.) +- Könnyen használható VPN kliensek +- [IPv6](https://en.wikipedia.org/wiki/IPv6) támogatása. Elvárjuk, hogy szerverek engedélyezzék az IPv6-on keresztül érkező kapcsolatokat, és lehetővé tegyék IPv6-címeken üzemeltetett szolgáltatások elérését. +- A [távoli port forwardolás](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) képessége segíti a P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) fájlmegosztó szoftverek használatát vagy egy szerver (pl. Mumble) üzemeltetése esetén a kapcsolatok létrehozását. -### Privacy +### Adatvédelem -We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required. +Jobban szeretjük, ha az általunk ajánlott szolgáltatók a lehető legkevesebb adatot gyűjtik. Sszemélyes adatok nem gyűjtése a regisztráció során, és anonim fizetési formák elfogadása elvárás. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Monero or cash payment option. -- No personal information required to register: Only username, password, and email at most. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. +- A regisztrációhoz nincs szükség személyes adatokra: Csak felhasználónév, jelszó és legfeljebb email cím. -**Best Case:** +**Legjobb Esetben:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). -### Security +### Adatbiztonság -A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis. +Egy VPN értelmetlen, ha még megfelelő biztonságot sem tud nyújtani. Minden általunk ajánlott szolgáltatótól elvárjuk, hogy betartsa az OpenVPN kapcsolataikra vonatkozó jelenlegi biztonsági szabványokat. Ideális esetben alapértelmezés szerint jövőbelátóbb titkosítási sémákat használnának. Azt is elvárjuk, hogy egy független harmadik fél vizsgálja felül a szolgáltató biztonságát, ideális esetben nagyon átfogó módon és ismételten (évente). -**Minimum to Qualify:** +**Minimális Elvárások:** -- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. +- Erős Titkosítási Rendszerek: OpenVPN SHA-256 hitelesítssel; RSA-2048 vagy jobb handshake; AES-256-GCM vagy AES-256-CBC adattitkosítás. - Perfect Forward Secrecy (PFS). -- Published security audits from a reputable third-party firm. +- Közzétett biztonsági felülvizsgálatok egy megbízható harmadik feles cégtől. **Best Case:** -- Strongest Encryption: RSA-4096. +- Legerősebb Titkosítás: RSA-4096. - Perfect Forward Secrecy (PFS). -- Comprehensive published security audits from a reputable third-party firm. -- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Széleskürű és közzétett biztonsági felülvizsgálatok egy megbízható harmadik feles cégtől. +- Bug-bounty programok és/vagy összehangolt sebezhetőség-közzétételi folyamat. -### Trust +### Bizalom -You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. +A pénzügyeidet sem bíznád egy hamis személyazonosságú valakire, miért bíznád rá az internetes adataidat? Az általunk ajánlott szolgáltatóktól elvárjuk, hogy nyilvánosak legyenek a tulajdonlásukról vagy vezetésükről. Szeretnénk továbbá gyakori átláthatósági jelentéseket látni, különösen a kormányzati kérelmek kezelésének módját illetően. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Public-facing leadership or ownership. +- Nyilvános vezetés vagy tulajdonlás. -**Best Case:** +**Legjobb Esetben:** -- Public-facing leadership. -- Frequent transparency reports. +- Nyilvános vezetés. +- Gyakori átláthatósági jelentések. ### Marketing -With the VPN providers we recommend we like to see responsible marketing. +Az általunk ajánlott VPN-szolgáltatóknál felelős marketinget szeretünk látni. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out. +- Saját üzemeltetésű analitikai rendszerrel kell rendelkeznie (azaz nem Google Analytics). A szolgáltató webhelyének szintén be kell tartania a [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) kéréseket is, a követést elutasítani kívánó személyek számára. -Must not have any marketing which is irresponsible: +Nem használhat felelőtlen marketinget: -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: - - Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.) - - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) -- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of three or more hops that regularly changes. -- Use responsible language: i.e., it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor. +- Az anonimitás 100%-os védelmének garantálása. Ha valaki azt állítja, hogy valami 100%-os, az azt jelenti, hogy nincs bizonyosság meghibásodásra. Tudjuk, hogy személyek elég könnyen és számos módon deanonimizálni tudják magukat, pl.: + - Olyan személyes adatok (pl. email fiókok, egyedi álnevek stb.) újrafelhasználása, amelyeket anonimitás szoftver (Tor, VPN stb.) nélkül értek el + - [Böngésző fingerprintelés](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- Azt állítja, hogy egy egyáramkörös VPN "anonimabb", mint a Tor, amely egy három vagy több ugrásból álló, rendszeresen változó áramkör. +- Használjon felelősségteljes nyelvezetet: pl. nyugodtan mondhatja, hogy egy VPN "lecsatlakozott" vagy "nincs csatlakoztatva", azonban azt állítani, hogy valaki "védtelen", "sebezhető" vagy "veszélyeztetett", az riasztó nyelvezet felesleges használata, ami lehet, hogy helytelen is. Lehet, hogy az illető egyszerűen csak egy másik VPN-szolgáltató szolgáltatását, vagy a Tor-t használja. -**Best Case:** +**Legjobb Esetben:** -Responsible marketing that is both educational and useful to the consumer could include: +A felelős marketing, amely egyszerre oktató és hasznos a fogyasztó számára, a következőket foglalhatja magában: -- An accurate comparison to when [Tor](tor.md) should be used instead. -- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion) +- Pontos összehasonlítás, hogy mikor használandó a [Tor](tor.md) egy VPN helyett. +- A VPN szolgáltató weboldalának elérhetősége egy [.onion szolgáltatáson](https://en.wikipedia.org/wiki/.onion) keresztül -### Additional Functionality +### További Funkciók -While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.hu.txt" +Bár nem szigorúan követelmények, van néhány tényező, amelyet figyelembe vettünk, amikor eldöntöttük, hogy mely szolgáltatókat ajánljuk. Ezek közé tartozik a reklámblokkoló/tracker-blokkoló funkció, warrant canary-k, multihop kapcsolatok, kiváló ügyfélszolgálat, engedélyezett egyidejű kapcsolatok száma stb. diff --git a/i18n/id/404.md b/i18n/id/404.md index 008b57eab..e2432c79f 100644 --- a/i18n/id/404.md +++ b/i18n/id/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Tidak Ditemukan @@ -13,5 +17,3 @@ Kami tidak dapat menemukan laman yang Anda cari! Mungkin Anda sedang mencari sal - [Penyedia VPN Terbaik](vpn.md) - [Forum Privacy Guides](https://discuss.privacyguides.net) - [Blog Kami](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/about/criteria.md b/i18n/id/about/criteria.md index 0533da31b..850a79c1a 100644 --- a/i18n/id/about/criteria.md +++ b/i18n/id/about/criteria.md @@ -1,42 +1,40 @@ --- -title: General Criteria +title: Kriteria Umum --- -!!! example "Work in Progress" +!!! contoh "Pekerjaan yang Sedang Berlangsung" - The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24) + Halaman berikut ini masih dalam tahap pengembangan, dan tidak mencerminkan kriteria lengkap untuk rekomendasi kami saat ini. Diskusi sebelumnya tentang topik ini: [#24] (https://github.com/privacyguides/privacyguides.org/discussions/24) -Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion. +Di bawah ini adalah beberapa hal yang harus diterapkan pada semua pengajuan ke Privacy Guides. Setiap kategori akan memiliki persyaratan tambahan untuk dimasukkan. -## Financial Disclosure +## Pengungkapan Keuangan -We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors. +Kami tidak menghasilkan uang dari merekomendasikan produk tertentu, kami tidak menggunakan tautan afiliasi, dan kami tidak memberikan pertimbangan khusus kepada para donatur proyek. -## General Guidelines +## Pedoman Umum -We apply these priorities when considering new recommendations: +Kami menerapkan prioritas ini ketika mempertimbangkan rekomendasi baru: -- **Secure**: Tools should follow security best-practices wherever applicable. +- **Aman**: Alat harus mengikuti praktik terbaik keamanan di mana pun berlaku. - **Source Availability**: Open source projects are generally preferred over equivalent proprietary alternatives. - **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in. -- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases. -- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required. -- **Documented**: Tools should have clear and extensive documentation for use. +- **Pengembangan Aktif**: Alat yang kami rekomendasikan harus dikembangkan secara aktif, proyek yang tidak terpelihara akan dihapus dalam banyak kasus. +- **Kegunaan**: Alat bantu harus dapat diakses oleh sebagian besar pengguna komputer, latar belakang yang terlalu teknis tidak diperlukan. +- **Terdokumentasi**: Alat harus memiliki dokumentasi yang jelas dan ekstensif untuk digunakan. ## Developer Self-Submissions -We have these requirements in regard to developers which wish to submit their project or software for consideration. +Kami memiliki persyaratan ini terkait dengan pengembang yang ingin mengajukan proyek atau perangkat lunak mereka untuk dipertimbangkan. -- Must disclose affiliation, i.e. your position within the project being submitted. +- Harus mengungkapkan afiliasi, yaitu posisi Anda dalam proyek yang diajukan. -- Must have a security whitepaper if it is a project that involves handling of sensitive information like a messenger, password manager, encrypted cloud storage etc. - - Third party audit status. We want to know if you have one, or have one planned. If possible please mention who will be conducting the audit. +- Harus memiliki whitepaper keamanan jika itu adalah proyek yang melibatkan penanganan informasi sensitif seperti messenger, pengelola kata sandi, penyimpanan cloud terenkripsi, dll. + - Status audit pihak ketiga. Kami ingin tahu apakah Anda memilikinya, atau sedang merencanakannya. Jika memungkinkan, sebutkan siapa yang akan melakukan audit. -- Must explain what the project brings to the table in regard to privacy. - - Does it solve any new problem? - - Why should anyone use it over the alternatives? +- Harus menjelaskan apa yang dibawa oleh proyek terkait privasi. + - Apakah ini memecahkan masalah baru? + - Mengapa orang harus menggunakannya daripada alternatif lain? -- Must state what the exact threat model is with their project. +- Harus menyatakan apa model ancaman yang tepat dengan proyek mereka. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/about/donate.md b/i18n/id/about/donate.md index c41e3ab41..40a2846e0 100644 --- a/i18n/id/about/donate.md +++ b/i18n/id/about/donate.md @@ -1,52 +1,50 @@ --- -title: Supporting Us +title: Dukung Kami --- It takes a lot of [people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) and [work](https://github.com/privacyguides/privacyguides.org/pulse/monthly) to keep Privacy Guides up to date and spreading the word about privacy and mass surveillance. If you like what we do, consider getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides). -If you want to support us financially, the most convenient method for us is contributing via Open Collective, a website operated by our fiscal host. Open Collective accepts payments via credit/debit card, PayPal, and bank transfers. +Jika Anda ingin mendukung kami secara finansial, metode yang paling mudah bagi kami adalah berkontribusi melalui Open Collective, sebuah situs web yang dioperasikan oleh host fiskal kami. Open Collective menerima pembayaran melalui kartu kredit/debit, PayPal, dan transfer bank. -[Donate on OpenCollective.com](https://opencollective.com/privacyguides/donate ""){.md-button.md-button--primary} +[Donasi di OpenCollective.com](https://opencollective.com/privacyguides/donate ""){.md-button.md-button--primary} -Donations made directly to us on Open Collective are generally tax-deductible in the US, because our fiscal host (the Open Collective Foundation) is a registered 501(c)3 organization. You will receive a receipt from the Open Collective Foundation after donating. Privacy Guides does not provide financial advice, and you should contact your tax advisor to find out whether this is applicable to you. +Donations made directly to us on Open Collective are generally tax-deductible in the US, because our fiscal host (the Open Collective Foundation) is a registered 501(c)3 organization. Anda akan menerima tanda terima dari Open Collective Foundation setelah berdonasi. Privacy Guides tidak memberikan saran keuangan, dan Anda harus menghubungi penasihat pajak Anda untuk mengetahui apakah ini berlaku untuk Anda. -If you already make use of GitHub sponsorships, you can also sponsor our organization there. +Jika Anda sudah menggunakan sponsor GitHub, Anda juga dapat mensponsori organisasi kami di sana. [Sponsor us on GitHub](https://github.com/sponsors/privacyguides ""){.md-button} -## Backers +## Pendukung -A special thanks to all those who support our mission! :heart: +Terima kasih secara khusus kepada semua pihak yang mendukung misi kami! :heart: -*Please note: This section loads a widget directly from Open Collective. This section does not reflect donations made outside of Open Collective, and we have no control over the specific donors featured in this section.* +*Harap diperhatikan: Bagian ini memuat widget langsung dari Open Collective. Bagian ini tidak mencerminkan donasi yang dibuat di luar Open Collective, dan kami tidak memiliki kendali atas donatur tertentu yang ditampilkan di bagian ini.* -## How We Use Donations +## Bagaimana Kami Menggunakan Donasi -Privacy Guides is a **non-profit** organization. We use donations for a variety of purposes, including: +Privacy Guides adalah organisasi **nirlaba**. Kami menggunakan donasi untuk berbagai tujuan, termasuk: -**Domain Registrations** +**Pendaftaran Domain** : -We have a few domain names like `privacyguides.org` which cost us around $10 yearly to maintain their registration. +Kami memiliki beberapa nama domain seperti `privacyguides.org` yang menghabiskan biaya sekitar $10 per tahun untuk mempertahankan registrasinya. -**Web Hosting** +**Hosting Web** : -Traffic to this website uses hundreds of gigabytes of data per month, we use a variety of service providers to keep up with this traffic. +Lalu lintas ke situs web ini menggunakan ratusan gigabyte data per bulan, kami menggunakan berbagai penyedia layanan untuk mengimbangi lalu lintas ini. -**Online Services** +**Layanan Daring** : -We host [internet services](https://privacyguides.net) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of which are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.). +Kami menghost [layanan internet](https://privacyguides.net) untuk menguji dan menampilkan berbagai produk privasi yang kami sukai dan [rekomendasikan](../tools.md). Beberapa di antaranya tersedia untuk umum untuk digunakan oleh komunitas kami (SearXNG, Tor, dll.), dan beberapa disediakan untuk anggota tim kami (email, dll.). -**Product Purchases** +**Pembelian Produk** : -We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). +Kami terkadang membeli produk dan layanan untuk tujuan menguji [alat yang kami rekomendasikan](../tools.md). -We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.id.txt" +We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. Sementara itu, jika Anda ingin memberikan donasi mata uang kripto dalam jumlah yang cukup besar (> $100), silakan hubungi [jonah@privacyguides.org](mailto:jonah@privacyguides.org). diff --git a/i18n/id/about/index.md b/i18n/id/about/index.md index ce3379626..ef47153ec 100644 --- a/i18n/id/about/index.md +++ b/i18n/id/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "Tentang Privacy Guides" +description: Privacy Guides adalah situs web bermotif sosial yang menyediakan informasi untuk melindungi keamanan dan privasi data Anda. --- -**Privacy Guides** adalah situs web bermotif sosial yang menyediakan informasi untuk melindungi keamanan dan privasi data Anda. Kami adalah kolektif nirlaba yang dioperasikan sepenuhnya oleh [anggota tim](https://discuss.privacyguides.net/g/team) dan kontributor sukarelawan. +![Logo Privacy Guides](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Dukung proyek ini](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** adalah situs web bermotif sosial yang menyediakan [informasi](/kb) untuk melindungi keamanan dan privasi data Anda. Kami adalah kolektif nirlaba yang dioperasikan sepenuhnya oleh [anggota tim](https://discuss.privacyguides.net/g/team) dan kontributor sukarelawan. Situs web kami bebas dari iklan dan tidak berafiliasi dengan penyedia yang terdaftar. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title="Laman Beranda" } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Kode Sumber" } +[:octicons-heart-16:](donate.md){ .card-link title=Berkontribusi } + +Tujuan Privacy Guides adalah untuk mengedukasi komunitas kami mengenai pentingnya privasi daring dan program pemerintah secara internasional yang dirancang untuk memantau semua aktivitas daring Anda. + +> Untuk menemukan aplikasi [alternatif yang berfokus pada privasi], lihat situs-situs seperti Good Reports dan **Privacy Guides**, yang mencantumkan daftar aplikasi yang berfokus pada privasi dalam berbagai kategori, terutama termasuk penyedia email (biasanya dengan paket berbayar) yang tidak dijalankan oleh perusahaan-perusahaan teknologi besar. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> Jika Anda mencari VPN baru, Anda bisa membuka kode diskon dari hampir semua podcast. Jika Anda mencari **VPN** yang bagus, Anda memerlukan bantuan profesional. Hal yang sama berlaku untuk klien email, browser, sistem operasi, dan pengelola kata sandi. Bagaimana Anda tahu mana yang terbaik, opsi yang paling ramah privasi? Untuk itu ada **Privacy Guides**, sebuah platform di mana sejumlah sukarelawan mencari hari demi hari untuk alat ramah privasi terbaik untuk digunakan di internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Diterjemahkan dari bahasa Belanda] + +Juga ditampilkan di: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], dan [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## Sejarah + +Privacy Guides diluncurkan pada bulan September 2021 sebagai kelanjutan dari [yang sudah tidak aktif](privacytools.md) "PrivacyTools" proyek edukasi sumber terbuka. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +Pada tahun 2022, kami menyelesaikan transisi kerangka kerja situs web utama kami dari Jekyll ke MkDocs, menggunakan perangkat lunak dokumentasi `mkdocs - material` . This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +Kami juga meluncurkan forum diskusi baru kami di [discuss.privacyguides.net](https://discuss.privacyguides.net/) sebagai platform komunitas untuk berbagi ide dan mengajukan pertanyaan tentang misi kami. Hal ini menambah komunitas kami yang ada di Matrix, dan menggantikan platform Diskusi GitHub kami sebelumnya, mengurangi ketergantungan kami pada platform diskusi berpemilik. + +Sejauh ini pada tahun 2023 kami telah meluncurkan terjemahan internasional situs web kami dalam bahasa [Prancis](/fr/), [Ibrani](/he/), dan [Belanda](/nl/), dengan lebih banyak bahasa yang sedang dalam proses, yang dimungkinkan oleh tim penerjemah kami yang luar biasa di [Crowdin](https://crowdin.com/project/privacyguides). Kami berencana untuk terus melanjutkan misi kami dalam hal penjangkauan dan edukasi, serta mencari cara untuk menyoroti dengan lebih jelas bahaya kurangnya kesadaran privasi di era digital modern, dan prevalensi serta bahaya pelanggaran keamanan di seluruh industri teknologi. ## Tim Kami @@ -48,7 +76,7 @@ title: "Tentang Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Selain itu, [banyak orang](https://github.com/privacyguides/privacyguides.org/graphs/contributors) telah memberikan kontribusi ke proyek ini. Anda juga bisa, kami bersumber terbuka di GitHub! +Selain itu, [banyak orang](https://github.com/privacyguides/privacyguides.org/graphs/contributors) telah memberikan kontribusi ke proyek ini. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). Anggota tim kami meninjau semua perubahan yang dilakukan pada situs web dan menangani tugas-tugas administratif seperti layanan web dan keuangan, namun mereka tidak mendapatkan keuntungan pribadi dari setiap kontribusi yang dibuat untuk situs ini. Keuangan kami dikelola secara transparan oleh Open Collective Foundation 501(c)(3) di [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donasi untuk Privacy Guides umumnya dapat dikurangkan dari pajak di Amerika Serikat. @@ -56,8 +84,6 @@ Anggota tim kami meninjau semua perubahan yang dilakukan pada situs web dan mena *Berikut ini adalah ringkasan yang dapat dibaca oleh manusia (dan bukan pengganti) lisensi [](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):* -:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. +:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). Ini berarti Anda bebas menyalin dan mendistribusikan ulang materi dalam media atau format apa pun untuk tujuan apa pun, bahkan untuk tujuan komersial; selama Anda memberikan kredit yang sesuai kepada `Privacy Guides (www.privacyguides.org)` dan memberikan tautan ke lisensi. Anda dapat melakukannya dengan cara yang wajar, tetapi tidak dengan cara apa pun yang menyarankan Privacy Guides mendukung Anda atau penggunaan Anda. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. -This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.id.txt" +This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. Jika Anda merasa persyaratan lisensi ini terlalu membatasi proyek yang sedang Anda kerjakan, silakan hubungi kami di `jonah@privacyguides.org`. Kami dengan senang hati menyediakan opsi lisensi alternatif untuk proyek-proyek yang bermaksud baik di ruang privasi! diff --git a/i18n/id/about/notices.md b/i18n/id/about/notices.md index 2df99cb9b..3d5e60549 100644 --- a/i18n/id/about/notices.md +++ b/i18n/id/about/notices.md @@ -1,45 +1,43 @@ --- -title: "Notices and Disclaimers" +title: "Pemberitahuan dan Penafian" hide: - toc --- -## Legal Disclaimer +## Penafian Hukum -Privacy Guides is not a law firm. As such, the Privacy Guides website and contributors are not providing legal advice. The material and recommendations in our website and guides do not constitute legal advice nor does contributing to the website or communicating with Privacy Guides or other contributors about our website create an attorney-client relationship. +Privacy Guides bukanlah firma hukum. Dengan demikian, situs web dan kontributor Privacy Guides tidak memberikan nasihat hukum. Materi dan rekomendasi di situs web dan panduan kami bukan merupakan nasihat hukum dan juga tidak berkontribusi pada situs web atau berkomunikasi dengan Privacy Guides atau kontributor lain tentang situs web kami menciptakan hubungan pengacara-klien. -Running this website, like any human endeavor, involves uncertainty and trade-offs. We hope this website helps, but it may include mistakes and can’t address every situation. If you have any questions about your situation, we encourage you to do your own research, seek out other experts, and engage in discussions with the Privacy Guides community. If you have any legal questions, you should consult with your own legal counsel before moving forward. +Menjalankan situs web ini, seperti halnya usaha manusia lainnya, melibatkan ketidakpastian dan trade-off. Kami harap situs web ini membantu, tetapi mungkin termasuk kesalahan dan tidak dapat mengatasi setiap situasi. Jika Anda memiliki pertanyaan tentang situasi Anda, kami mendorong Anda untuk melakukan penelitian Anda sendiri, mencari ahli lain, dan terlibat dalam diskusi dengan komunitas Privacy Guides. Jika Anda memiliki pertanyaan hukum, Anda harus berkonsultasi dengan penasihat hukum Anda sendiri sebelum melangkah lebih jauh. -Privacy Guides is an open source project contributed to under licenses that include terms that, for the protection of the website and its contributors, make clear that the Privacy Guides project and website is offered "as-is", without warranty, and disclaiming liability for damages resulting from using the website or any recommendations contained within. Privacy Guides does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on the website or otherwise relating to such materials on the website or on any third-party sites linked on this site. +Privacy Guides is an open source project contributed to under licenses that include terms that, for the protection of the website and its contributors, make clear that the Privacy Guides project and website is offered "as-is", without warranty, and disclaiming liability for damages resulting from using the website or any recommendations contained within. Privacy Guides tidak menjamin atau membuat pernyataan apa pun mengenai keakuratan, kemungkinan hasil, atau keandalan penggunaan materi di situs web atau yang terkait dengan materi tersebut di situs web atau di situs pihak ketiga mana pun yang ditautkan di situs ini. -Privacy Guides additionally does not warrant that this website will be constantly available, or available at all. +Privacy Guides juga tidak menjamin bahwa situs web ini akan selalu tersedia, atau tersedia sama sekali. -## Licenses +## Lisensi -Unless otherwise noted, all content on this website is made available under the terms of the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). +Kecuali dinyatakan lain, semua konten di situs web ini tersedia di bawah ketentuan [Creative Commons Attribution - NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). -This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive: +Ini tidak termasuk kode pihak ketiga yang tertanam dalam repositori ini, atau kode di mana lisensi pengganti dinyatakan. Berikut ini adalah contoh penting, tetapi daftar ini mungkin tidak mencakup semuanya: -* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt). +* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/mathjax.js) dilisensikan di bawah [Lisensi Apache 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt). -Portions of this notice itself were adopted from [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) on GitHub. That resource and this page itself are released under [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE). +Bagian dari pemberitahuan ini sendiri diadopsi dari [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) di GitHub. Sumber daya tersebut dan halaman ini sendiri dirilis di bawah [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE). -This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo. +Ini berarti bahwa Anda dapat menggunakan konten yang dapat dibaca manusia dalam repositori ini untuk proyek Anda sendiri, sesuai dengan persyaratan yang diuraikan dalam teks Creative Commons Attribution - NoDerivatives 4.0 International Public License. Anda dapat melakukannya dengan cara yang wajar, tetapi tidak dengan cara apa pun yang menyarankan Privacy Guides mendukung Anda atau penggunaan Anda. Anda **tidak boleh** menggunakan branding Privacy Guides dalam proyek Anda sendiri tanpa persetujuan tertulis dari proyek ini. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo. -We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://www.copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.* +Kami percaya bahwa logo dan gambar lain dalam `aset` yang diperoleh dari penyedia pihak ketiga berada dalam domain publik atau **penggunaan wajar**. Singkatnya, hukum [adil menggunakan doktrin](https://www.copyright.gov/fair-use/more-info.html) memungkinkan penggunaan gambar berhak cipta untuk mengidentifikasi materi pelajaran untuk tujuan komentar publik. Namun, logo ini dan gambar lainnya mungkin masih tunduk pada undang-undang merek dagang di satu atau lebih yurisdiksi. Sebelum menggunakan konten ini, pastikan bahwa konten tersebut digunakan untuk mengidentifikasi entitas atau organisasi yang memiliki merek dagang dan bahwa Anda memiliki hak untuk menggunakannya berdasarkan hukum yang berlaku dalam situasi yang Anda inginkan. *Ketika menyalin konten dari situs web ini, Anda bertanggung jawab penuh untuk memastikan bahwa Anda tidak melanggar merek dagang atau hak cipta orang lain.* -When you contribute to this repository you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project. +Ketika Anda berkontribusi pada repositori ini, Anda melakukannya di bawah lisensi di atas, dan Anda memberi Privacy Guides lisensi yang abadi, di seluruh dunia, non-eksklusif, dapat dipindahtangankan, bebas royalti, dan tidak dapat dibatalkan dengan hak untuk mensublisensikan hak-hak tersebut melalui beberapa tingkatan penerima sublisensi, untuk mereproduksi, memodifikasi, menampilkan, menampilkan, melakukan, dan mendistribusikan kontribusi Anda sebagai bagian dari proyek kami. -## Acceptable Use +## Penggunaan yang Dapat Diterima -You may not use this website in any way that causes or may cause damage to the website or impairment of the availability or accessibility of Privacy Guides, or in any way which is unlawful, illegal, fraudulent, harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity. +Anda tidak boleh menggunakan situs web ini dengan cara apa pun yang menyebabkan atau dapat menyebabkan kerusakan pada situs web atau gangguan ketersediaan atau aksesibilitas Privacy Guides, atau dengan cara apa pun yang melanggar hukum, ilegal, curang, berbahaya, atau sehubungan dengan tujuan atau aktivitas yang melanggar hukum, ilegal, curang, atau berbahaya. -You must not conduct any systematic or automated data collection activities on or in relation to this website without express written consent, including: +Anda tidak boleh melakukan aktivitas pengumpulan data secara sistematis atau otomatis pada atau sehubungan dengan situs web ini tanpa persetujuan tertulis, termasuk: -* Excessive Automated Scans -* Denial of Service Attacks +* Pemindaian Otomatis yang Berlebihan +* Serangan Penolakan Layanan * Scraping -* Data Mining +* Penambangan Data * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/about/privacy-policy.md b/i18n/id/about/privacy-policy.md index e40452399..db4258e68 100644 --- a/i18n/id/about/privacy-policy.md +++ b/i18n/id/about/privacy-policy.md @@ -1,63 +1,61 @@ --- -title: "Privacy Policy" +title: "Kebijakan Privasi" --- -Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). +Privacy Guides adalah proyek komunitas yang dioperasikan oleh sejumlah kontributor sukarelawan yang aktif. Daftar publik anggota tim [dapat ditemukan di GitHub](https://github.com/orgs/privacyguides/people). -## Data We Collect From Visitors +## Data yang Kami Kumpulkan dari Pengunjung -The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website: +Privasi pengunjung situs web kami penting bagi kami, jadi kami tidak melacak individu mana pun. Sebagai pengunjung situs web kami: -- No personal information is collected -- No information such as cookies are stored in the browser -- No information is shared with, sent to or sold to third-parties -- No information is shared with advertising companies -- No information is mined and harvested for personal and behavioral trends -- No information is monetized +- Tidak ada informasi pribadi yang dikumpulkan +- Tidak ada informasi seperti cookie yang disimpan di browser +- Tidak ada informasi yang dibagikan, dikirim atau dijual kepada pihak ketiga +- Tidak ada informasi yang dibagikan dengan perusahaan periklanan +- Tidak ada informasi yang ditambang dan dipanen untuk tren pribadi dan perilaku +- Tidak ada informasi yang dimonetisasi -You can view the data we collect on our [statistics](statistics.md) page. +Anda dapat melihat data yang kami kumpulkan di halaman [statistik](statistics.md) kami. -We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected. +Kami menjalankan instalasi [Plausible Analytics](https://plausible.io) yang dihosting sendiri untuk mengumpulkan beberapa data penggunaan anonim untuk tujuan statistik. Tujuannya adalah untuk melacak tren keseluruhan dalam lalu lintas situs web kami, bukan untuk melacak pengunjung individu. Semua data hanya dalam agregat. Tidak ada data pribadi yang dikumpulkan. -Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy). +Data yang dikumpulkan termasuk sumber rujukan, halaman teratas, durasi kunjungan, informasi dari perangkat (jenis perangkat, sistem operasi, negara dan browser) yang digunakan selama kunjungan dan banyak lagi. Anda dapat mempelajari lebih lanjut tentang bagaimana Plausible bekerja dan mengumpulkan informasi dengan cara yang menghormati privasi [di sini](https://plausible.io/data-policy). -## Data We Collect From Account Holders +## Data yang Kami Kumpulkan Dari Pemegang Akun -On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform. +Pada beberapa situs web dan layanan yang kami sediakan, banyak fitur yang mungkin memerlukan akun. Sebagai contoh, sebuah akun mungkin diperlukan untuk memposting dan membalas topik pada platform forum. -To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site. +Untuk mendaftar ke sebagian besar akun, kami akan mengumpulkan nama, nama pengguna, email, dan kata sandi. Jika sebuah situs web memerlukan lebih banyak informasi daripada data tersebut, hal itu akan ditandai dengan jelas dan dicatat dalam pernyataan privasi terpisah per-situs. -We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services. +Kami menggunakan data akun Anda untuk mengidentifikasi Anda di situs web dan membuat halaman khusus untuk Anda, seperti halaman profil. Kami juga akan menggunakan data akun Anda untuk mempublikasikan profil publik untuk Anda di layanan kami. -We use your email to: +Kami menggunakan email Anda untuk: -- Notify you about posts and other activity on the websites or services. -- Reset your password and help keep your account secure. -- Contact you in special circumstances related to your account. -- Contact you about legal requests, such as DMCA takedown requests. +- Memberi tahu Anda tentang postingan dan aktivitas lain di situs web atau layanan. +- Atur ulang kata sandi Anda dan jaga keamanan akun Anda. +- Menghubungi Anda dalam keadaan khusus yang berkaitan dengan akun Anda. +- Menghubungi Anda tentang permintaan hukum, seperti permintaan penghapusan DMCA. -On some websites and services you may provide additional information for your account, such as a short biography, avatar, your location, or your birthday. We make that information available to everyone who can access the website or service in question. This information is not required to use any of our services and can be erased at any time. +Pada beberapa situs web dan layanan, Anda dapat memberikan informasi tambahan untuk akun Anda, seperti biografi singkat, avatar, lokasi Anda, atau hari ulang tahun Anda. Kami membuat informasi yang tersedia untuk semua orang yang dapat mengakses situs web atau layanan yang bersangkutan. Informasi ini tidak diperlukan untuk menggunakan layanan kami dan dapat dihapus kapan saja. -We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days. +Kami akan menyimpan data akun Anda selama akun Anda masih terbuka. Setelah menutup akun, kami dapat menyimpan sebagian atau seluruh data akun Anda dalam bentuk cadangan atau arsip hingga 90 hari. -## Contacting Us +## Menghubungi Kami -The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to: +Tim Privacy Guides umumnya tidak memiliki akses ke data pribadi di luar akses terbatas yang diberikan melalui beberapa panel moderasi. Pertanyaan mengenai informasi pribadi Anda harus dikirim langsung ke: ```text Jonah Aragon -Services Administrator +Administrator Layanan jonah@privacyguides.org ``` -For all other inquiries, you can contact any member of our team. +Untuk semua pertanyaan lainnya, Anda dapat menghubungi anggota tim kami. -For complaints under GDPR more generally, you may lodge complaints with your local data protection supervisory authorities. In France it's the Commission Nationale de l'Informatique et des Libertés which take care and handle the complaints. They provide a [template of complaint letter](https://www.cnil.fr/en/plaintes) to use. +Untuk keluhan berdasarkan GDPR secara umum, Anda dapat mengajukan keluhan kepada otoritas pengawas perlindungan data setempat. Di Prancis, Komisi Nasional Informasi dan Kebebasan yang mengurus dan menangani keluhan tersebut. Mereka menyediakan template [surat keluhan](https://www.cnil.fr/en/plaintes) untuk digunakan. -## About This Policy +## Tentang Kebijakan Ini -We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. +Kami akan memposting versi baru dari pernyataan ini [di sini](privacy-policy.md). Kami dapat mengubah cara kami mengumumkan perubahan dalam versi mendatang dari dokumen ini. Sementara itu, kami dapat memperbarui informasi kontak kami kapan saja tanpa mengumumkan perubahan. Silakan merujuk ke [Kebijakan Privasi](privacy-policy.md) untuk informasi kontak terbaru setiap saat. -A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.id.txt" +Sebuah revisi lengkap [sejarah](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) dari halaman ini dapat ditemukan di GitHub. diff --git a/i18n/id/about/privacytools.md b/i18n/id/about/privacytools.md index 6faff234f..566e6f0de 100644 --- a/i18n/id/about/privacytools.md +++ b/i18n/id/about/privacytools.md @@ -1,120 +1,118 @@ --- -title: "PrivacyTools FAQ" +title: "Pertanyaan Umum PrivacyTools" --- -# Why we moved on from PrivacyTools +# Mengapa kami beralih dari PrivacyTools -In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. +Pada bulan September 2021, setiap kontributor aktif dengan suara bulat setuju untuk beralih dari PrivacyTools untuk bekerja di situs ini: Privacy Guides. Keputusan ini diambil karena pendiri dan pengendali nama domain PrivacyTools telah menghilang dalam jangka waktu yang lama dan tidak dapat dihubungi. -Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition. +Setelah membangun situs dan serangkaian layanan yang memiliki reputasi baik di PrivacyTools.io, hal ini menimbulkan kekhawatiran besar bagi masa depan PrivacyTools, karena gangguan apa pun di masa depan dapat menghapus seluruh organisasi tanpa metode pemulihan. Transisi ini dikomunikasikan kepada komunitas PrivacyTools beberapa bulan sebelumnya melalui berbagai saluran termasuk blog, Twitter, Reddit, dan Mastodon untuk memastikan seluruh proses berjalan semulus mungkin. Kami melakukan ini untuk memastikan tidak ada yang disimpan dalam kegelapan, yang telah menjadi modus operandi kami sejak tim kami diciptakan, dan untuk memastikan Privacy Guides diakui sebagai organisasi terpercaya yang sama dengan PrivacyTools sebelum transisi. -After the organizational move was completed, the founder of PrivacyTools returned and began to spread misinformation about the Privacy Guides project. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. We are creating this page to clear up any misconceptions. +Setelah perpindahan organisasi selesai, pendiri PrivacyTools kembali dan mulai menyebarkan informasi yang salah tentang proyek Privacy Guides. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. Kami membuat halaman ini untuk membereskan kesalahpahaman. -## What is PrivacyTools? +## Apa itu PrivacyTools? -PrivacyTools was created in 2015 by "BurungHantu," who wanted to make a privacy information resource - helpful tools following the Snowden revelations. The site grew into a flourishing open-source project with [many contributors](https://github.com/privacytools/privacytools.io/graphs/contributors), some eventually given various organizational responsibilities, such as operating online services like Matrix and Mastodon, managing and reviewing changes to the site on GitHub, finding sponsors for the project, writing blog posts and operating social media outreach platforms like Twitter, etc. +PrivacyTools dibuat pada tahun 2015 oleh "BurungHantu," yang ingin membuat alat yang berguna untuk sumber daya informasi privasi setelah pengungkapan Snowden. Situs ini tumbuh menjadi proyek sumber terbuka yang berkembang dengan [banyak kontributor](https://github.com/privacytools/privacytools.io/graphs/contributors), beberapa akhirnya diberi berbagai tanggung jawab organisasi, seperti mengoperasikan layanan online seperti Matrix dan Mastodon, mengelola dan meninjau perubahan pada situs di GitHub, mencari sponsor untuk proyek tersebut, menulis posting blog dan mengoperasikan platform penjangkauan media sosial seperti Twitter, dll. -Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. This change was unanimously agreed upon by the team and went uncontested. +Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. Perubahan ini disetujui dengan suara bulat oleh tim dan tidak dapat diganggu gugat. -## Why We Moved On +## Mengapa Kami Pindah -In 2020, BurungHantu's absence grew much more noticeable. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. He would disappear from the public chat and private team chat rooms on Matrix for months at a time, occasionally popping in to give some small feedback or promise to be more active before disappearing once again. +Pada tahun 2020, ketidakhadiran BurungHantu semakin terlihat. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. Dia akan menghilang dari obrolan publik dan ruang obrolan tim pribadi di Matrix selama berbulan-bulan, sesekali muncul untuk memberikan sedikit umpan balik atau berjanji untuk lebih aktif sebelum menghilang lagi. -In October 2020, the PrivacyTools system administrator (Jonah) [left](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) the project because of these difficulties, handing control to another long-time contributor. Jonah had been operating nearly every PrivacyTools service and acting as the *de facto* project lead for website development in BurungHantu's absence, thus his departure was a significant change to the organization. At the time, because of these significant organizational changes, BurungHantu promised the remaining team he would return to take control of the project going forward. ==The PrivacyTools team reached out via several communication methods over the following months, but did not receive any response.== +Pada bulan Oktober 2020, administrator sistem PrivacyTools (Jonah) [meninggalkan](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) proyek karena kesulitan ini, menyerahkan kendali kepada kontributor lama lainnya. Jonah telah mengoperasikan hampir semua layanan PrivacyTools dan bertindak sebagai *de facto* pimpinan proyek untuk pengembangan situs web selama ketidakhadiran BurungHantu, sehingga kepergiannya merupakan perubahan yang signifikan bagi organisasi. Pada saat itu, karena perubahan organisasi yang signifikan ini, BurungHantu berjanji kepada tim yang tersisa bahwa ia akan kembali untuk mengambil alih kendali proyek ke depannya. ==Tim PrivacyTools menghubungi melalui beberapa metode komunikasi selama beberapa bulan berikutnya, tetapi tidak menerima tanggapan apa pun.== -## Domain Name Reliance +## Ketergantungan Nama Domain -At the beginning of 2021, the PrivacyTools team grew worried about the future of the project, because the domain name was set to expire on 1st March 2021. The domain was ultimately renewed by BurungHantu with no comment. +Pada awal 2021, tim PrivacyTools semakin khawatir tentang masa depan proyek, karena nama domain akan kedaluwarsa pada 1 Maret 2021. Domain ini akhirnya diperbarui oleh BurungHantu tanpa komentar. -The team’s concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. We also would have had trouble reaching the community to inform them of what took place. +The team’s concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. Kami juga akan kesulitan menghubungi komunitas untuk memberi tahu mereka tentang apa yang terjadi. -Without being in any contact with BurungHantu, we decided the best course of action would be to move to a new domain name while we still had guaranteed control over the old domain name, sometime before March 2022. This way, we would be able to cleanly redirect all PrivacyTools resources to the new site without any interruption in service. This decision was made many months in advance and communicated to the entire team in the hopes that BurungHantu would reach out and assure his continued support for the project, because with a recognizable brand name and large communities online, moving away from "PrivacyTools" was the least desirable possible outcome. +Tanpa melakukan kontak dengan BurungHantu, kami memutuskan tindakan terbaik adalah pindah ke nama domain baru selagi kami masih memiliki jaminan kontrol atas nama domain lama, sebelum Maret 2022. Dengan cara ini, kami akan dapat mengarahkan semua sumber daya PrivacyTools dengan bersih ke situs baru tanpa gangguan dalam layanan. Keputusan ini dibuat berbulan-bulan sebelumnya dan dikomunikasikan kepada seluruh tim dengan harapan bahwa BurungHantu akan menjangkau dan memastikan dukungannya yang berkelanjutan untuk proyek ini, karena dengan nama merek yang sudah dikenal dan komunitas online yang besar, berpindah dari "PrivacyTools" adalah hasil yang paling tidak diinginkan. -In mid-2021 the PrivacyTools team reached out to Jonah, who agreed to rejoin the team to help with the transition. +Pada pertengahan 2021, tim PrivacyTools menghubungi Jonah, yang setuju untuk bergabung kembali dengan tim untuk membantu transisi. -## Community Call to Action +## Ajakan Komunitas untuk Bertindak -At the end of July 2021, we [informed](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) the PrivacyTools community of our intention to choose a new name and continue the project on a new domain, to be [chosen](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) on 2nd August 2022. In the end, "Privacy Guides" was selected, with the `privacyguides.org` domain already owned by Jonah for a side-project from 2020 that went undeveloped. +Pada akhir Juli 2021, kami [memberi tahu](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) komunitas PrivacyTools tentang niat kami untuk memilih nama baru dan melanjutkan proyek di domain baru, yang akan [dipilih](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) pada tanggal 2 Agustus 2022. Pada akhirnya, "Privacy Guides" dipilih, dengan domain `privacyguides.org` yang telah dimiliki oleh Jonah untuk proyek sampingan dari tahun 2020 yang tidak berkembang. -## Control of r/privacytoolsIO +## Kontrol dari r/privacytoolsIO -Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit. +Bersamaan dengan masalah situs web yang sedang berlangsung di privacytools.io, tim moderasi r/privacytoolsIO menghadapi tantangan dalam mengelola subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep adalah satu-satunya moderator aktif pada saat itu, dan [memposting](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) permintaan kepada administrator Reddit pada 28 Juni 2021, meminta untuk diberikan posisi moderator utama dan hak kontrol penuh, untuk membuat perubahan yang diperlukan pada Subreddit. -Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms. +Reddit mengharuskan subreddit memiliki moderator yang aktif. Jika moderator utama tidak aktif dalam jangka waktu yang lama (seperti satu tahun), posisi moderator utama dapat ditunjuk kembali ke moderator berikutnya. Agar permintaan ini dikabulkan, BurungHantu harus benar-benar absen dari semua aktivitas Reddit untuk jangka waktu yang lama, yang konsisten dengan perilakunya di platform lain. -> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer. +> Jika Anda dihapus sebagai moderator dari subreddit melalui permintaan Reddit, itu karena kurangnya tanggapan dan kurangnya aktivitas Anda memenuhi syarat subreddit untuk transfer r/redditrequest. > -> r/redditrequest is Reddit's way of making sure communities have active moderators and is part of the [Moderator Code of Conduct](https://www.redditinc.com/policies/moderator-code-of-conduct). +> r/redditrequest adalah cara Reddit untuk memastikan komunitas memiliki moderator yang aktif dan merupakan bagian dari [Kode Etik Moderator](https://www.redditinc.com/policies/moderator-code-of-conduct). -## Beginning the Transition +## Memulai Transisi -On September 14th, 2021, we [announced](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) the beginning of our migration to this new domain: +Pada 14 September 2021, kami [mengumumkan](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) awal migrasi kami ke domain baru ini: -> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc. +> [...] kami merasa perlu untuk melakukan peralihan ini lebih cepat daripada nanti untuk memastikan orang akan mengetahui tentang transisi ini sesegera mungkin. Hal ini memberikan kami waktu yang cukup untuk melakukan transisi nama domain, yang saat ini dialihkan ke www.privacyguides.org, dan diharapkan dapat memberikan waktu yang cukup bagi semua orang untuk mengetahui perubahan tersebut, memperbarui bookmark dan situs web, dll. -This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/) +Perubahan ini [mensyaratkan:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/) -- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). -- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site. +- Mengalihkan www.privacytools.io ke [www.privacyguides.org](https://www.privacyguides.org). +- Mengarsipkan kode sumber di GitHub untuk melestarikan pekerjaan masa lalu dan pelacak masalah kami, yang terus kami gunakan selama berbulan-bulan pengembangan dari situs ini di masa depan. - Posting announcements to our subreddit and various other communities informing people of the official change. -- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible. +- Secara resmi menutup layanan privacytools.io, seperti Matrix dan Mastodon, dan mendorong pengguna lama untuk bermigrasi sesegera mungkin. -Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped. +Segala sesuatunya tampak berjalan dengan lancar, dan sebagian besar komunitas aktif kami beralih ke proyek baru kami persis seperti yang kami harapkan. ## Following Events -Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project. +Kira-kira seminggu setelah transisi, BurungHantu kembali online untuk pertama kalinya dalam hampir satu tahun, namun tidak ada seorang pun dari tim kami yang mau kembali ke PrivacyTools karena sejarahnya yang tidak dapat diandalkan. Daripada meminta maaf atas ketidakhadirannya yang berkepanjangan, ia segera melakukan serangan dan memposisikan transisi ke Privacy Guides sebagai serangan terhadapnya dan proyeknya. Dia kemudian [menghapus](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) banyak dari postingan tersebut ketika ditunjukkan oleh komunitas bahwa dia tidak hadir dan meninggalkan proyek tersebut. -At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible). +Pada titik ini, BurungHantu menyatakan bahwa ia ingin melanjutkan pengerjaan privacytools.io secara mandiri dan meminta kami untuk menghapus pengalihan dari www.privacytools.io ke [www.privacyguides.org](https://www.privacyguides.org). Kami mewajibkan dan meminta agar subdomain untuk Matrix, Mastodon, dan PeerTube tetap aktif agar kami dapat menjalankan layanan publik kepada komunitas kami setidaknya selama beberapa bulan, agar pengguna di platform tersebut dapat dengan mudah bermigrasi ke akun lain. Karena sifat federasi dari layanan yang kami sediakan, layanan ini terikat pada nama domain tertentu sehingga sangat sulit untuk dimigrasikan (dan dalam beberapa kasus tidak mungkin). -Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services. +Sayangnya, karena kontrol subreddit r/privacytoolsIO tidak dikembalikan ke BurungHantu atas permintaannya (informasi lebih lanjut di bawah), subdomain tersebut [terputus](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) pada awal Oktober, mengakhiri kemungkinan migrasi ke pengguna yang masih menggunakan layanan tersebut. -Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so. +Setelah ini, BurungHantu membuat tuduhan palsu tentang Jonah mencuri sumbangan dari proyek tersebut. BurungHantu memiliki waktu lebih dari setahun sejak insiden yang dituduhkan terjadi, namun dia tidak pernah membuat siapa pun menyadarinya sampai setelah migrasi Privacy Guides. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so. BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim. -## PrivacyTools.io Now +## PrivacyTools.io Sekarang -As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs. +Pada tanggal 25 September 2022, kami melihat keseluruhan rencana BurungHantu terwujud di privacytools.io, dan ini adalah alasan utama kami memutuskan untuk membuat halaman penjelasan ini hari ini. Situs web yang dia operasikan tampaknya merupakan versi situs yang sangat dioptimalkan untuk SEO yang merekomendasikan alat dengan imbalan kompensasi finansial. Baru-baru ini, IVPN dan Mullvad, dua penyedia VPN yang hampir secara universal [direkomendasikan](../vpn.md) oleh komunitas privasi dan terkenal karena sikap mereka yang menentang program afiliasi telah dihapus dari PrivacyTools. Di tempat mereka? NordVPN, Surfshark, ExpressVPN, dan hide.me; Perusahaan VPN raksasa dengan platform dan praktik bisnis yang tidak dapat dipercaya, terkenal karena program pemasaran dan afiliasi mereka yang agresif. -==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder. +==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Kami yang benar-benar memperjuangkan privasi tidak bertengkar satu sama lain, dan tidak mendapatkan saran dari penawar tertinggi. -## r/privacytoolsIO Now +## r/privacytoolsIO Sekarang -After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021: +Setelah peluncuran [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), tidak praktis bagi u/trai_dep untuk terus memoderasi kedua subreddit tersebut, dan dengan adanya komunitas yang ikut serta dalam transisi ini, r/privacytoolsIO [menjadikan](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) sebagai sub yang dibatasi dalam sebuah postingan pada tanggal 1 November 2021: -> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you. +> [...] Pertumbuhan Sub ini adalah hasil dari upaya besar, selama beberapa tahun, oleh tim PrivacyGuides.org. Dan oleh Anda semua. > -> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It’s not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It’s unfair to the team formed years ago. It’s unfair to you. [...] +> Subreddit adalah pekerjaan yang sangat banyak untuk dikelola dan dimoderasi. Seperti halnya sebuah taman, taman ini membutuhkan perawatan yang sabar dan perawatan harian. Ini bukanlah tugas untuk orang yang tidak suka bekerja keras atau orang yang sulit berkomitmen. Tanaman ini tidak dapat tumbuh subur di bawah seorang tukang kebun yang meninggalkannya selama beberapa tahun, lalu muncul dan menuntut hasil panen tahun ini sebagai penghargaan. Ini tidak adil bagi tim yang dibentuk beberapa tahun yang lalu. Ini tidak adil bagimu. [...] -Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides. +Subreddit bukan milik siapa pun, dan terutama bukan milik pemegang merek. Mereka adalah bagian dari komunitas mereka, dan komunitas serta para moderatornya membuat keputusan untuk mendukung perpindahan ke r/PrivacyGuides. -In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) of Reddit rules: +Beberapa bulan setelahnya, BurungHantu telah mengancam dan memohon untuk mengembalikan kontrol subreddit ke akunnya dalam [pelanggaran](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) aturan Reddit: -> Retaliation from any moderator with regards to removal requests is disallowed. +> Pembalasan dari moderator mana pun sehubungan dengan permintaan penghapusan tidak diperbolehkan. -For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is. +Untuk sebuah komunitas dengan ribuan pelanggan yang tersisa, kami merasa bahwa akan sangat tidak sopan untuk mengembalikan kendali platform besar tersebut kepada orang yang meninggalkannya selama lebih dari satu tahun, dan yang sekarang mengoperasikan situs web yang menurut kami memberikan informasi yang sangat berkualitas rendah. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is. -## OpenCollective Now +## OpenCollective Sekarang -Our fundraising platform, OpenCollective, is another source of contention. Our position is that OpenCollective was put in place by our team and managed by our team to fund services we currently operate and which PrivacyTools no longer does. We [reached out](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) to all of our donors regarding our move to Privacy Guides, and we were unanimously supported by our sponsors and community. +Platform penggalangan dana kami, OpenCollective, adalah sumber perdebatan lainnya. Posisi kami adalah bahwa OpenCollective diberlakukan oleh tim kami dan dikelola oleh tim kami untuk mendanai layanan yang saat ini kami operasikan dan yang tidak lagi dilakukan PrivacyTools. Kami [menghubungi](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) kepada semua donatur kami mengenai perpindahan kami ke Privacy Guides, dan kami dengan suara bulat didukung oleh para sponsor dan komunitas kami. -Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer: +Dengan demikian, dana yang ada di OpenCollective adalah milik Privacy Guides, dana tersebut diberikan kepada proyek kami, dan bukan kepada pemilik nama domain terkenal. Dalam pengumuman yang disampaikan kepada para donatur pada tanggal 17 September 2021, kami menawarkan pengembalian dana kepada setiap donatur yang tidak setuju dengan sikap yang kami ambil, tetapi tidak ada yang menerima tawaran ini: -> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net. +> Jika ada sponsor atau pendukung yang tidak setuju atau merasa disesatkan oleh peristiwa baru ini dan ingin meminta pengembalian dana karena keadaan yang sangat tidak biasa ini, silakan hubungi admin proyek kami melalui email ke jonah@triplebit.net. -## Further Reading +## Bacaan Lebih Lanjut -This topic has been discussed extensively within our communities in various locations, and it seems likely that most people reading this page will already be familiar with the events leading up to the move to Privacy Guides. Some of our previous posts on the matter may have extra detail we omitted here for brevity. They have been linked below for the sake of completion. +Topik ini telah dibahas secara luas dalam komunitas kami di berbagai lokasi, dan sepertinya sebagian besar orang yang membaca halaman ini sudah mengetahui tentang peristiwa yang terjadi sebelum perpindahan ke Privacy Guides. Beberapa tulisan kami sebelumnya mengenai masalah ini mungkin memiliki detail tambahan yang kami hilangkan di sini untuk mempersingkatnya. Mereka telah ditautkan di bawah ini demi kelengkapan. -- [June 28, 2021 request for control of r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) -- [July 27, 2021 announcement of our intentions to move on the PrivacyTools blog, written by the team](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) -- [Sept 13, 2021 announcement of the beginning of our transition to Privacy Guides on r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/) -- [Sept 17, 2021 announcement on OpenCollective from Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) -- [Sept 30, 2021 Twitter thread detailing most of the events now described on this page](https://twitter.com/privacy_guides/status/1443633412800225280) -- [Oct 1, 2021 post by u/dng99 noting subdomain failure](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) -- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) -- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) -- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.id.txt" +- [28 Juni 2021 permintaan untuk mengontrol r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) +- [27 Juli 2021 pengumuman tentang niat kami untuk pindah ke blog PrivacyTools, yang ditulis oleh tim](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) +- [13 September 2021 pengumuman awal transisi kami ke Privacy Guides di r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/) +- [17 September 2021 pengemuman di OpenCollective dari Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) +- [30 September 2021 utas Twitter yang merinci sebagian besar peristiwa yang sekarang dijelaskan di halaman ini](https://twitter.com/privacy_guides/status/1443633412800225280) +- [1 Oktober 2021 diposting oleh u/dng99 yang mencatat kegagalan subdomain](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) +- [2 April 2022 tanggapan oleh u/dng99 untuk posting blog yang menuduh dari PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) +- [16 Mei 2022 tanggapan oleh @TommyTran732 di Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) +- [3 Sep 2022 posting di forum Techlore oleh @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) diff --git a/i18n/id/about/services.md b/i18n/id/about/services.md index f1978204f..9ffc61c27 100644 --- a/i18n/id/about/services.md +++ b/i18n/id/about/services.md @@ -1,40 +1,38 @@ -# Privacy Guides Services +# Layanan Privacy Guides -We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below. +We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Banyak dari layanan ini tersedia untuk umum dan dirinci di bawah ini. -[:material-comment-alert: Report an issue](https://discuss.privacyguides.net/c/services/2 ""){.md-button.md-button--primary} +[:material-comment-alert: Laporkan masalah](https://discuss.privacyguides.net/c/services/2 ""){.md-button.md-button--primary} ## Discourse - Domain: [discuss.privacyguides.net](https://discuss.privacyguides.net) -- Availability: Public -- Source: [github.com/discourse/discourse](https://github.com/discourse/discourse) +- Ketersediaan: Publik +- Sumber: [github.com/discourse/discourse](https://github.com/discourse/discourse) ## Gitea - Domain: [code.privacyguides.dev](https://code.privacyguides.dev) -- Availability: Invite-Only - Access may be granted upon request to any team working on *Privacy Guides*-related development or content. -- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea) +- Ketersediaan: Khusus Undangan + Akses dapat diberikan berdasarkan permintaan kepada tim mana pun yang bekerja pada *Privacy Guides*-terkait pengembangan atau konten. +- Sumber: [snapcraft.io/gitea](https://snapcraft.io/gitea) ## Matrix - Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org) -- Availability: Invite-Only - Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence. -- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) +- Ketersediaan: Khusus Undangan + Akses dapat diberikan berdasarkan permintaan kepada anggota tim Privacy Guides, moderator Matrix, administrator komunitas Matrix pihak ketiga, operator bot Matrix, dan individu lain yang membutuhkan kehadiran Matrix yang andal. +- Sumber: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) ## SearXNG - Domain: [search.privacyguides.net](https://search.privacyguides.net) -- Availability: Public -- Source: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker) +- Ketersediaan: Publik +- Sumber: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker) ## Invidious - Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net) -- Availability: Semi-Public - We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. -- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.id.txt" +- Ketersediaan: Semi-Publik + Kami menghosting Invidious terutama untuk menyajikan video YouTube yang disematkan di situs web kami, contoh ini tidak dimaksudkan untuk penggunaan tujuan umum dan dapat dibatasi sewaktu-waktu. +- Sumber: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) diff --git a/i18n/id/about/statistics.md b/i18n/id/about/statistics.md index ed8abba4e..57eab3ddd 100644 --- a/i18n/id/about/statistics.md +++ b/i18n/id/about/statistics.md @@ -1,11 +1,11 @@ --- -title: Traffic Statistics +title: Statistik Lalu Lintas --- -## Website Statistics +## Statistik Situs Web - +
Statistik didukung oleh Plausible Analytics
-## Blog Statistics +## Statistik Blog -
Stats powered by Plausible Analytics
+
Statistik didukung oleh Plausible Analytics
- ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/advanced/communication-network-types.md b/i18n/id/advanced/communication-network-types.md index 37c3ec5dc..781178d5c 100644 --- a/i18n/id/advanced/communication-network-types.md +++ b/i18n/id/advanced/communication-network-types.md @@ -1,11 +1,12 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. -[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} +[Pesan Instan yang Direkomendasikan](../real-time-communication.md ""){.md-button} ## Centralized Networks @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/advanced/dns-overview.md b/i18n/id/advanced/dns-overview.md index 7bc2e9029..b47af2809 100644 --- a/i18n/id/advanced/dns-overview.md +++ b/i18n/id/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/advanced/payments.md b/i18n/id/advanced/payments.md new file mode 100644 index 000000000..b876244ea --- /dev/null +++ b/i18n/id/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Pembayaran Pribadi +icon: material/hand-coin +--- + +Ada alasan mengapa data tentang kebiasaan membeli Anda dianggap sebagai cawan suci penargetan iklan: pembelian Anda dapat membocorkan harta karun data tentang Anda. Sayangnya, sistem keuangan saat ini dirancang antiprivasi, sehingga memungkinkan bank, perusahaan lain, dan pemerintah untuk melacak transaksi dengan mudah. Namun demikian, Anda memiliki banyak pilihan untuk melakukan pembayaran secara pribadi. + +## Uang Tunai + +Selama berabad-abad, **uang tunai** telah berfungsi sebagai bentuk utama pembayaran pribadi. Uang tunai memiliki sifat privasi yang sangat baik dalam banyak kasus, diterima secara luas di sebagian besar negara, dan **dapat dipertukarkan**, artinya tidak unik dan sepenuhnya dapat dipertukarkan. + +Undang-undang pembayaran tunai bervariasi menurut negara. Di Amerika Serikat, pengungkapan khusus diperlukan untuk pembayaran tunai lebih dari $10.000 kepada IRS di [Formulir 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). Bisnis penerima wajib memverifikasi nama, alamat, pekerjaan, tanggal lahir, dan Nomor Jaminan Sosial atau NPWP penerima (dengan beberapa pengecualian). Batas bawah tanpa ID seperti $3.000 atau kurang dari itu ada untuk pertukaran dan pengiriman uang. Uang tunai juga memiliki nomor seri. Ini hampir tidak pernah dilacak oleh pedagang, tetapi dapat digunakan oleh penegak hukum dalam penyelidikan yang ditargetkan. + +Meskipun demikian, ini biasanya merupakan pilihan terbaik. + +## Kartu Prabayar & Kartu Hadiah + +Membeli kartu hadiah dan kartu prabayar di sebagian besar toko kelontong dan minimarket dengan uang tunai relatif mudah. Kartu hadiah biasanya tidak dikenakan biaya, meskipun kartu prabayar sering kali dikenakan biaya, jadi perhatikan baik-baik biaya dan tanggal kedaluwarsanya. Beberapa toko mungkin akan meminta kartu identitas Anda pada saat pembayaran untuk mengurangi penipuan. + +Kartu hadiah biasanya memiliki batas hingga $200 per kartu, tetapi ada juga yang menawarkan batas hingga $2.000 per kartu. Kartu prabayar (misalnya: dari Visa atau Mastercard) biasanya memiliki batas hingga $1.000 per kartu. + +Kartu hadiah memiliki sisi negatif karena tunduk pada kebijakan merchant, yang dapat memiliki persyaratan dan batasan yang buruk. Misalnya, beberapa penjual tidak menerima pembayaran dengan kartu hadiah secara eksklusif, atau mereka mungkin membatalkan nilai kartu jika mereka menganggap Anda sebagai pengguna berisiko tinggi. Setelah Anda memiliki kredit penjual, penjual memiliki tingkat kontrol yang kuat atas kredit ini. + +Kartu prabayar tidak mengizinkan penarikan tunai dari ATM atau pembayaran "peer-to-peer" di Venmo dan aplikasi serupa. + +Uang tunai tetap menjadi pilihan terbaik untuk pembelian secara langsung bagi kebanyakan orang. Kartu hadiah dapat berguna untuk penghematan yang mereka bawa. Kartu prabayar dapat berguna untuk tempat-tempat yang tidak menerima uang tunai. Kartu hadiah dan kartu prabayar lebih mudah digunakan secara daring daripada uang tunai, dan lebih mudah diperoleh dengan mata uang kripto daripada uang tunai. + +### Pasar Daring + +Jika Anda memiliki [mata uang kripto](../cryptocurrency.md), Anda dapat membeli kartu hadiah dengan pasar kartu hadiah daring. Beberapa layanan ini menawarkan opsi verifikasi ID untuk batas yang lebih tinggi, tetapi mereka juga mengizinkan akun hanya dengan alamat surel. Batas dasar mulai dari $5.000-10.000 per hari untuk akun dasar, dan limit yang jauh lebih tinggi untuk akun terverifikasi ID (jika ditawarkan). + +Saat membeli kartu hadiah secara daring, biasanya ada sedikit diskon. Kartu prabayar biasanya dijual secara daring dengan harga nominal atau dengan biaya. Jika Anda membeli kartu prabayar dan kartu hadiah dengan mata uang kripto, Anda sebaiknya memilih untuk membayar dengan Monero yang memberikan privasi yang kuat, lebih lanjut tentang hal ini di bawah ini. Membayar kartu hadiah dengan metode pembayaran yang dapat dilacak meniadakan manfaat yang dapat diberikan oleh kartu hadiah ketika dibeli dengan uang tunai atau Monero. + +- [Pasar Kartu Hadiah Daring :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Kartu Virtual + +Cara lain untuk melindungi informasi Anda dari penjual daring adalah dengan menggunakan kartu virtual sekali pakai yang menyembunyikan informasi perbankan atau penagihan Anda yang sebenarnya. Hal ini terutama berguna untuk melindungi Anda dari pelanggaran data penjual, pelacakan yang kurang canggih atau korelasi pembelian oleh agen pemasaran, dan pencurian data daring. Mereka **tidak** membantu Anda dalam melakukan pembelian sepenuhnya secara anonim, dan mereka juga tidak menyembunyikan informasi apa pun dari lembaga perbankan itu sendiri. Lembaga keuangan biasa yang menawarkan kartu virtual tunduk pada undang-undang "Kenali Nasabah Anda" (KYC), yang berarti mereka mungkin memerlukan ID Anda atau informasi identifikasi lainnya. + +- [Layanan Penyamaran Pembayaran yang Direkomendasikan :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +Ini cenderung menjadi pilihan yang baik untuk pembayaran berulang/langganan secara daring, sementara kartu hadiah prabayar lebih disukai untuk transaksi satu kali. + +## Mata Uang Kripto + +Mata uang kripto adalah bentuk mata uang digital yang dirancang untuk bekerja tanpa otoritas pusat seperti pemerintah atau bank. Meskipun *beberapa* proyek mata uang kripto memungkinkan Anda untuk melakukan transaksi pribadi secara daring, banyak yang menggunakan blockchain publik yang tidak memberikan privasi transaksi. Mata uang kripto juga cenderung merupakan aset yang sangat fluktuatif, artinya nilainya dapat berubah dengan cepat dan signifikan kapan saja. Oleh karena itu, kami umumnya tidak menyarankan penggunaan mata uang kripto sebagai penyimpan nilai jangka panjang. Jika Anda memutuskan untuk menggunakan mata uang kripto secara daring, pastikan Anda memiliki pemahaman penuh mengenai aspek privasinya terlebih dahulu, dan hanya menginvestasikan jumlah yang tidak akan menyebabkan kerugian besar. + +!!! danger + + Sebagian besar mata uang kripto beroperasi pada blockchain **publik**, yang berarti bahwa setiap transaksi diketahui oleh publik. Ini termasuk mata uang kripto yang paling terkenal seperti Bitcoin dan Ethereum. Transaksi dengan mata uang kripto ini tidak dapat dianggap sebagai transaksi pribadi dan tidak akan melindungi anonimitas Anda. + + Selain itu, banyak atau bahkan sebagian besar mata uang kripto adalah penipuan. Lakukan transaksi dengan hati-hati hanya dengan proyek yang Anda percayai. + +### Koin Privasi + +Ada sejumlah proyek mata uang kripto yang bertujuan untuk memberikan privasi dengan membuat transaksi menjadi anonim. Kami menyarankan untuk menggunakan salah satu yang menyediakan anonimitas transaksi **secara bawaan** untuk menghindari kesalahan operasional. + +- [Mata Uang Kripto yang Direkomendasikan :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Koin privasi telah menjadi sasaran pengawasan yang semakin meningkat oleh badan-badan pemerintah. Pada tahun 2020, [IRS menerbitkan bounty $625,000](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) untuk alat yang dapat memecahkan Jaringan Lightning Bitcoin dan/atau privasi transaksi Monero. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/id/advanced/tor-overview.md b/i18n/id/advanced/tor-overview.md index f2f54a1ae..dd9d2a951 100644 --- a/i18n/id/advanced/tor-overview.md +++ b/i18n/id/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.id.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/id/android.md b/i18n/id/android.md index 1a28ee46e..3da86daae 100644 --- a/i18n/id/android.md +++ b/i18n/id/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/assets/img/how-tor-works/tor-encryption-dark.svg b/i18n/id/assets/img/how-tor-works/tor-encryption-dark.svg index 95e681571..423419f4f 100644 --- a/i18n/id/assets/img/how-tor-works/tor-encryption-dark.svg +++ b/i18n/id/assets/img/how-tor-works/tor-encryption-dark.svg @@ -48,18 +48,18 @@ - Your + Perangkat - Device + Anda - Sending data to a website + Mengirim data ke situs web - Receiving data from a website + Menerima data dari situs web @@ -70,17 +70,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar @@ -95,17 +95,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar diff --git a/i18n/id/assets/img/how-tor-works/tor-encryption.svg b/i18n/id/assets/img/how-tor-works/tor-encryption.svg index f5b1e2915..1bf0ebba7 100644 --- a/i18n/id/assets/img/how-tor-works/tor-encryption.svg +++ b/i18n/id/assets/img/how-tor-works/tor-encryption.svg @@ -48,18 +48,18 @@ - Your + Perangkat - Device + Anda - Sending data to a website + Mengirim data ke situs web - Receiving data from a website + Menerima data dari situs web @@ -70,17 +70,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar @@ -95,17 +95,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar diff --git a/i18n/id/assets/img/how-tor-works/tor-path-dark.svg b/i18n/id/assets/img/how-tor-works/tor-path-dark.svg index 9002c9b16..0e24fde1d 100644 --- a/i18n/id/assets/img/how-tor-works/tor-path-dark.svg +++ b/i18n/id/assets/img/how-tor-works/tor-path-dark.svg @@ -29,17 +29,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar diff --git a/i18n/id/assets/img/how-tor-works/tor-path.svg b/i18n/id/assets/img/how-tor-works/tor-path.svg index cb53d8b13..7aea91856 100644 --- a/i18n/id/assets/img/how-tor-works/tor-path.svg +++ b/i18n/id/assets/img/how-tor-works/tor-path.svg @@ -29,17 +29,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar diff --git a/i18n/id/basics/account-creation.md b/i18n/id/basics/account-creation.md index 7793be8a5..f80a509ff 100644 --- a/i18n/id/basics/account-creation.md +++ b/i18n/id/basics/account-creation.md @@ -1,64 +1,65 @@ --- -title: "Account Creation" +title: "Pembuatan Akun" icon: 'material/account-plus' +description: Membuat akun online bisa dibilang merupakan kebutuhan internet, lakukan langkah-langkah ini untuk memastikan Anda tetap privat. --- -Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. +Seringkali orang mendaftar untuk layanan tanpa berpikir. Mungkin itu adalah layanan streaming sehingga Anda dapat menonton acara baru yang dibicarakan semua orang, atau akun yang memberi Anda diskon untuk tempat makanan cepat saji favorit Anda. Apa pun masalahnya, Anda harus mempertimbangkan implikasi untuk data Anda sekarang dan di kemudian hari. -There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer. +Ada risiko yang terkait dengan setiap layanan baru yang Anda gunakan. Pelanggaran data; pengungkapan informasi pelanggan kepada pihak ketiga; karyawan nakal yang mengakses data; semuanya adalah kemungkinan yang harus dipertimbangkan ketika memberikan informasi Anda. Anda harus yakin bahwa Anda bisa mempercayai layanan ini, itulah sebabnya kami tidak menyarankan untuk menyimpan data berharga pada apa pun kecuali pada produk yang paling matang dan telah teruji. Hal ini biasanya berarti layanan yang menyediakan E2EE dan telah menjalani audit kriptografi. Audit meningkatkan jaminan bahwa produk dirancang tanpa masalah keamanan mencolok yang disebabkan oleh pengembang yang tidak berpengalaman. -It can also be difficult to delete the accounts on some services. Sometimes [overwriting data](account-deletion.md#overwriting-account-information) associated with an account can be possible, but in other cases the service will keep an entire history of changes to the account. +Mungkin juga sulit untuk menghapus akun pada beberapa layanan. Terkadang [menimpa data](account-deletion.md#overwriting-account-information) yang terkait dengan akun dapat dilakukan, tetapi dalam kasus lain layanan akan menyimpan seluruh riwayat perubahan pada akun. -## Terms of Service & Privacy Policy +## Ketentuan Layanan & Kebijakan Privasi -The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for. +ToS adalah peraturan yang Anda setujui untuk diikuti saat menggunakan layanan. Pada layanan yang lebih besar aturan-aturan ini sering kali ditegakkan oleh sistem otomatis. Terkadang sistem otomatis ini bisa membuat kesalahan. Sebagai contoh, Anda mungkin diblokir atau dikunci dari akun Anda pada beberapa layanan karena menggunakan nomor VPN atau VOIP. Mengajukan banding atas larangan semacam itu sering kali sulit, dan melibatkan proses otomatis juga, yang tidak selalu berhasil. Ini akan menjadi salah satu alasan mengapa kami tidak menyarankan menggunakan Gmail untuk email sebagai contoh. Email sangat penting untuk akses ke layanan lain yang mungkin telah Anda daftarkan. -The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect. +Kebijakan Privasi adalah bagaimana layanan mengatakan bahwa mereka akan menggunakan data Anda dan perlu dibaca agar Anda memahami bagaimana data Anda akan digunakan. Perusahaan atau organisasi mungkin tidak diwajibkan secara hukum untuk mengikuti semua yang tercantum dalam kebijakan (tergantung pada yurisdiksi). Kami sarankan Anda mengetahui undang-undang setempat dan apa yang diizinkan oleh penyedia layanan untuk dikumpulkan. -We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start. +Sebaiknya cari istilah-istilah tertentu seperti "pengumpulan data", "analisis data", "cookie", "iklan", atau layanan "pihak ketiga". Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start. Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy. -## Authentication methods +## Metode autentikasi -There are usually multiple ways to sign up for an account, each with their own benefits and drawbacks. +Biasanya ada beberapa cara untuk mendaftar akun, masing-masing dengan kelebihan dan kekurangannya sendiri. -### Email and password +### Email dan kata sandi -The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords. +Cara paling umum untuk membuat akun baru adalah dengan alamat email dan kata sandi. Saat menggunakan metode ini, Anda harus menggunakan pengelola kata sandi dan mengikuti [praktik terbaik](passwords-overview.md) mengenai kata sandi. !!! tip - You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key. + Anda juga dapat menggunakan pengelola kata sandi untuk mengatur metode autentikasi lainnya! Cukup tambahkan entri baru dan isi kolom yang sesuai, Anda bisa menambahkan catatan untuk hal-hal seperti pertanyaan keamanan atau kunci cadangan. -You will be responsible for managing your login credentials. For added security, you can set up [MFA](multi-factor-authentication.md) on your accounts. +Anda akan bertanggung jawab untuk mengelola kredensial login Anda. Untuk keamanan tambahan, Anda dapat mengatur [MFA](multi-factor-authentication.md) pada akun Anda. -[Recommended password managers](../passwords.md ""){.md-button} +[Pengelola kata sandi yang direkomendasikan](../passwords.md ""){.md-button} #### Email aliases -If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to. +Jika Anda tidak ingin memberikan alamat email asli Anda ke layanan, Anda memiliki opsi untuk menggunakan alias. Kami menjelaskannya secara lebih rinci di halaman rekomendasi layanan email kami. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. Hal ini dapat membantu mencegah pelacakan di seluruh layanan dan membantu Anda mengelola email pemasaran yang terkadang menyertai proses pendaftaran. Semua itu dapat disaring secara otomatis berdasarkan alias yang dikirim. -Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked. +Jika layanan diretas, Anda mungkin akan mulai menerima email phishing atau spam ke alamat yang Anda gunakan untuk mendaftar. Using unique aliases for each service can assist in identifying exactly what service was hacked. [Recommended email aliasing services](../email.md#email-aliasing-services ""){.md-button} -### Single sign-on +### Sistem masuk tunggal -!!! note +!!! catatan We are discussing Single sign-on for personal use, not enterprise users. Single sign-on (SSO) is an authentication method that allows you to register for a service without sharing much information, if any. Whenever you see something along the lines of "Sign-in with *provider name*" on a registration form it's SSO. -When you choose single sign-on in a website, it will prompt your SSO provider login page and after that your account will be connected. Your password won't be shared but some basic information will (you can review it during the login request). This process is needed every time you want to log in to the same account. +When you choose single sign-on in a website, it will prompt your SSO provider login page and after that your account will be connected. Kata sandi Anda tidak akan dibagikan tetapi beberapa informasi dasar akan (Anda dapat memeriksanya selama permintaan login). Proses ini diperlukan setiap kali Anda ingin masuk ke akun yang sama. -The main advantages are: +Keuntungan utama adalah: - **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials. - **Ease of use**: multiple accounts are managed by a single login. -But there are disadvantages: +Tetapi ada kelemahan: - **Privacy**: a SSO provider will know the services you use. - **Centralization**: if your SSO account gets compromised or you aren't able to login to it, all other accounts connected to it are affected. @@ -67,16 +68,14 @@ SSO can be especially useful in those situations where you could benefit from de All services that use SSO will be as secure as your SSO account. For example, if you want to secure an account with a hardware key but that service doesn't support hardware keys, you can secure your SSO account with a hardware key and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your SSO account means that any account tied to that login will also be weak. -### Phone number +### Nomor telepon -We recommend avoiding services that require a phone number for sign up. A phone number can identity you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted. +Kami sarankan untuk menghindari layanan yang memerlukan nomor telepon untuk mendaftar. Nomor telepon dapat menjadi identitas Anda di berbagai layanan dan tergantung pada perjanjian berbagi data, hal ini akan membuat penggunaan Anda lebih mudah dilacak, terutama jika salah satu layanan tersebut dibobol karena nomor telepon sering kali **tidak** dienkripsi. -You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts. +Anda harus menghindari memberikan nomor telepon asli Anda jika Anda bisa. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts. -In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number! +Dalam banyak kasus, Anda perlu memberikan nomor yang dapat digunakan untuk menerima SMS atau telepon, terutama saat berbelanja internasional, untuk berjaga-jaga jika terjadi masalah dengan pesanan Anda saat pemeriksaan di perbatasan. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number! -### Username and password +### Nama pengguna dan kata sandi -Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.id.txt" +Beberapa layanan memungkinkan Anda untuk mendaftar tanpa menggunakan alamat email dan hanya mengharuskan Anda untuk mengatur nama pengguna dan kata sandi. Layanan ini dapat memberikan peningkatan anonimitas bila dikombinasikan dengan VPN atau Tor. Perlu diingat bahwa untuk akun-akun ini kemungkinan besar tidak akan ada **cara untuk memulihkan akun Anda** jika Anda lupa nama pengguna atau kata sandi Anda. diff --git a/i18n/id/basics/account-deletion.md b/i18n/id/basics/account-deletion.md index 686524a5c..6fa6c271d 100644 --- a/i18n/id/basics/account-deletion.md +++ b/i18n/id/basics/account-deletion.md @@ -1,15 +1,16 @@ --- -title: "Account Deletion" +title: "Penghapusan Akun" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- -Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. +Seiring waktu, mudah sekali untuk menumpuk sejumlah akun online, yang banyak di antaranya mungkin sudah tidak Anda gunakan lagi. Menghapus akun-akun yang tidak terpakai ini merupakan langkah penting untuk mendapatkan kembali privasi Anda, karena akun-akun yang tidak aktif rentan terhadap pelanggaran data. Pelanggaran data adalah ketika keamanan layanan terganggu dan informasi yang dilindungi dilihat, dikirim, atau dicuri oleh pihak yang tidak berwenang. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. -## Finding Old Accounts +## Menemukan Akun Lama -### Password Manager +### Pengelola Kata Sandi -If you have a password manager that you've used for your entire digital life, this part will be very easy. Oftentimes, they include built-in functionality for detecting if your credentials were exposed in a data breach—such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned/). +Jika Anda memiliki pengelola kata sandi yang telah Anda gunakan untuk seluruh kehidupan digital Anda, bagian ini akan sangat mudah. Oftentimes, they include built-in functionality for detecting if your credentials were exposed in a data breach—such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned/).
![Bitwarden's Data Breach Report feature](../assets/img/account-deletion/exposed_passwords.png) @@ -17,16 +18,16 @@ If you have a password manager that you've used for your entire digital life, th Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser or your phone without even realizing it. For example: [Firefox Password Manager](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Google Password Manager](https://passwords.google.com/intro) and [Edge Password Manager](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336). -Desktop platforms also often have a password manager which may help you recover passwords you've forgotten about: +Platform desktop juga sering kali memiliki pengelola kata sandi yang dapat membantu Anda memulihkan kata sandi yang Anda lupakan: -- Windows [Credential Manager](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0) -- macOS [Passwords](https://support.apple.com/en-us/HT211145) -- iOS [Passwords](https://support.apple.com/en-us/HT211146) -- Linux, Gnome Keyring, which can be accessed through [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager) +- Windows [Manajer Kredensial](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0) +- macOS [Kata Sandi](https://support.apple.com/en-us/HT211145) +- iOS [Kata Sandi](https://support.apple.com/en-us/HT211146) +- Linux, Gnome Keyring, yang dapat diakses melalui [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) atau [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager) ### Email -If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts. +Jika Anda tidak menggunakan pengelola kata sandi di masa lalu atau Anda merasa memiliki akun yang tidak pernah ditambahkan ke pengelola kata sandi Anda, opsi lainnya adalah mencari akun email yang Anda yakini telah Anda daftarkan. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts. ## Deleting Old Accounts @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/common-misconceptions.md b/i18n/id/basics/common-misconceptions.md index 6dca77e2e..8452a071a 100644 --- a/i18n/id/basics/common-misconceptions.md +++ b/i18n/id/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Kesalahpahaman Umum" icon: 'material/robot-confused' +description: Privasi bukanlah topik yang mudah, dan mudah sekali terjebak dalam klaim pemasaran dan disinformasi lainnya. --- ## "Perangkat lunak sumber terbuka selalu aman" atau "Perangkat lunak sumber tertutup lebih aman" @@ -56,6 +57,4 @@ Salah satu model ancaman yang paling jelas adalah model di mana orang *tahu siap Menggunakan Tor dapat membantu dalam hal ini. Perlu juga dicatat bahwa anonimitas yang lebih baik dimungkinkan melalui komunikasi asinkron: Komunikasi waktu nyata rentan terhadap analisis pola pengetikan (misalnya lebih dari satu paragraf teks, didistribusikan di forum, melalui surel, dll.) ---8<-- "includes/abbreviations.id.txt" - [^1]: Salah satu contoh penting dari hal ini adalah [insiden pada 2021 di mana para peneliti Universitas Minnesota memperkenalkan tiga kerentanan ke dalam proyek pengembangan kernel Linux](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/id/basics/common-threats.md b/i18n/id/basics/common-threats.md index bce2f6a27..da762a098 100644 --- a/i18n/id/basics/common-threats.md +++ b/i18n/id/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Ancaman Umum" icon: 'material/eye-outline' +description: Model ancaman Anda bersifat pribadi bagi Anda, tetapi ini adalah beberapa hal yang dipedulikan oleh banyak pengunjung situs ini. --- Secara garis besar, kami mengkategorikan rekomendasi kami ke dalam [ancaman](threat-modeling.md) atau tujuan yang berlaku untuk kebanyakan orang. ==Anda mungkin tidak peduli dengan tidak ada, satu, beberapa, atau semua kemungkinan ini==, dan alat dan layanan yang Anda gunakan tergantung pada tujuan Anda. Anda mungkin juga memiliki ancaman khusus di luar kategori ini, dan itu tidak masalah! Bagian yang penting adalah mengembangkan pemahaman tentang manfaat dan kekurangan alat yang Anda pilih untuk digunakan, karena hampir tidak ada satu pun yang akan melindungi Anda dari setiap ancaman. @@ -140,8 +141,6 @@ Orang-orang yang khawatir dengan ancaman penyensoran dapat menggunakan teknologi Anda harus selalu mempertimbangkan risiko mencoba menerobos sensor, konsekuensi potensial, dan seberapa canggih musuh Anda. Anda harus berhati-hati dalam memilih perangkat lunak, dan memiliki rencana cadangan untuk berjaga-jaga seandainya Anda ketahuan. ---8<-- "includes/abbreviations.id.txt" - [^1]: Wikipedia: [*Pengawasan Massal*](https://en.wikipedia.org/wiki/Mass_surveillance) dan [*Pengawasan*](https://en.wikipedia.org/wiki/Surveillance). [^2]: Badan Pengawasan Privasi dan Kebebasan Sipil Amerika Serikat: [*Laporan tentang Program Rekaman Telepon yang Dilakukan berdasarkan Pasal 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Kapitalisme pengawasan*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/id/basics/email-security.md b/i18n/id/basics/email-security.md index b4a8732b0..f0c2fb579 100644 --- a/i18n/id/basics/email-security.md +++ b/i18n/id/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/multi-factor-authentication.md b/i18n/id/basics/multi-factor-authentication.md index 81bc62f6f..e95200130 100644 --- a/i18n/id/basics/multi-factor-authentication.md +++ b/i18n/id/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- -title: "Multi-Factor Authentication" +title: "Autentikasi Multifaktor" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/passwords-overview.md b/i18n/id/basics/passwords-overview.md index 7be192d69..6858d8b5b 100644 --- a/i18n/id/basics/passwords-overview.md +++ b/i18n/id/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/threat-modeling.md b/i18n/id/basics/threat-modeling.md index 15cad795c..e3ac3ff81 100644 --- a/i18n/id/basics/threat-modeling.md +++ b/i18n/id/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -98,7 +99,7 @@ Only once you have asked yourself these questions will you be in a position to a Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face. -## Further Reading +## Bacaan Lebih Lanjut For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/vpn-overview.md b/i18n/id/basics/vpn-overview.md index 04f761ca6..19d971fe6 100644 --- a/i18n/id/basics/vpn-overview.md +++ b/i18n/id/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks mengalihkan risiko dari ISP Anda ke pihak ketiga yang Anda percayai. Anda harus mengingat hal-hal ini. --- -Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). +Virtual Private Networks adalah cara untuk memperluas ujung jaringan Anda untuk keluar ke tempat lain di dunia. ISP dapat melihat arus lalu lintas internet yang masuk dan keluar dari perangkat terminasi jaringan Anda (misalnya modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/calendar.md b/i18n/id/calendar.md index a1f4af64e..bbcb033ad 100644 --- a/i18n/id/calendar.md +++ b/i18n/id/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/cloud.md b/i18n/id/cloud.md index 5e694672d..2bcc2596f 100644 --- a/i18n/id/cloud.md +++ b/i18n/id/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/cryptocurrency.md b/i18n/id/cryptocurrency.md new file mode 100644 index 000000000..a8d99b9ef --- /dev/null +++ b/i18n/id/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Lakukan transaksi dengan hati-hati hanya dengan proyek yang Anda percayai. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/id/data-redaction.md b/i18n/id/data-redaction.md index d2426c053..961594a8d 100644 --- a/i18n/id/data-redaction.md +++ b/i18n/id/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/desktop-browsers.md b/i18n/id/desktop-browsers.md index e1bb3815b..1c21c296f 100644 --- a/i18n/id/desktop-browsers.md +++ b/i18n/id/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.id.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/id/desktop.md b/i18n/id/desktop.md index 8003f3d23..2db4d1191 100644 --- a/i18n/id/desktop.md +++ b/i18n/id/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/dns.md b/i18n/id/dns.md index 75593fab5..ad862b426 100644 --- a/i18n/id/dns.md +++ b/i18n/id/dns.md @@ -1,49 +1,48 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. DNS terenkripsi tidak akan membantu Anda menyembunyikan aktivitas penjelajahan Anda. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} -## Recommended Providers +## Penyedia yang Direkomendasikan -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| Penyedia DNS | Kebijakan Privasi | Protokol | Pencatatan Log | ECS | Pemfilteran | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | -------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Beberapa[^1] | Tidak | Berdasarkan pilihan server. Daftar filter yang digunakan dapat ditemukan di sini. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Beberapa[^2] | Tidak | Berdasarkan pilihan server. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Opsional[^3] | Tidak | Berdasarkan pilihan server. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | Tidak[^4] | Tidak | Berdasarkan pilihan server. Daftar filter yang digunakan dapat ditemukan di sini. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Opsional[^5] | Opsional | Berdasarkan pilihan server. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Beberapa[^6] | Opsional | Berdasarkan pilihan server, pemblokiran malware secara default. | -## Criteria +## Kriteria -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Harap dicatat bahwa kami tidak berafiliasi dengan proyek-proyek yang kami rekomendasikan.** Selain [kriteria standar kami](about/criteria.md), kami telah mengembangkan serangkaian persyaratan yang jelas untuk memungkinkan kami memberikan rekomendasi yang objektif. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan riset sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda. -!!! example "This section is new" +!!! contoh "Bagian ini baru" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Kami sedang berupaya menetapkan kriteria yang ditentukan untuk setiap bagian dari situs kami, dan hal ini dapat berubah sewaktu-waktu. Jika Anda memiliki pertanyaan tentang kriteria kami, silakan [tanyakan di forum kami](https://discuss.privacyguides.net/latest) dan jangan berasumsi bahwa kami tidak mempertimbangkan sesuatu saat membuat rekomendasi jika tidak tercantum di sini. Ada banyak faktor yang dipertimbangkan dan didiskusikan saat kami merekomendasikan sebuah proyek, dan mendokumentasikan setiap faktor tersebut merupakan pekerjaan yang sedang berjalan. -- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). +- Harus mendukung [DNSSEC](advanced/dns-overview.md#what-is-dnssec). - [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. +- Izinkan [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) dinonaktifkan. - Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. -## Native Operating System Support +## Dukungan Sistem Operasi Asli ### Android -Android 9 and above support DNS over TLS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**. +Android 9 ke atas mendukung DNS melalui TLS. Pengaturan dapat ditemukan di: **Pengaturan** → **Jaringan & Internet** → **DNS Pribadi**. -### Apple Devices +### Perangkat Apple -The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings). +Versi terbaru iOS, iPadOS, tvOS, dan macOS, mendukung DoT dan DoH. Kedua protokol didukung secara bawaan melalui [profil konfigurasi](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) atau melalui [API Pengaturan DNS](https://developer.apple.com/documentation/networkextension/dns_settings). -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +Setelah pemasangan profil konfigurasi atau aplikasi yang menggunakan API Pengaturan DNS, konfigurasi DNS dapat dipilih. Jika VPN aktif, resolusi di dalam terowongan VPN akan menggunakan pengaturan DNS VPN dan bukan pengaturan seluruh sistem Anda. #### Signed Profiles @@ -51,27 +50,27 @@ Apple does not provide a native interface for creating encrypted DNS profiles. [ !!! info - `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + `systemd-resolved`, yang digunakan banyak distribusi Linux untuk melakukan pencarian DNS, belum [mendukung DoH](https://github.com/systemd/systemd/issues/8639). Jika Anda ingin menggunakan DoH, Anda perlu menginstal proxy seperti [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) dan [konfigurasikan] (https://wiki.archlinux.org/title/Dnscrypt-proxy) untuk mengambil semua permintaan DNS dari resolver sistem Anda dan meneruskannya melalui HTTPS. -## Encrypted DNS Proxies +## Proxy DNS Terenkripsi -Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). +Perangkat lunak proxy DNS terenkripsi menyediakan proxy lokal untuk [DNS tidak terenkripsi](advanced/dns-overview.md#unencrypted-dns) resolver untuk diteruskan. Biasanya digunakan pada platform yang tidak mendukung [DNS terenkripsi](advanced/dns-overview.md#what-is-encrypted-dns). ### RethinkDNS !!! recommendation - ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } - ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } + ![RethinkDNS logo ]( assets/img/android/rethinkdns.svg#only-light ){ align=right } + ![RethinkDNS logo ]( assets/img/android/rethinkdns-dark.svg#only-dark ){ align=right } - **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. + ** RethinkDNS ** adalah klien Android open - source yang mendukung [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) dan DNS Proxy bersama dengan tanggapan DNS cache, permintaan DNS logging lokal dan dapat digunakan sebagai firewall juga. - [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" } + [:octicons-home-16: Beranda ]( https://rethinkdns.com){ .md-button .md-button--primary } + [:octicons-eye-16:]( https://rethinkdns.com/privacy ){.card-link title=" Kebijakan Privasi "} + [:octicons-info-16:]( https://docs.rethinkdns.com/){.card-link title=Dokumentasi} + [:octicons-code-16:]( https://github.com/celzero/rethink-app ){.card-link title=" Kode Sumber "} - ??? downloads + ??? unduhan - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) @@ -80,26 +79,26 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad !!! recommendation - ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } + ![dnscrypt - proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } - **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). + **dnscrypt - proxy ** adalah proxy DNS dengan dukungan untuk [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), dan [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonimized-DNS). - !!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." + !!! peringatan "Fitur DNS anonim tidak [**tidak**]( advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) menganonimkan lalu lintas jaringan lainnya." - [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" } - [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute } + [:octicons-repo-16: Repositori](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Dokumentasi} + [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Kode Sumber" } + [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Kontribusi } - ??? downloads + ??? unduhan - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) -## Self-hosted Solutions +## Solusi yang dihosting sendiri -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. +Solusi DNS yang dihosting sendiri berguna untuk menyediakan penyaringan pada platform terkontrol, seperti Smart TV dan perangkat IoT lainnya, karena tidak ada perangkat lunak di sisi klien yang diperlukan. ### AdGuard Home @@ -116,7 +115,7 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } -### Pi-hole +### Pi - hole !!! recommendation @@ -132,11 +131,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.id.txt" - -[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) -[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) -[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) -[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) -[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) -[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) +[^1]: AdGuard menyimpan metrik kinerja agregat dari server DNS mereka, yaitu jumlah permintaan lengkap ke server tertentu, jumlah permintaan yang diblokir, dan kecepatan pemrosesan permintaan. Mereka juga menjaga dan menyimpan basis data domain yang diminta dalam waktu 24 jam terakhir. "Kami membutuhkan informasi ini untuk mengidentifikasi dan memblokir pelacak dan ancaman baru." "Kami juga mencatat berapa kali pelacak ini atau itu telah diblokir. Kami membutuhkan informasi ini untuk menghapus aturan usang dari filter kami." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) +[^2]: Cloudflare hanya mengumpulkan dan menyimpan data permintaan DNS terbatas yang dikirim ke resolver 1.1.1.1. Layanan resolver 1.1.1.1 tidak mencatat data pribadi, dan sebagian besar data kueri yang tidak dapat diidentifikasi secara pribadi hanya disimpan selama 25 jam. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) +[^3]: Control D hanya mencatat untuk resolver Premium dengan profil DNS khusus. Resolver gratis tidak mencatat data. [https://controld.com/privacy](https://controld.com/privacy) +[^4]: Layanan DNS Mullvad tersedia untuk pelanggan dan non-pelanggan Mullvad VPN. Kebijakan privasi mereka secara eksplisit mengklaim bahwa mereka tidak mencatat permintaan DNS dengan cara apa pun. [https://mullvad.net/en/help/no-logging-data-policy](https://mullvad.net/en/help/no-logging-data-policy/) +[^5]: NextDNS dapat menyediakan fitur wawasan dan pencatatan berdasarkan basis partisipasi. Anda dapat memilih waktu penyimpanan dan lokasi penyimpanan log untuk setiap log yang Anda pilih untuk disimpan. Jika tidak diminta secara khusus, tidak ada data yang dicatat. [https://nextdns.io/privacy](https://nextdns.io/privacy) +[^6]: Quad9 mengumpulkan beberapa data untuk tujuan pemantauan dan tanggapan ancaman. Data itu kemudian dapat dicampur ulang dan dibagikan, seperti untuk tujuan penelitian keamanan. Quad9 tidak mengumpulkan atau mencatat alamat IP atau data lain yang mereka anggap dapat diidentifikasi secara pribadi. [https://www.quad9.net/privacy/policy](https://www.quad9.net/privacy/policy/) diff --git a/i18n/id/email-clients.md b/i18n/id/email-clients.md index 05bfec198..eec0e2923 100644 --- a/i18n/id/email-clients.md +++ b/i18n/id/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/email.md b/i18n/id/email.md index ec800f76b..969306754 100644 --- a/i18n/id/email.md +++ b/i18n/id/email.md @@ -1,21 +1,34 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- -Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. +Email bisa dibilang merupakan kebutuhan untuk menggunakan layanan online apa pun, namun kami tidak merekomendasikannya untuk percakapan antar orang. Daripada menggunakan email untuk menghubungi orang lain, pertimbangkan untuk menggunakan media pesan instan yang mendukung kerahasiaan ke depan. -[Recommended Instant Messengers](real-time-communication.md ""){.md-button} +[Pesan Instan yang Direkomendasikan](real-time-communication.md ""){.md-button} -For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +Untuk yang lainnya, kami merekomendasikan berbagai penyedia email yang didasarkan pada model bisnis yang berkelanjutan serta fitur keamanan dan privasi bawaan. -## OpenPGP Compatible Services +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +## Layanan yang Kompatibel dengan OpenPGP -!!! warning +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Sebagai contoh, pengguna Proton Mail dapat mengirim pesan E2EE ke pengguna Mailbox.org, atau Anda dapat menerima notifikasi terenkripsi OpenPGP dari layanan internet yang mendukungnya. - When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
+ +!!! peringatan + + Ketika menggunakan teknologi E2EE seperti OpenPGP, email akan tetap memiliki beberapa metadata yang tidak dienkripsi di header email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) @@ -23,9 +36,9 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro !!! recommendation - ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + ![ Proton Mail logo ]( assets/img/email/protonmail.svg){ align=right } - **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + **Proton Mail** adalah layanan email dengan fokus pada privasi, enkripsi, keamanan, dan kemudahan penggunaan. Mereka telah beroperasi sejak **2013 **. Proton AG berbasis di Genewa, Swiss. Akun dimulai dengan penyimpanan 500 MB dengan paket gratis mereka. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -43,47 +56,47 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +Akun gratis memiliki beberapa keterbatasan, seperti tidak dapat mencari teks tubuh dan tidak memiliki akses ke [Proton Mail Bridge](https://proton.me/mail/bridge), yang diperlukan untuk menggunakan [klien email desktop yang direkomendasikan](email-clients.md) (misalnya Thunderbird). Akun berbayar mencakup fitur-fitur seperti Proton Mail Bridge, penyimpanan tambahan, dan dukungan domain khusus. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. +Jika Anda memiliki Paket Proton Unlimited, Bisnis, atau Visioner, Anda juga mendapatkan [SimpleLogin](#simplelogin) Premium secara gratis. -Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. +Proton Mail memiliki laporan kecelakaan internal yang tidak **** dibagikan kepada pihak ketiga. Ini dapat dinonaktifkan di: **Pengaturan** > **Buka Pengaturan** > **Akun** > **Keamanan dan privasi** > **Kirim laporan kerusakan**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. Penggunaan kunci keamanan U2F belum didukung. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Email ke akun Proton Mail lainnya dienkripsi secara otomatis, dan enkripsi ke alamat non-Proton Mail dengan kunci OpenPGP dapat diaktifkan dengan mudah di pengaturan akun Anda. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hal ini memungkinkan orang yang tidak menggunakan Proton Mail untuk menemukan kunci OpenPGP akun Proton Mail dengan mudah, untuk lintas-penyedia E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail tidak menawarkan fitur warisan digital. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. Setelah 30 hari, akun Anda akan menjadi tunggakan dan tidak akan menerima surat masuk. Anda akan terus ditagih selama periode ini. + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +Proton Mail menawarkan akun "Unlimited" seharga €9,99/Bulan, yang juga memungkinkan akses ke Proton VPN selain menyediakan beberapa akun, domain, alias, dan penyimpanan 500GB. ### Mailbox.org @@ -91,53 +104,64 @@ Proton Mail has internal crash reports that they **do not** share with third par ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right } - **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed. + **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Mereka telah beroperasi sejak 2014. Mailbox.org berbasis di Berlin, Jerman. Akun dimulai dengan penyimpanan 2 GB, yang dapat ditingkatkan sesuai kebutuhan. [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" } [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation} - ??? downloads + ??? unduhan - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. Namun, mereka menerima uang tunai melalui pos, pembayaran tunai ke rekening bank, transfer bank, kartu kredit, PayPal, dan beberapa prosesor khusus Jerman: paydirekt dan Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Pesan baru yang Anda terima akan segera dienkripsi dengan kunci publik Anda. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. Fitur ini berguna ketika penerima jarak jauh tidak memiliki OpenPGP dan tidak dapat mendekripsi salinan email di kotak surat mereka sendiri. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hal ini memungkinkan orang di luar Mailbox.org untuk menemukan kunci OpenPGP dari akun Mailbox.org dengan mudah, untuk lintas-penyedia E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org memiliki fitur warisan digital untuk semua paket. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## Penyedia Lainnya + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -146,53 +170,49 @@ Proton Mail has internal crash reports that they **do not** share with third par ![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right } ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right } - **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial. + **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail telah beroperasi sejak 2014 dan berbasis di Boulevard 11, Zeist Belanda. Akun dimulai dengan 10GB. Mereka menawarkan uji coba 30 hari. [:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary } [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" } [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation} - ??? downloads + ??? unduhan - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail menerima Visa, MasterCard, American Express, dan Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. Ketika Anda masuk, brankas dibuka, dan email kemudian dipindahkan ke brankas dari antrian di mana ia didekripsi oleh kunci pribadi yang sesuai. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail memungkinkan untuk proxy gambar dalam email. Jika Anda mengizinkan gambar jarak jauh dimuat, pengirim tidak akan tahu alamat IP Anda. ### Tutanota @@ -200,7 +220,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tutanota logo](assets/img/email/tutanota.svg){ align=right } - **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan. + **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota telah beroperasi sejak **2011** dan berbasis di Hanover, Jerman. Akun dimulai dengan penyimpanan 1GB dengan paket gratis mereka. [:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" } @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -376,18 +403,18 @@ For a more manual approach we've picked out these two articles: **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. -### Technology +### Teknologi We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** - Encrypts email account data at rest with zero-access encryption. - Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. - Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy. - Operates on owned infrastructure, i.e. not built upon third-party email service providers. -**Best Case:** +**Kasus Terbaik:** - Encrypts all account data (Contacts, Calendars, etc) at rest with zero-access encryption. - Integrated webmail E2EE/PGP encryption provided as a convenience. @@ -398,26 +425,26 @@ We regard these features as important in order to provide a safe and optimal ser - Catch-all or alias functionality for those who own their own domains. - Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. -### Privacy +### Privasi -We prefer our recommended providers to collect as little data as possible. +Kami lebih memilih penyedia yang kami rekomendasikan untuk mengumpulkan data sesedikit mungkin. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** - Protect sender's IP address. Filter it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR - Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/). -**Best Case:** +**Kasus Terbaik:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) -### Security +### Keamanan Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** - Protection of webmail with 2FA, such as TOTP. - Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. @@ -428,58 +455,56 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. - Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. -**Best Case:** +**Kasus Terbaik:** - Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. - Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). -- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Program bug-bounty dan/atau proses pengungkapan kerentanan yang terkoordinasi. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) -### Trust +### Kepercayaan -You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. +You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? Kami mewajibkan penyedia layanan yang kami rekomendasikan untuk terbuka mengenai kepemilikan atau kepemimpinan mereka. Kami juga ingin melihat laporan transparansi yang lebih sering, terutama dalam hal bagaimana permintaan pemerintah ditangani. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Public-facing leadership or ownership. +- Kepemimpinan atau kepemilikan yang berhadapan dengan publik. -**Best Case:** +**Kasus Terbaik:** -- Public-facing leadership. -- Frequent transparency reports. +- Kepemimpinan yang berhadapan dengan publik. +- Laporan transparansi yang sering. -### Marketing +### Pemasaran With the email providers we recommend we like to see responsible marketing. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** - Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. -Must not have any marketing which is irresponsible: +Tidak boleh melakukan pemasaran yang tidak bertanggung jawab: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Menjamin perlindungan anonimitas 100%. Ketika seseorang membuat klaim bahwa sesuatu itu 100%, itu berarti tidak ada kepastian untuk gagal. Kami tahu bahwa orang dapat dengan mudah menyamarkan nama mereka dengan beberapa cara, misalnya: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc) -- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- [Sidik jari peramban](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) -**Best Case:** +**Kasus Terbaik:** - Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. -### Additional Functionality +### Fungsionalitas Tambahan While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/encryption.md b/i18n/id/encryption.md index 2799f306b..ca8dffbf6 100644 --- a/i18n/id/encryption.md +++ b/i18n/id/encryption.md @@ -1,6 +1,7 @@ --- title: "Perangkat Lunak Enkripsi" icon: material/file-lock +description: Enkripsi data adalah satu-satunya cara untuk mengendalikan siapa saja yang dapat mengaksesnya. These tools allow you to encrypt your emails and any other files. --- Enkripsi data adalah satu-satunya cara untuk mengendalikan siapa saja yang dapat mengaksesnya. Jika saat ini Anda tidak menggunakan perangkat lunak enkripsi untuk perangkat penyimpanan, surel, atau berkas Anda, Anda seharusnya memilih opsi di sini. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/file-sharing.md b/i18n/id/file-sharing.md index 2f18e254e..3e79d791f 100644 --- a/i18n/id/file-sharing.md +++ b/i18n/id/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/financial-services.md b/i18n/id/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/id/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/id/frontends.md b/i18n/id/frontends.md index 01dbbeb88..7f245f412 100644 --- a/i18n/id/frontends.md +++ b/i18n/id/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/index.md b/i18n/id/index.md index 2d9d4861e..0e68ed756 100644 --- a/i18n/id/index.md +++ b/i18n/id/index.md @@ -40,5 +40,3 @@ Mencoba untuk melindungi semua data Anda dari semua orang setiap saat tidaklah p [:material-hand-coin-outline:](about/donate.md){ title="Dukung proyek ini" } Ini penting bagi situs web seperti Privacy Guides untuk selalu mendapatkan informasi yang terbaru. Kami membutuhkan audiens kami untuk mengawasi pembaruan perangkat lunak untuk aplikasi yang terdaftar di situs kami dan mengikuti berita terbaru tentang penyedia yang kami rekomendasikan. Memang sulit untuk mengimbangi kecepatan internet yang begitu cepat, tetapi kami berusaha sebaik mungkin. Jika Anda menemukan kesalahan, merasa bahwa sebuah penyedia tidak seharusnya terdaftar, melihat penyedia yang memenuhi syarat tidak ada, merasa plugin peramban tidak lagi menjadi pilihan terbaik, atau menemukan masalah lain, silakan beri tahu kami. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/kb-archive.md b/i18n/id/kb-archive.md index 95df3f6b7..0759938bb 100644 --- a/i18n/id/kb-archive.md +++ b/i18n/id/kb-archive.md @@ -1,11 +1,12 @@ --- title: Arsip Basis Pengetahuan icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Halaman Dipindahkan ke Blog -Beberapa halaman yang dulunya ada di basis pengetahuan kami sekarang dapat ditemukan di blog kami: +Some pages that used to be in our knowledge base can now be found on our blog: - [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) - [Pengerasan Konfigurasi Signal](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) @@ -14,5 +15,3 @@ Beberapa halaman yang dulunya ada di basis pengetahuan kami sekarang dapat ditem - [Penghapusan Data Aman](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Mengintegrasikan Penghapusan Metadata](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [Panduan Konfigurasi iOS](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/meta/brand.md b/i18n/id/meta/brand.md index eb339fa6c..1827f02a5 100644 --- a/i18n/id/meta/brand.md +++ b/i18n/id/meta/brand.md @@ -2,7 +2,7 @@ title: Branding Guidelines --- -The name of the website is **Privacy Guides** and should **not** be changed to: +Nama situs web adalah **Privacy Guides** dan **tidak boleh** diubah menjadi:
- PrivacyGuides @@ -11,14 +11,12 @@ The name of the website is **Privacy Guides** and should **not** be changed to: - PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. +Nama subreddit adalah **r/PrivacyGuides** atau **Privacy Guides Subreddit**. Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) -## Trademark +## Merek dagang "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. -Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.id.txt" +Tanpa mengesampingkan hak - haknya, Privacy Guides tidak menyarankan orang lain tentang ruang lingkup hak kekayaan intelektualnya. Privacy Guides tidak mengizinkan atau menyetujui penggunaan merek dagangnya dengan cara apa pun yang dapat menyebabkan kebingungan dengan menyiratkan hubungan dengan atau sponsor oleh Privacy Guides. Jika Anda mengetahui adanya penggunaan semacam itu, silakan hubungi Jonah Aragon di jonah@privacyguides.org. Konsultasikan dengan penasihat hukum Anda jika Anda memiliki pertanyaan. diff --git a/i18n/id/meta/git-recommendations.md b/i18n/id/meta/git-recommendations.md index 97140bc97..d6af4ccd1 100644 --- a/i18n/id/meta/git-recommendations.md +++ b/i18n/id/meta/git-recommendations.md @@ -1,8 +1,8 @@ --- -title: Git Recommendations +title: Rekomendasi Git --- -If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. +Jika Anda membuat perubahan pada situs web ini di editor web GitHub.com secara langsung, Anda tidak perlu khawatir tentang hal ini. Jika Anda mengembangkan secara lokal dan/atau merupakan editor situs web jangka panjang (yang mungkin harus mengembangkan secara lokal!), pertimbangkan rekomendasi ini. ## Enable SSH Key Commit Signing @@ -28,21 +28,19 @@ Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/ ## Rebase on Git pull -Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo). +Gunakan `git pull --rebase` alih-alih `git pull` saat menarik perubahan dari GitHub ke mesin lokal Anda. Dengan cara ini perubahan lokal Anda akan selalu "di atas" perubahan terbaru di GitHub, dan Anda menghindari komit gabungan (yang dilarang dalam repo ini). -You can set this to be the default behavior: +Anda dapat mengatur ini menjadi perilaku default: ``` git config --global pull.rebase true ``` -## Rebase from `main` before submitting a PR +## Rebase dari `utama` sebelum mengirimkan PR -If you are working on your own branch, run these commands before submitting a PR: +Jika Anda bekerja pada cabang Anda sendiri, jalankan perintah ini sebelum mengirimkan PR: ``` git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/meta/uploading-images.md b/i18n/id/meta/uploading-images.md index 49454204c..1ff6df76e 100644 --- a/i18n/id/meta/uploading-images.md +++ b/i18n/id/meta/uploading-images.md @@ -1,23 +1,23 @@ --- -title: Uploading Images +title: Mengunggah Gambar --- -Here are a couple of general rules for contributing to Privacy Guides: +Berikut ini adalah beberapa aturan umum untuk berkontribusi pada Privacy Guides: -## Images +## Gambar -- We **prefer** SVG images, but if those do not exist we can use PNG images +- Kami **lebih suka** gambar SVG, tetapi jika tidak ada, kami dapat menggunakan gambar PNG -Company logos have canvas size of: +Logo perusahaan memiliki ukuran kanvas: - 128x128px - 384x128px -## Optimization +## Optimasi ### PNG -Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image: +Gunakan [OptiPNG](https://sourceforge.net/projects/optipng/) untuk mengoptimalkan gambar PNG: ```bash optipng -o7 file.png @@ -29,42 +29,42 @@ optipng -o7 file.png [Scour](https://github.com/scour-project/scour) all SVG images. -In Inkscape: +Dalam Inkscape: -1. File Save As.. +1. Simpan Berkas Sebagai.. 2. Set type to Optimized SVG (*.svg) -In the **Options** tab: +Pada tab **Opsi**: -- **Number of significant digits for coordinates** > **5** -- [x] Turn on **Shorten color values** -- [x] Turn on **Convert CSS attributes to XML attributes** -- [x] Turn on **Collapse groups** -- [x] Turn on **Create groups for similar attributes** -- [ ] Turn off **Keep editor data** -- [ ] Turn off **Keep unreferenced definitions** -- [x] Turn on **Work around renderer bugs** +- **Jumlah digit signifikan untuk koordinat** > **5** +- [x] Aktifkan **Persingkat nilai warna** +- [x] Aktifkan **Konversi atribut CSS ke atribut XML** +- [x] Aktifkan **Runtuhkan grup** +- [x] Aktifkan **Buat grup untuk atribut serupa** +- [ ] Matikan **Simpan data editor** +- [ ] Matikan **Simpan definisi yang tidak direferensikan** +- [x] Hidupkan **Bekerja di sekitar bug renderer** -In the **SVG Output** tab under **Document options**: +Pada tab **SVG Output** di bawah **Opsi dokumen**: -- [ ] Turn off **Remove the XML declaration** -- [x] Turn on **Remove metadata** -- [x] Turn on **Remove comments** -- [x] Turn on **Embeded raster images** -- [x] Turn on **Enable viewboxing** +- [ ] Matikan **Hapus deklarasi XML** +- [x] Aktifkan **Hapus metadata** +- [x] Aktifkan **Hapus komentar** +- [x] Aktifkan **Gambar raster yang disematkan** +- [x] Aktifkan **Aktifkan viewboxing** In the **SVG Output** under **Pretty-printing**: - [ ] Turn off **Format output with line-breaks and indentation** - **Indentation characters** > Select **Space** -- **Depth of indentation** > **1** +- **Kedalaman lekukan** > **1** - [ ] Turn off **Strip the "xml:space" attribute from the root SVG element** -In the **IDs** tab: +Pada tab **IDs**: -- [x] Turn on **Remove unused IDs** -- [ ] Turn off **Shorten IDs** -- **Prefix shortened IDs with** > `leave blank` +- [x] Aktifkan **Hapus ID yang tidak digunakan** +- [] Nonaktifkan **Persingkat ID** +- **Awalan ID singkat dengan** > `biarkan kosong` - [x] Turn on **Preserve manually created IDs not ending with digits** - **Preserve the following IDs** > `leave blank` - **Preserve IDs starting with** > `leave blank` @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/meta/writing-style.md b/i18n/id/meta/writing-style.md index 3476ab635..8a1234bb7 100644 --- a/i18n/id/meta/writing-style.md +++ b/i18n/id/meta/writing-style.md @@ -1,89 +1,87 @@ --- -title: Writing Style +title: Gaya Penulisan --- -Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt. +Privacy Guides ditulis dalam bahasa Inggris Amerika, dan Anda harus merujuk ke [pedoman Gaya APA](https://apastyle.apa.org/style-grammar-guidelines/grammar) jika ragu. -In general the [United States federal plain language guidelines](https://www.plainlanguage.gov/guidelines/) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below. +Secara umum, [pedoman bahasa sederhana federal Amerika Serikat](https://www.plainlanguage.gov/guidelines/) memberikan gambaran umum yang baik tentang cara menulis dengan jelas dan ringkas. Kami menyoroti beberapa catatan penting dari panduan ini di bawah ini. -## Writing for our audience +## Menulis untuk audiens kami Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. -### Address only what people want to know +### Sampaikan hanya apa yang ingin diketahui oleh orang lain -People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details. +Orang tidak membutuhkan artikel yang terlalu rumit dengan sedikit relevansi bagi mereka. Cari tahu apa yang Anda ingin orang capai saat menulis artikel, dan hanya sertakan detail itu. -> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.” +> Beri tahu audiens Anda mengapa materi itu penting bagi mereka. Katakanlah, "Jika Anda menginginkan hibah penelitian, inilah yang harus Anda lakukan." Or, “If you want to mine federal coal, here’s what you should know.” Atau, "Jika Anda merencanakan perjalanan ke Rwanda, bacalah ini terlebih dahulu." ### Address people directly -We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly. +Kami menulis *untuk* berbagai macam orang, tetapi kami menulis *untuk* orang yang benar-benar membacanya. Use "you" to address the reader directly. > More than any other single technique, using “you” pulls users into the information and makes it relevant to them. > > When you use “you” to address users, they are more likely to understand what their responsibility is. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) -### Avoid "users" +### Hindari "pengguna" -Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for. +Hindari menyebut orang sebagai "pengguna", lebih baik gunakan "orang", atau deskripsi yang lebih spesifik tentang kelompok orang yang Anda tulis. -## Organizing content +## Mengatur konten -Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. +Organisasi adalah kuncinya. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. -- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages. -- Mark important ideas with **bold** or *italics*. +- Batasi dokumen menjadi sekitar lima atau enam bagian. Dokumen panjang mungkin harus dipecah menjadi halaman terpisah. +- Tandai ide-ide penting dengan **cetak tebal** atau *cetak miring*. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) -### Begin with a topic sentence +### Mulailah dengan kalimat topik -> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details. +> Jika Anda memberi tahu pembaca apa yang akan mereka baca, kemungkinan besar mereka tidak perlu membaca paragraf Anda lagi. Judul memang membantu, tetapi tidak cukup. Tetapkan konteks untuk audiens Anda sebelum Anda memberi mereka detailnya. > -> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. +> Kita sering menulis sesuai dengan cara kita berpikir, dengan mengutamakan premis-premis kita terlebih dahulu, baru kemudian kesimpulan. Ini mungkin cara alami untuk mengembangkan pikiran, tetapi kita berakhir dengan kalimat topik di akhir paragraf. Pindahkan ke depan dan beri tahu pengguna ke mana tujuan Anda. Jangan membuat pembaca menyimpan banyak informasi di kepala mereka sebelum sampai ke intinya. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) -## Choose your words carefully +## Pilih kata-kata Anda dengan hati-hati -> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. +> Kata-kata itu penting. Mereka adalah blok bangunan paling dasar dari komunikasi tertulis dan lisan. Jangan mempersulit dengan menggunakan jargon, istilah teknis, atau singkatan yang tidak dimengerti orang. -We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly. +Kita harus mencoba menghindari singkatan jika memungkinkan, tetapi teknologi penuh dengan singkatan. Secara umum, menguraikan singkatan/akronim pertama kali digunakan pada halaman, dan menambahkan singkatan ke file glosarium singkatan ketika digunakan berulang kali. -> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: +> Kathy McGinty memberikan petunjuk yang mudah dipahami untuk meningkatkan kalimat-kalimat Anda yang sederhana dan langsung: > -> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends. +> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. pada akhir pekan. > -> And the original, using stronger, simpler words: +> Dan yang asli, menggunakan kata-kata yang lebih kuat dan lebih sederhana: > -> > More night jobs would keep youths off the streets. +> > Lebih banyak pekerjaan malam akan menjauhkan anak muda dari jalanan. ## Be concise -> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective. +> Kata-kata yang tidak perlu akan membuang waktu audiens Anda. Tulisan yang bagus itu seperti sebuah percakapan. Omit information that the audience doesn’t need to know. Hal ini bisa menjadi sulit sebagai seorang ahli materi, jadi penting untuk memiliki seseorang yang melihat informasi dari sudut pandang audiens. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) ## Keep text conversational -> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting. +> Kata kerja adalah bahan bakar untuk menulis. Mereka memberikan kekuatan dan arah pada kalimat Anda. Mereka menghidupkan tulisan Anda dan membuatnya lebih menarik. > -> Verbs tell your audience what to do. Make sure it’s clear who does what. +> Kata kerja memberi tahu audiens Anda apa yang harus dilakukan. Pastikan jelas siapa yang melakukan apa. -### Use active voice +### Gunakan suara aktif -> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.” +> Suara aktif memperjelas siapa yang seharusnya melakukan apa. Hal ini menghilangkan ambiguitas tentang tanggung jawab. Bukan "Ini harus dilakukan," tetapi "Anda harus melakukannya." -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) -### Use "must" for requirements +### Gunakan "harus" untuk persyaratan -> - “must” for an obligation -> - “must not” for a prohibition +> - "harus" untuk suatu kewajiban +> - "tidak boleh" untuk sebuah larangan > - “may” for a discretionary action -> - “should” for a recommendation - ---8<-- "includes/abbreviations.id.txt" +> - "harus" untuk sebuah rekomendasi diff --git a/i18n/id/mobile-browsers.md b/i18n/id/mobile-browsers.md index c536f1d8d..d7adee8f3 100644 --- a/i18n/id/mobile-browsers.md +++ b/i18n/id/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/multi-factor-authentication.md b/i18n/id/multi-factor-authentication.md index ad34f4cae..41030fe3b 100644 --- a/i18n/id/multi-factor-authentication.md +++ b/i18n/id/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/news-aggregators.md b/i18n/id/news-aggregators.md index 889574555..2dad5ac09 100644 --- a/i18n/id/news-aggregators.md +++ b/i18n/id/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/notebooks.md b/i18n/id/notebooks.md index 74ec79463..0739f6680 100644 --- a/i18n/id/notebooks.md +++ b/i18n/id/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/os/android-overview.md b/i18n/id/os/android-overview.md index c666269c2..a78631a2a 100644 --- a/i18n/id/os/android-overview.md +++ b/i18n/id/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/os/linux-overview.md b/i18n/id/os/linux-overview.md index 62e18ca5e..8ec2c9e78 100644 --- a/i18n/id/os/linux-overview.md +++ b/i18n/id/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/os/qubes-overview.md b/i18n/id/os/qubes-overview.md index d392cac60..17b286b9f 100644 --- a/i18n/id/os/qubes-overview.md +++ b/i18n/id/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/passwords.md b/i18n/id/passwords.md index 05167fd7b..e81f1186e 100644 --- a/i18n/id/passwords.md +++ b/i18n/id/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/productivity.md b/i18n/id/productivity.md index 6c8ecbe7b..4490325da 100644 --- a/i18n/id/productivity.md +++ b/i18n/id/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/real-time-communication.md b/i18n/id/real-time-communication.md index a93956076..68f9d767b 100644 --- a/i18n/id/real-time-communication.md +++ b/i18n/id/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/router.md b/i18n/id/router.md index 13c6d37bb..a494c017d 100644 --- a/i18n/id/router.md +++ b/i18n/id/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/search-engines.md b/i18n/id/search-engines.md index 3f8752854..911525d7d 100644 --- a/i18n/id/search-engines.md +++ b/i18n/id/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/tools.md b/i18n/id/tools.md index 21dc342ec..ef945a945 100644 --- a/i18n/id/tools.md +++ b/i18n/id/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/tor.md b/i18n/id/tor.md index 55560121a..ce93c961d 100644 --- a/i18n/id/tor.md +++ b/i18n/id/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/video-streaming.md b/i18n/id/video-streaming.md index 05595a751..8f8ebd0b8 100644 --- a/i18n/id/video-streaming.md +++ b/i18n/id/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/vpn.md b/i18n/id/vpn.md index a3242d3ec..b75d19c81 100644 --- a/i18n/id/vpn.md +++ b/i18n/id/vpn.md @@ -1,107 +1,47 @@ --- -title: "VPN Services" +title: "Layanan VPN" icon: material/vpn +description: Ini adalah layanan VPN terbaik untuk melindungi privasi dan keamanan daring Anda. Temukan penyedia di sini yang tidak memata-matai Anda. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +Jika Anda mencari **privasi tambahan** dari ISP Anda, pada jaringan Wi-Fi publik, atau saat melakukan torrent file, VPN bisa jadi solusi untuk Anda selama Anda memahami risiko yang ada. Menurut kami, penyedia layanan ini adalah yang terbaik di antara yang lain: -??? danger "VPNs do not provide anonymity" +
- Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. +- ![Logo IVPN](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Logo Mullvad](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Logo Proton VPN](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPN tidak menyediakan anonimitas" + + Menggunakan VPN **tidak** akan menjaga kebiasaan jelajah Anda tetap anonim, dan juga tidak akan menambah keamanan tambahan pada lalu lintas yang tidak aman (HTTP). - If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + Jika Anda membutuhkan **anonimitas**, Anda sebaiknya menggunakan Tor Browser **daripada** menggunakan VPN. - If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + Jika Anda membutuhkan **keamanan** tambahan, Anda harus selalu memastikan bahwa Anda terhubung ke situs web menggunakan HTTPS. VPN bukanlah pengganti praktik keamanan yang baik. - [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } + [Unduh Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mitos Tor & Soal Sering Ditanya](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" +[Ikhtisar VPN Terperinci :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +## Penyedia yang Direkomendasikan -## Recommended Providers - -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Penyedia yang kami rekomendasikan menggunakan enkripsi, menerima Monero, mendukung WireGuard & OpenVPN, dan memiliki kebijakan tanpa pencatatan. Baca [daftar lengkap kriteria kami](#criteria) untuk informasi lebih lanjut. ### IVPN !!! recommendation - ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } + ![Logo IVPN](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar. + **IVPN** adalah penyedia VPN premium, dan mereka telah beroperasi sejak 2009. IVPN berbasis di Gibraltar. - [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" } + [:octicons-home-16: Laman Beranda](https://www.ivpn.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Kebijakan Privasi" } + [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Dokumentasi} + [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Kode Sumber" } ??? downloads @@ -111,57 +51,58 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Negara - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN memiliki server [di 35 negara](https://www.ivpn.net/server-locations).(1) Memilih penyedia VPN dengan server terdekat dengan Anda akan mengurangi latensi lalu lintas jaringan yang Anda kirim. Ini karena rute yang lebih pendek (lebih sedikit loncatan) ke tempat tujuan. +{ .annotate } -1. Last checked: 2022-09-16 +1. Terakhir diperiksa: 2022-09-16 -??? success "Independently Audited" +Kami juga berpikir akan lebih baik untuk keamanan kunci pribadi penyedia VPN jika mereka menggunakan [server khusus](https://en.wikipedia.org/wiki/Dedicated_hosting_service), daripada solusi berbagi pakai yang lebih murah (dengan pelanggan lain) seperti [peladen pribadi virtual](https://id.wikipedia.org/wiki/Peladen_pribadi_virtual). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Diaudit Secara Independen -??? success "Open-Source Clients" +IVPN telah menjalani [audit tanpa pencatatan dari Cure53](https://cure53.de/audit-report_ivpn.pdf) yang menyimpulkan bahwa klaim tanpa pencatatan dari IVPN disetujui. IVPN juga telah menyelesaikan [laporan pentest komprehensif Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) pada Januari 2020. IVPN juga mengatakan bahwa mereka berencana untuk memiliki [laporan tahunan](https://www.ivpn.net/blog/independent-security-audit-concluded) di masa depan. Tinjauan lebih lanjut dilakukan [pada bulan April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) dan diproduksi oleh Cure53 [di situs web mereka](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Klien Sumber Terbuka -??? success "Accepts Cash and Monero" +Pada Februari 2020 [aplikasi IVPN sekarang menjadi sumber terbuka](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Kode sumber dapat diperoleh dari [organisasi GitHub](https://github.com/ivpn) mereka. - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Menerima Uang Tunai dan Monero -??? success "WireGuard Support" +Selain menerima kartu kredit/debit dan PayPal, IVPN menerima Bitcoin, **Monero** dan **uang tunai/mata uang lokal** (pada paket tahunan) sebagai bentuk pembayaran anonim. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } Dukungan WireGuard -??? success "Remote Port Forwarding" +IVPN mendukung protokol WireGuard®. [WireGuard](https://www.wireguard.com) adalah protokol yang lebih baru yang menggunakan kriptografi [yang canggih](https://www.wireguard.com/protocol/). Selain itu, WireGuard bertujuan untuk menjadi lebih sederhana dan lebih berkinerja. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [merekomendasikan](https://www.ivpn.net/wireguard/) penggunaan WireGuard dengan layanan mereka dan, dengan demikian, protokol ini merupakan standar pada semua aplikasi IVPN. IVPN juga menawarkan generator konfigurasi WireGuard untuk digunakan dengan [aplikasi resmi](https://www.wireguard.com/install/) WireGuard. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Penerusan Porta Jarak Jauh - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +[Penerusan porta jarak jauh](https://en.wikipedia.org/wiki/Port_forwarding) dimungkinkan dengan paket Pro. Port forwarding [dapat diaktifkan](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) melalui area klien. Penerusan porta jarak kauh hanya tersedia di IVPN ketika menggunakan protokol WireGuard atau OpenVPN dan [dinonaktifkan di server AS](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Klien Ponsel - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +Selain menyediakan berkas konfigurasi OpenVPN standar, IVPN memiliki klien ponsel untuk [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), dan [GitHub](https://github.com/ivpn/android-app/releases) yang memungkinkan koneksi yang mudah ke server mereka. + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +Klien IVPN mendukung autentikasi dua faktor (klien Mullvad tidak). IVPN juga menyediakan fungsionalitas "[AntiTracker](https://www.ivpn.net/antitracker)", yang memblokir jaringan iklan dan pelacak dari tingkat jaringan. ### Mullvad !!! recommendation - ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } + ![Logo Mullvad](assets/img/vpn/mullvad.svg){ align=right } - **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial. + **Mullvad** adalah VPN yang cepat dan murah dengan fokus serius pada transparansi dan keamanan. Mereka telah beroperasi sejak **2009**. Mullvad berbasis di Swedia dan tidak memiliki uji coba gratis. - [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } - [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" } + [:octicons-home-16: Laman Beranda](https://mullvad.net){ .md-button .md-button--primary } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Layanan Onion" } + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Kebijakan Privasi" } + [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Dokumentasi} + [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Kode Sumber" } ??? downloads @@ -172,152 +113,215 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Negara - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +Mullvad memiliki server [di 41 negara](https://mullvad.net/servers/).(1) Memilih penyedia VPN dengan server terdekat dengan Anda akan mengurangi latensi lalu lintas jaringan yang Anda kirim. Ini karena rute yang lebih pendek (lebih sedikit loncatan) ke tempat tujuan. +{ .annotate } + +1. Terakhir diperiksa: 2023-01-19 + +Kami juga berpikir akan lebih baik untuk keamanan kunci pribadi penyedia VPN jika mereka menggunakan [server khusus](https://en.wikipedia.org/wiki/Dedicated_hosting_service), daripada solusi berbagi pakai yang lebih murah (dengan pelanggan lain) seperti [peladen pribadi virtual](https://id.wikipedia.org/wiki/Peladen_pribadi_virtual). + +#### :material-check:{ .pg-green } Diaudit Secara Independen + +Klien VPN Mullvad telah diaudit oleh Cure53 dan Assured AB dalam laporan pentest [yang diterbitkan di cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Para peneliti keamanan menyimpulkan: + +> Cure53 dan Assured AB senang dengan hasil audit dan perangkat lunak ini meninggalkan kesan positif secara keseluruhan. Dengan dedikasi keamanan dari tim internal di kompleks VPN Mullvad, para penguji tidak meragukan proyek ini berada di jalur yang benar dari sudut pandang keamanan. + +Pada tahun 2020, audit kedua [diumumkan](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) dan laporan audit akhir [](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) tersedia di situs web Cure53: + +> Hasil dari proyek Mei-Juni 2020 yang menargetkan kompleks Mullvad ini cukup positif. [...] Keseluruhan ekosistem aplikasi yang digunakan oleh Mullvad meninggalkan kesan yang baik dan terstruktur. Struktur keseluruhan aplikasi memudahkan untuk meluncurkan patch dan perbaikan secara terstruktur. Lebih dari segalanya, temuan yang ditemukan oleh Cure53 menunjukkan pentingnya untuk terus mengaudit dan menilai ulang vektor kebocoran saat ini, untuk selalu memastikan privasi pengguna akhir. Dengan demikian, Mullvad melakukan pekerjaan yang sangat baik dalam melindungi pengguna akhir dari kebocoran PII yang umum terjadi dan risiko terkait privasi. + +Pada tahun 2021, audit kedua [diumumkan](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) dan laporan audit akhir [](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) tersedia di situs web Cure53. Laporan lain ditugaskan [pada bulan Juni 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) dan tersedia di situs web [Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Klien Sumber Terbuka + +Mullvad menyediakan kode sumber untuk klien desktop dan seluler mereka di [organisasi GitHub](https://github.com/mullvad/mullvadvpn-app) mereka. + +#### :material-check:{ .pg-green } Menerima Uang Tunai dan Monero + +Mullvad, selain menerima kartu kredit/debit dan PayPal, juga menerima Bitcoin, Bitcoin Cash, **Monero** dan **uang tunai/mata uang lokal** sebagai bentuk pembayaran anonim. Mereka juga menerima transfer Swish dan transfer bank. + +#### :material-check:{ .pg-green } Dukungan WireGuard + +Mullvad mendukung protokol WireGuard®. [WireGuard](https://www.wireguard.com) adalah protokol yang lebih baru yang menggunakan kriptografi [yang canggih](https://www.wireguard.com/protocol/). Selain itu, WireGuard bertujuan untuk menjadi lebih sederhana dan lebih berkinerja. + +Mullvad [merekomendasikan](https://mullvad.net/en/help/why-wireguard/) penggunaan WireGuard dengan layanan mereka. Ini adalah protokol default atau satu-satunya protokol pada aplikasi Mullvad di Android, iOS, macOS, dan Linux, tetapi pada Windows Anda harus [secara manual mengaktifkan](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad juga menawarkan generator konfigurasi WireGuard untuk digunakan dengan [aplikasi resmi](https://www.wireguard.com/install/) WireGuard. + +#### :material-check:{ .pg-green } Dukungan IPv6 + +Mullvad mendukung masa depan jaringan [IPv6](https://id.wikipedia.org/wiki/IPv6). Jaringan mereka memungkinkan Anda untuk [mengakses layanan yang dihosting pada IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) dibandingkan dengan penyedia lain yang memblokir koneksi IPv6. + +#### :material-check:{ .pg-green } Penerusan Porta Jarak Jauh + +[Penerusan porta jarak jauh](https://en.wikipedia.org/wiki/Port_forwarding) diperbolehkan untuk orang yang melakukan pembayaran satu kali, tetapi tidak diperbolehkan untuk akun dengan metode pembayaran berulang/berlangganan. Hal ini untuk mencegah Mullvad mengidentifikasi Anda berdasarkan penggunaan porta dan informasi langganan yang tersimpan. Lihat [Penerusan porta dengan Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) untuk informasi lebih lanjut. + +#### :material-check:{ .pg-green } Klien Ponsel + +Mullvad telah menerbitkan klien [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) dan [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), keduanya mendukung antarmuka yang mudah digunakan dan tidak mengharuskan Anda untuk mengkonfigurasi koneksi WireGuard secara manual. Klien Android juga tersedia di [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +Mullvad sangat transparan tentang node mana yang mereka [miliki atau sewa](https://mullvad.net/en/servers/). Mereka menggunakan [ShadowSocks](https://shadowsocks.org/) dalam konfigurasi ShadowSocks + OpenVPN mereka, membuat mereka lebih tahan terhadap tembok api dengan [Inspeksi Paket Dalam](https://en.wikipedia.org/wiki/Deep_packet_inspection) yang mencoba memblokir VPN. Seharusnya, [Cina harus menggunakan metode yang berbeda untuk memblokir server ShadowSocks](https://github.com/net4people/bbs/issues/22). Situs web Mullvad juga dapat diakses melalui Tor di [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Logo Proton VPN](assets/img/vpn/protonvpn.svg){ align=right } - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2023-01-19 - -??? success "Independently Audited" - - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + **Proton VPN** adalah pesaing kuat dalam bidang VPN, dan mereka telah beroperasi sejak 2016. Proton AG berbasis di Swiss dan menawarkan tingkat gratis terbatas, serta opsi premium yang lebih berfitur. - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + [:octicons-home-16: Laman Beranda](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Kebijakan Privasi" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Dokumentasi} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Kode Sumber" } - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + ??? downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Negara - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN memiliki server [di 67 negara](https://protonvpn.com/vpn-servers).(1) Memilih penyedia VPN dengan server terdekat dengan Anda akan mengurangi latensi lalu lintas jaringan yang Anda kirim. Ini karena rute yang lebih pendek (lebih sedikit loncatan) ke tempat tujuan. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Terakhir diperiksa: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +Kami juga berpikir akan lebih baik untuk keamanan kunci pribadi penyedia VPN jika mereka menggunakan [server khusus](https://en.wikipedia.org/wiki/Dedicated_hosting_service), daripada solusi berbagi pakai yang lebih murah (dengan pelanggan lain) seperti [peladen pribadi virtual](https://id.wikipedia.org/wiki/Peladen_pribadi_virtual). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Diaudit Secara Independen - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Pada Januari 2020, Proton VPN telah menjalani audit independen oleh SEC Consult. SEC Consult menemukan beberapa kerentanan berisiko sedang dan rendah di aplikasi Proton VPN di Windows, Android, dan iOS, yang semuanya telah "diperbaiki dengan benar" oleh Proton VPN sebelum laporan diterbitkan. Tidak satu pun dari masalah yang diidentifikasi akan memberikan penyerang akses jarak jauh ke perangkat atau lalu lintas Anda. Anda dapat melihat laporan individual untuk setiap platform di [protonvpn.com](https://protonvpn.com/blog/open-source/). Pada bulan April 2022, Proton VPN menjalani [audit lagi](https://protonvpn.com/blog/no-logs-audit/) dan laporannya [dibuat oleh Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). [Surat pengesahan ](https://proton.me/blog/security-audit-all-proton-apps) diberikan untuk aplikasi Proton VPN pada tanggal 9 November 2021 oleh [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Klien Sumber Terbuka - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN menyediakan kode sumber untuk klien desktop dan seluler mereka di [organisasi GitHub](https://github.com/ProtonVPN) mereka. -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Menerima Uang Tunai - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, selain menerima kartu kredit/debit, PayPal, dan [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), juga menerima **uang tunai/mata uang lokal** sebagai bentuk pembayaran anonim. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Dukungan WireGuard - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN sebagian besar mendukung protokol WireGuard®. [WireGuard](https://www.wireguard.com) adalah protokol yang lebih baru yang menggunakan kriptografi [yang canggih](https://www.wireguard.com/protocol/). Selain itu, WireGuard bertujuan untuk menjadi lebih sederhana dan lebih berkinerja. -??? info "Additional Functionality" +Proton VPN [merekomendasikan](https://protonvpn.com/blog/wireguard/) penggunaan WireGuard dengan layanan mereka. Pada aplikasi Proton VPN di Windows, macOS, iOS, Android, Android, ChromeOS, dan Android TV, WireGuard merupakan protokol bawaan; namun, [dukungan](https://protonvpn.com/support/how-to-change-vpn-protocols/) untuk protokol ini tidak ada pada aplikasi Linux mereka. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Penerusan Porta Jarak Jauh -## Criteria +Proton VPN saat ini hanya mendukung penerusan porta [jarak jauh](https://protonvpn.com/support/port-forwarding/) di Windows, yang mungkin berdampak pada beberapa aplikasi. Terutama aplikasi peer-to-peer seperti klien Torrent. + +#### :material-check:{ .pg-green } Klien Ponsel + +Selain menyediakan file konfigurasi OpenVPN standar, Proton VPN memiliki klien seluler untuk [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), dan [GitHub](https://github.com/ProtonVPN/android-app/releases) yang memungkinkan koneksi yang mudah ke server mereka. + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +Klien Proton VPN mendukung autentikasi dua faktor di semua platform kecuali Linux saat ini. Proton VPN memiliki server dan pusat data mereka sendiri di Swiss, Islandia, dan Swedia. Mereka menawarkan pemblokiran iklan dan pemblokiran domain malware yang dikenal dengan layanan DNS mereka. Selain itu, Proton VPN juga menawarkan server "Tor" yang memungkinkan Anda untuk dengan mudah terhubung ke situs-situs onion, tetapi kami masih sangat menyarankan untuk menggunakan [Tor Browser resmi](https://www.torproject.org/) untuk tujuan ini. + +#### :material-alert-outline:{ .pg-orange } Fitur killswitch rusak pada Mac berbasis Intel + +Kerusakan sistem [dapat terjadi](https://protonvpn.com/support/macos-t2-chip-kill-switch/) pada Mac berbasis Intel saat menggunakan killswitch VPN. Jika Anda memerlukan fitur ini, dan Anda menggunakan Mac dengan chipset Intel, Anda sebaiknya mempertimbangkan untuk menggunakan layanan VPN lain. + +## Kriteria !!! danger - It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. + Penting untuk dicatat bahwa menggunakan penyedia VPN tidak akan membuat Anda menjadi anonim, tetapi akan memberi Anda privasi yang lebih baik dalam situasi tertentu. VPN bukanlah alat untuk aktivitas ilegal. Jangan bergantung pada kebijakan "tanpa pencatatan". -**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. +**Harap diperhatikan bahwa kami tidak berafiliasi dengan penyedia yang kami rekomendasikan. Hal ini memungkinkan kami untuk memberikan rekomendasi yang sepenuhnya objektif.** Selain [kriteria standar kami](about/criteria.md), kami telah mengembangkan serangkaian persyaratan yang jelas untuk setiap penyedia VPN yang ingin direkomendasikan, termasuk enkripsi yang kuat, audit keamanan independen, teknologi modern, dan banyak lagi. Kami menyarankan Anda membiasakan diri dengan daftar ini sebelum memilih penyedia VPN, dan melakukan penelitian sendiri untuk memastikan penyedia VPN yang Anda pilih dapat dipercaya. -### Technology +### Teknologi -We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected. +Kami mewajibkan semua penyedia VPN yang kami rekomendasikan untuk menyediakan berkas konfigurasi OpenVPN untuk digunakan pada klien mana pun. **Jika** VPN menyediakan klien khusus mereka sendiri, kami memerlukan killswitch untuk memblokir kebocoran data jaringan saat terputus. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Support for strong protocols such as WireGuard & OpenVPN. -- Killswitch built in to clients. -- Multihop support. Multihopping is important to keep data private in case of a single node compromise. -- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- Dukungan untuk protokol yang kuat seperti WireGuard & OpenVPN. +- Killswitch yang terpasang pada klien. +- Dukungan multihop. Multihopping penting untuk menjaga kerahasiaan data jika terjadi kompromi pada satu node. +- Jika klien VPN disediakan, klien tersebut seharusnya [perangkat lunak sumber terbuka](https://id.wikipedia.org/wiki/Perangkat_lunak_sumber_terbuka), seperti perangkat lunak VPN yang umumnya sudah terpasang di dalamnya. Kami percaya bahwa ketersediaan [kode sumber](https://id.wikipedia.org/wiki/Kode_sumber) memberikan transparansi yang lebih besar tentang apa yang sebenarnya dilakukan oleh perangkat Anda. -**Best Case:** +**Kasus Terbaik:** -- WireGuard and OpenVPN support. -- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) -- Easy-to-use VPN clients -- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. -- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). +- Dukungan WireGuard dan OpenVPN. +- Killswitch dengan opsi yang sangat mudah dikonfigurasi (aktifkan/nonaktifkan pada jaringan tertentu, saat boot, dll.) +- Klien VPN yang mudah digunakan +- Mendukung [IPv6](https://id.wikipedia.org/wiki/IPv6). Kami berharap server akan mengizinkan koneksi masuk melalui IPv6 dan memungkinkan Anda untuk mengakses layanan yang dihosting pada alamat IPv6. +- Kemampuan [penerusan porta jarak jauh](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) membantu dalam membuat koneksi ketika menggunakan perangkat lunak berbagi file P2P ([Peer-to-Peer](https://id.wikipedia.org/wiki/Peer-to-peer)) atau hosting server (misalnya, Mumble). -### Privacy +### Privasi -We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required. +Kami lebih memilih penyedia yang kami rekomendasikan untuk mengumpulkan data sesedikit mungkin. Tidak mengumpulkan informasi pribadi pada saat pendaftaran, dan tidak menerima bentuk pembayaran anonim. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Monero or cash payment option. -- No personal information required to register: Only username, password, and email at most. +- [Mata uang kripto anonim](cryptocurrency.md) **atau** opsi pembayaran tunai. +- Tidak ada informasi pribadi yang diperlukan untuk mendaftar: Hanya nama pengguna, kata sandi, dan surel. -**Best Case:** +**Kasus Terbaik:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Menerima beberapa opsi [pembayaran anonim](advanced/payments.md). +- Tidak ada informasi pribadi yang diterima (nama pengguna yang dibuat secara otomatis, tidak perlu surel, dll.). -### Security +### Keamanan -A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis. +VPN tidak ada gunanya jika tidak bisa menyediakan keamanan yang memadai. Kami mewajibkan semua penyedia yang kami rekomendasikan untuk mematuhi standar keamanan saat ini untuk koneksi OpenVPN mereka. Secara ideal, mereka akan menggunakan skema enkripsi yang lebih tahan terhadap masa depan secara bawaan. Kami juga mewajibkan pihak ketiga yang independen untuk mengaudit keamanan penyedia layanan, secara ideal dengan cara yang sangat komprehensif dan secara berulang (tahunan). -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. -- Perfect Forward Secrecy (PFS). -- Published security audits from a reputable third-party firm. +- Skema enkripsi yang kuat: OpenVPN dengan autentikasi SHA-256; RSA-2048 atau jabat tangan yang lebih baik; enkripsi data AES-256-GCM atau AES-256-CBC. +- Kerahasiaan Maju Sempurna (PFS). +- Audit keamanan yang dipublikasikan dari perusahaan pihak ketiga yang memiliki reputasi baik. -**Best Case:** +**Kasus Terbaik:** -- Strongest Encryption: RSA-4096. -- Perfect Forward Secrecy (PFS). -- Comprehensive published security audits from a reputable third-party firm. -- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Enkripsi terkuat: RSA-4096. +- Kerahasiaan Maju Sempurna (PFS). +- Audit keamanan yang dipublikasikan secara komprehensif dari perusahaan pihak ketiga yang memiliki reputasi baik. +- Program bug-bounty dan/atau proses pengungkapan kerentanan yang terkoordinasi. -### Trust +### Kepercayaan -You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. +Anda tidak akan mempercayakan keuangan Anda pada seseorang dengan identitas palsu, jadi mengapa mempercayakan data internet Anda pada mereka? Kami mewajibkan penyedia layanan yang kami rekomendasikan untuk terbuka mengenai kepemilikan atau kepemimpinan mereka. Kami juga ingin melihat laporan transparansi yang lebih sering, terutama dalam hal bagaimana permintaan pemerintah ditangani. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Public-facing leadership or ownership. +- Kepemimpinan atau kepemilikan yang berhadapan dengan publik. -**Best Case:** +**Kasus Terbaik:** -- Public-facing leadership. -- Frequent transparency reports. +- Kepemimpinan yang berhadapan dengan publik. +- Laporan transparansi yang sering. -### Marketing +### Pemasaran -With the VPN providers we recommend we like to see responsible marketing. +Dengan penyedia VPN yang kami rekomendasikan, kami ingin melihat pemasaran yang bertanggung jawab. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out. +- Harus menyediakan analitik sendiri (yaitu, tanpa Google Analytics). Situs penyedia juga harus mematuhi [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) untuk orang-orang yang ingin menolak pelacakan. -Must not have any marketing which is irresponsible: +Tidak boleh melakukan pemasaran yang tidak bertanggung jawab: -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: - - Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.) - - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) -- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of three or more hops that regularly changes. -- Use responsible language: i.e., it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor. +- Menjamin perlindungan anonimitas 100%. Ketika seseorang membuat klaim bahwa sesuatu itu 100%, itu berarti tidak ada kepastian untuk gagal. Kami tahu bahwa orang dapat dengan mudah menyamarkan nama mereka dengan beberapa cara, misalnya: + - Menggunakan kembali informasi pribadi (misalnya, akun surel, nama samaran unik, dll.) yang mereka akses tanpa perangkat lunak anonimitas (Tor, VPN, dll.) + - [Sidik jari peramban](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- Klaim bahwa VPN sirkuit tunggal "lebih anonim" daripada Tor, yang merupakan sirkuit tiga atau lebih loncatan yang secara teratur berubah. +- Gunakan bahasa yang bertanggung jawab: misalnya, tidak masalah untuk mengatakan bahwa VPN "terputus" atau "tidak tersambung", namun mengklaim bahwa seseorang "terpapar", "rentan", atau "terkompromi" merupakan penggunaan bahasa yang tidak perlu dan tidak benar. Sebagai contoh, orang tersebut mungkin saja menggunakan layanan penyedia VPN lain atau menggunakan Tor. -**Best Case:** +**Kasus Terbaik:** -Responsible marketing that is both educational and useful to the consumer could include: +Pemasaran yang bertanggung jawab yang mendidik dan bermanfaat bagi konsumen dapat mencakup: -- An accurate comparison to when [Tor](tor.md) should be used instead. -- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion) +- Perbandingan yang akurat dengan kapan [Tor](tor.md) harus digunakan sebagai gantinya. +- Ketersediaan situs web penyedia VPN melalui [layanan .onion](https://id.wikipedia.org/wiki/.onion) -### Additional Functionality +### Fungsionalitas Tambahan -While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.id.txt" +Meskipun tidak sepenuhnya merupakan persyaratan, ada beberapa faktor yang kami pertimbangkan ketika menentukan penyedia mana yang akan direkomendasikan. Ini termasuk fungsionalitas pemblokiran iklan/pelacak, kenari surat perintah, koneksi multihop, dukungan pelanggan yang luar biasa, jumlah koneksi simultan yang diizinkan, dll. diff --git a/i18n/it/404.md b/i18n/it/404.md index 66abcf4da..b9dd5332b 100644 --- a/i18n/it/404.md +++ b/i18n/it/404.md @@ -1,11 +1,15 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Non Trovato -Non siamo riusciti a trovare la pagina che stavi cercando! Forse stavi cercando una di queste pagine? +We couldn't find the page you were looking for! Maybe you were looking for one of these? - [Introduzione alla modellazione delle minacce](basics/threat-modeling.md) - [Provider DNS consigliati](dns.md) @@ -13,5 +17,3 @@ Non siamo riusciti a trovare la pagina che stavi cercando! Forse stavi cercando - [Migliori provider VPN](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Il nostro blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/criteria.md b/i18n/it/about/criteria.md index c3729859b..3084230bd 100644 --- a/i18n/it/about/criteria.md +++ b/i18n/it/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/donate.md b/i18n/it/about/donate.md index 4236a4f97..713cea456 100644 --- a/i18n/it/about/donate.md +++ b/i18n/it/about/donate.md @@ -48,5 +48,3 @@ Hostiamo dei [servizi internet](https://privacyguides.net) per testare e mostrar Occasionalmente acquistiamo beni e servizi con lo scopo di testare i nostri [strumenti consigliati](../tools.md). Stiamo ancora lavorando con il nostro host fiscale (la Open Collective Foundation) per ricevere donazioni via criptovalute; al momento la contabilità non è fattibile per piccole transazioni, cosa che dovrebbe cambiare in futuro. Nel mentre, se desideri effettuare una donazione consistente in criptovalure (> $100), ti preghiamo di contattarci a [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/index.md b/i18n/it/about/index.md index 41329117a..d25b9f1a0 100644 --- a/i18n/it/about/index.md +++ b/i18n/it/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. **Non è possibile** utilizzare il marchio Privacy Guides nel proprio progetto senza l'esplicita approvazione da questo progetto. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/notices.md b/i18n/it/about/notices.md index 5ad3178b6..b9199fe4e 100644 --- a/i18n/it/about/notices.md +++ b/i18n/it/about/notices.md @@ -41,5 +41,3 @@ L'utente non deve condurre alcuna attività di raccolta dati sistematica o autom * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/privacy-policy.md b/i18n/it/about/privacy-policy.md index 154f7e19b..3e3424540 100644 --- a/i18n/it/about/privacy-policy.md +++ b/i18n/it/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). Potremo cambiare il modo in cui annunciamo modifiche in future versioni di questo documento. Nel mentre, possiamo aggiornare le nostre informazioni di contatto in qualsiasi momento senza annunciarlo. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/privacytools.md b/i18n/it/about/privacytools.md index 1ef8bb0b3..ff330e0f2 100644 --- a/i18n/it/about/privacytools.md +++ b/i18n/it/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/services.md b/i18n/it/about/services.md index ae974e5dd..71f2c95b7 100644 --- a/i18n/it/about/services.md +++ b/i18n/it/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/statistics.md b/i18n/it/about/statistics.md index 47b483b9c..8f17240c3 100644 --- a/i18n/it/about/statistics.md +++ b/i18n/it/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/advanced/communication-network-types.md b/i18n/it/advanced/communication-network-types.md index 4fcd5dfee..e947c4e10 100644 --- a/i18n/it/advanced/communication-network-types.md +++ b/i18n/it/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Tipi di reti di comunicazione" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- Esistono diverse architetture di rete comunemente usate per trasmettere messaggi tra le persone. Queste reti possono fornire garanzie di privacy diverse, motivo per cui vale la pena considerare il [modello di minaccia](../basics/threat-modeling.md) quando si decide quale app utilizzare. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/advanced/dns-overview.md b/i18n/it/advanced/dns-overview.md index 459a048ec..232ed7dce 100644 --- a/i18n/it/advanced/dns-overview.md +++ b/i18n/it/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Panoramica DNS" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- Il [Domain Name System](https://it.wikipedia.org/wiki/Domain_Name_System) è 'l'elenco telefonico di Internet'. Il DNS traduce i nomi di dominio in indirizzi IP, in modo che i browser e altri servizi possano caricare le risorse internet mediante un network decentralizzato di server. @@ -303,5 +304,3 @@ La [sottorete client EDNS](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) è Ha lo scopo di "velocizzare" la consegna dei dati fornendo al client una risposta che appartiene a un server vicino, come ad esempio una rete di distribuzione di contenuti [](https://it.wikipedia.org/wiki/Content_Delivery_Network), spesso utilizzata per lo streaming video e per servire applicazioni web in JavaScript. Questa funzione ha un costo in termini di privacy, in quanto comunica al server DNS alcune informazioni sulla posizione del client. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/advanced/payments.md b/i18n/it/advanced/payments.md new file mode 100644 index 000000000..e5492f4fe --- /dev/null +++ b/i18n/it/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger "Pericolo" + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/it/advanced/tor-overview.md b/i18n/it/advanced/tor-overview.md index 3fe43565b..d4b288cc7 100644 --- a/i18n/it/advanced/tor-overview.md +++ b/i18n/it/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Panoramica Tor" icon: 'simple/torproject' +description: Tor è una rete decentralizzata e gratuita progettata per utilizzare Internet con la massima privacy possibile. --- Tor è una rete decentralizzata e gratuita progettata per utilizzare Internet con la massima privacy possibile. Se utilizzata correttamente, la rete consente di navigare e comunicare in modo privato e anonimo. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.it.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/it/android.md b/i18n/it/android.md index 96d3b9c8f..50afa700c 100644 --- a/i18n/it/android.md +++ b/i18n/it/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'fontawesome/brands/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Logo di Android](assets/img/android/android.svg){ align=right } @@ -13,12 +14,13 @@ icon: 'fontawesome/brands/android' Questi sono i sistemi operativi, i dispositivi e le applicazioni Android che consigliamo per massimizzare la sicurezza e la privacy del proprio dispositivo mobile. Maggiori informazioni su Android: -- [Panoramica generale di Android :material-arrow-right-drop-circle:](os/android-overview.md) -- [Perché consigliamo GrapheneOS rispetto a CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Derivati di AOSP -Consigliamo di installare sul dispositivo uno dei seguenti sistemi operativi basati su Android, elencati in ordine di preferenza, a seconda della compatibilità del proprio dispositivo con questi sistemi operativi. +We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. !!! note @@ -41,9 +43,9 @@ Consigliamo di installare sul dispositivo uno dei seguenti sistemi operativi bas [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Codice sorgente" } [:octicons-heart-16:](https://grapheneos.org/donate/){ .card-link title=Contribuisci } -GrapheneOS supporta [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), che esegue [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) totalmente confinato in una sandbox come qualsiasi altra app normale. Ciò significa che è possibile sfruttare la maggior parte dei servizi di Google Play, come le [notifiche push](https://firebase.google.com/docs/cloud-messaging/), pur avendo il pieno controllo delle autorizzazioni e dell'accesso, mentre sono contenuti in un [profilo di lavoro](os/android-overview.md#work-profile) specifico o in un [profilo utente](os/android-overview.md#user-profiles) di propria scelta. +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. -I telefoni Google Pixel sono gli unici dispositivi che attualmente soddisfano i [requisiti di sicurezza hardware](https://grapheneos.org/faq#device-support) di GrapheneOS. +Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). ### DivestOS @@ -61,11 +63,11 @@ I telefoni Google Pixel sono gli unici dispositivi che attualmente soddisfano i [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Codice sorgente" } [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribuisci } -DivestOS offre [patch](https://gitlab.com/divested-mobile/cve_checker) automatizzate per vulnerabilità del kernel ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), meno blob proprietari e un file [hosts](https://divested.dev/index.php?page=dnsbl) modificato. Il suo WebView rafforzato, [Mulch](https://gitlab.com/divested-mobile/mulch), attiva [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) per tutte le architetture e [il partizionamento dello stato di rete](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), e riceve aggiornamenti fuori programma. DivestOS include anche le patch del kernel di GrapheneOS e abilita tutte le funzionalità di sicurezza del kernel disponibili tramite [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Tutti i kernel più recenti della versione 3.4 includono una completa [sanificazione](https://lwn.net/Articles/334747/) delle pagine e tutti i ~22 kernel compilati con Clang hanno [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) abilitato. +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS implementa alcune patch di hardening del sistema originariamente sviluppate per GrapheneOS. DivestOS 16.0 e versioni successive imposrta da GrapheneOSl'attivazione delle autorizzazioni [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) e SENSORS, [l'allocatore di memoria rafforzato](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), e patch parziali di rafforzamento di [bionic](https://en.wikipedia.org/wiki/Bionic_(software)). Le versioni 17.1 e successive importano da GrapheneOS l'opzione di [randomizzazione MAC](https://en.wikipedia.org/wiki/MAC_address#Randomization) completa per-rete, il controllo [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) e [opzioni di timeout](https://grapheneos.org/features) per riavvio automatico/Wi-Fi/Bluetooth. +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS utilizza F-Droid come distributore di applicazioni predefinito. Normalmente, consigliamo di evitare F-Droid a causa dei suoi numerosi [problemi di sicurezza](#f-droid). Tuttavia, farlo su DivestOS non è fattibile; gli sviluppatori aggiornano le loro applicazioni tramite i propri repository F-Droid ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) e [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Si consiglia di disabilitare l'applicazione ufficiale di F-Droid e di utilizzare [Neo Store](https://github.com/NeoApplications/Neo-Store/) con i repository DivestOS abilitati per mantenere aggiornati questi componenti. Segui gli altri metodi raccomandati per installare altre applicazioni. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning "Avviso" @@ -75,21 +77,21 @@ DivestOS utilizza F-Droid come distributore di applicazioni predefinito. Normalm ## Dispositivi Android -Quando acquisti un dispositivo, si consiglia di prenderne uno il più recente possibile. Il software e il firmware dei dispositivi mobili sono supportati solo per un periodo di tempo limitato, quindi l'acquisto di un prodotto recente ne prolunga il più possibile la durata. +When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Evita di acquistare telefoni dagli operatori di rete mobile. Spesso hanno il **bootloader bloccato** e non supportano [lo sblocco OEM](https://source.android.com/devices/bootloader/locking_unlocking). Queste varianti impediscono d'installare qualsiasi tipo di distribuzione Android alternativa sul dispositivo. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. -Fai molta **attenzione** all'acquisto di telefoni di seconda mano dai mercati online. Controlla sempre la reputazione del venditore. Se il dispositivo è rubato, c'è la possibilità che [l'IMEI venga bloccato](https://www.gsma.com/security/resources/imei-blacklisting/). Il rischio è anche quello di essere associati all'attività del precedente proprietario. +Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. -Altri suggerimenti sui dispositivi Android e sulla compatibilità del sistema operativo: +A few more tips regarding Android devices and operating system compatibility: -- Non acquistare dispositivi che hanno raggiunto o sono prossimi alla fine del loro ciclo di vita, ulteriori aggiornamenti del firmware devono essere forniti dal produttore. -- Non acquistare telefoni con preinstallato LineageOS o /e/ OS o qualsiasi telefono Android senza il supporto a [Verified Boot](https://source.android.com/security/verifiedboot) e agli aggiornamenti firmware. Inoltre, questi dispositivi non ti consentono di verificare se sono stati manomessi. -- In breve, se un dispositivo o una distribuzione Android non sono elencati qui, probabilmente c'è una buona ragione. Visita il nostro [forum](https://discuss.privacyguides.org/) per ulteriori dettagli! +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. +- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! ### Google Pixel -I telefoni Google Pixel sono gli **unici** dispositivi che consigliamo di acquistare. I telefoni Pixel hanno una sicurezza hardware migliore di qualsiasi altro dispositivo Android attualmente sul mercato, grazie ad un supporto AVB adeguato per i sistemi operativi di terze parti e ai chip di sicurezza [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) personalizzati di Google che fungono da Secure Element. +Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element. !!! recommendation @@ -101,22 +103,22 @@ I telefoni Google Pixel sono gli **unici** dispositivi che consigliamo di acquis [:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary } -I Secure Elements come il Titan M2 sono più limitati rispetto al Trusted Execution Environment del processore utilizzato dalla maggior parte degli altri telefoni, in quanto vengono utilizzati solo per la memorizzazione dei segreti, l'attestazione hardware e la limitazione della velocità, non per l'esecuzione di programmi "affidabili". I telefoni privi di un Secure Element devono utilizzare il TEE per *tutte* quelle funzioni, con una conseguente superficie di attacco più ampia. +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface. -I telefoni Google Pixel utilizzano un sistema operativo TEE chiamato Trusty che è [open-source](https://source.android.com/security/trusty#whyTrusty), a differenza di molti altri telefoni. +Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -L'installazione di GrapheneOS su un telefono Pixel è facile grazie al [web installer](https://grapheneos.org/install/web). Se non ti senti a tuo agio a farlo da solo e sei disposto a spendere un po' di soldi in più, controlla il [NitroPhone](https://shop.nitrokey.com/shop) su cui viene preinstallato GrapheneOS dalla rispettabile società [Nitrokey](https://www.nitrokey.com/about). +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. -Altri suggerimenti per l'acquisto di un Google Pixel: +A few more tips for purchasing a Google Pixel: -- Se vuoi fare un affare con un dispositivo Pixel, ti consigliamo di acquistare un modello "**a**", subito dopo l'uscita del modello seguente. Gli sconti sono solitamente disponibili perché Google cercherà di smaltire le scorte. -- Considera gli sconti e le offerte speciali offerte nei negozi fisici. -- Consulta i siti di contrattazione di commercio online del proprio Paese. Questi possono segnalarti le vendite più convenienti. -- Google pubblica un elenco che mostra il [ciclo di supporto](https://support.google.com/nexus/answer/4457705) per ciascuno dei suoi dispositivi. Il prezzo giornaliero di un dispositivo può essere calcolato come: $\text{Prezzo} \over \text {Data EOL }-\text{ Data attuale}$, il che significa che più lungo è l'uso del dispositivo, minore è il costo giornaliero. +- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. +- Consider price beating options and specials offered at physical stores. +- Look at online community bargain sites in your country. These can alert you to good sales. +- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. ## App Generali -In questo sito raccomandiamo un'ampia gamma di applicazioni per Android. Le applicazioni qui elencate sono esclusive di Android e migliorano o sostituiscono in modo specifico le principali funzionalità del sistema. +We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. ### Shelter @@ -163,17 +165,17 @@ In questo sito raccomandiamo un'ampia gamma di applicazioni per Android. Le appl - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) -Auditor esegue l'attestazione e il rilevamento delle intrusioni: +Auditor performs attestation and intrusion detection by: -- Utilizzando un [modello Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) tra un *revisore* e un *oggetto verificato*, la coppia stabilisce una chiave privata nel [keystore dell'hardware](https://source.android.com/security/keystore/) del *revisore*. -- Il *revisore* può essere un'altra istanza dell'applicazione Auditor o il [Remote Attestation Service](https://attestation.app). -- Il *revisore* registra lo stato attuale e la configurazione dell'*oggetto verificato*. -- In caso di manomissione del sistema operativo dell'*oggetto verificato* dopo il completamento dell'accoppiamento, il revisore sarà a conoscenza della modifica dello stato e delle configurazioni del dispositivo. -- Verrai avvisato della modifica. +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). +- The *auditor* records the current state and configuration of the *auditee*. +- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. +- You will be alerted to the change. -Al servizio di attestazione non vengono inviate informazioni d'identificazione personale. Ti consigliamo di registrarti con un account anonimo e di attivare l'attestazione remota per un monitoraggio continuo. +No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. -Se il proprio [modello di minaccia](basics/threat-modeling.md) richiede privacy, potresti considerare l'utilizzo di [Orbot](tor.md#orbot) o di una VPN per nascondere il proprio indirizzo IP al servizio di attestazione. Per assicurarsi che l'hardware e il sistema operativo siano autentici, [esegui l'attestazione locale](https://grapheneos.org/install/web#verifying-installation) subito dopo l'installazione del dispositivo e prima di qualsiasi connessione a Internet. +If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection. ### Secure Camera @@ -195,11 +197,11 @@ Se il proprio [modello di minaccia](basics/threat-modeling.md) richiede privacy, - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) -Le principali funzionalità di privacy incluse: +Main privacy features include: -- Rimozione automatica dei metadati [Exif](https://it.wikipedia.org/wiki/Exchangeable_image_file_format) (attivata in modo predefinito) -- Utilizzo della nuova API [Media](https://developer.android.com/training/data-storage/shared/media), pertanto non è richiesta [l'autorizzazione per tutti i file](https://developer.android.com/training/data-storage) -- L'autorizzazione al microfono non è necessaria, a meno che non si voglia registrare l'audio +- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required +- Microphone permission not required unless you want to record sound !!! note @@ -232,11 +234,11 @@ Le principali funzionalità di privacy incluse: ### Apps di GrapheneOS -L'app store di GrapheneOS è disponibile su [GitHub](https://github.com/GrapheneOS/Apps/releases). Supporta Android 12 e versioni successive ed è in grado di aggiornarsi da solo. L'app store contiene applicazioni standalone realizzate dal progetto GrapheneOS, come [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera) e [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Se stai cercando queste applicazioni, ti consigliamo vivamente di scaricarle dal distributore di app di GrapheneOS invece che dal Play Store, in quanto le app presenti nel loro distributore sono firmate dal progetto GrapheneOS con una firma propria a cui Google non ha accesso. +GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. ### Aurora Store -Google Play Store richiede un account Google per l'accesso, il che non è un bene per la privacy. È possibile ovviare a questo problema utilizzando un client alternativo, come Aurora Store. +The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store. !!! recommendation @@ -251,29 +253,29 @@ Google Play Store richiede un account Google per l'accesso, il che non è un ben - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store non consente di scaricare applicazioni a pagamento con la funzione di account anonimo. Puoi facoltativamente accedere con il tuo account Google in Aurora Store per scaricare le app che hai acquistato, il che dà accesso a Google all'elenco delle app che hai installato, ma puoi comunque trarre vantaggio dal fatto di non richiedere il client Google Play completo e i servizi Google Play o microG sul tuo dispositivo. +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. ### Manualmente con le notifiche RSS -Per le app pubblicate su piattaforme come GitHub e GitLab, potresti aggiungere un feed RSS al tuo [aggregatore di notizie](/news-aggregators) che ti aiuterà a tenere traccia delle nuove versioni. +For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases. -![APK da RSS](./assets/img/android/rss-apk-light.png#only-light) ![APK da RSS](./assets/img/android/rss-apk-dark.png#only-dark) ![Modifiche APK](./assets/img/android/rss-changes-light.png#only-light) ![Modifiche APK](./assets/img/android/rss-changes-dark.png#only-dark) +![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark) #### GitHub -Su GitHub, usando [Secure Camera](#secure-camera) come esempio, si dovrebbe navigare alla sua [pagina releases](https://github.com/GrapheneOS/Camera/releases) e aggiungere `.atom` all'URL: +On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: `https://github.com/GrapheneOS/Camera/releases.atom` #### GitLab -Su GitLab, usando [Aurora Store](#aurora-store) come esempio, si dovrebbe navigare al [repository del progetto](https://gitlab.com/AuroraOSS/AuroraStore) e aggiunge `/-/tags?format=atom` all'URL: +On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL: `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` #### Verifica delle impronte digitali degli APK -Se scarichi i file APK da installare manualmente, è possibile verificarne la firma con lo strumento [`apksigner`](https://developer.android.com/studio/command-line/apksigner), che fa parte dei [build-tools](https://developer.android.com/studio/releases/build-tools) di Android. +If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). 1. Installa [Java JDK](https://www.oracle.com/java/technologies/downloads/). @@ -304,21 +306,21 @@ Se scarichi i file APK da installare manualmente, è possibile verificarne la fi ### F-Droid -![Logo di F-Droid](assets/img/android/f-droid.svg){ align=right width=120px } +![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px } -==**Non** raccomandiamo attualmente F-Droid come metodo per ottenere applicazioni.== F-Droid è spesso raccomandato come alternativa a Google Play, in particolare nelle comunità della privacy. La possibilità di aggiungere repository di terze parti e di non essere confinati nel giardino recintato di Google ne ha determinato la popolarità. F-Droid ha inoltre [build riproducibili](https://f-droid.org/it/docs/Reproducible_Builds/) per alcune applicazioni ed è dedicato al software libero e open-source. Tuttavia, ci sono [problemi notevoli](https://wonderfall.dev/fdroid-issues/) con il client ufficiale F-Droid, il loro controllo di qualità e il modo in cui costruiscono, firmano e consegnano i pacchetti. +==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages. -A causa del processo di costruzione delle app, le applicazioni presenti nel repository ufficiale di F-Droid sono spesso in ritardo con gli aggiornamenti. Inoltre i manutentori di F-Droid riutilizzano gli ID dei pacchetti mentre firmano le applicazioni con le proprie chiavi, il che non è l'ideale perché conferisce al team di F-Droid la massima fiducia. +Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. -Altri popolari repository di terze parti, come [IzzyOnDroid](https://apt.izzysoft.de/fdroid/), alleviano alcuni di questi problemi. Il repository IzzyOnDroid estrae le build direttamente da GitHub ed è la seconda scelta migliore dopo i repository degli sviluppatori. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. Sebbene ciò abbia senso (dato che l'obiettivo di questo particolare repository è ospitare le applicazioni prima che vengano accettate nel repository principale di F-Droid), ti può lasciare con le applicazioni installate senza ricevere più aggiornamenti. +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. -That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. È importante tenere presente che alcune applicazioni presenti in questi repository non sono state aggiornate da anni e possono fare affidamento su librerie non supportate, costituendo un potenziale rischio per la sicurezza. Quando cerchi nuove applicazioni con questo metodo, è bene usare il proprio giudizio. +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. !!! note - In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. + In alcuni rari casi, lo sviluppatore di un'app la distribuisce solo attraverso F-Droid ([Gadgetbridge](https://gadgetbridge.org/) ne è un esempio). Se hai davvero bisogno di un'app del genere, ti consigliamo di usare [Neo Store](https://github.com/NeoApplications/Neo-Store/) al posto dell'app ufficiale di F-Droid per ottenerla. -## CryptPad +## Criteri **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation @@ -338,25 +340,23 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt ### Sistemi operativi - Deve essere un software open-source. -- Deve supportare il blocco del bootloader con il supporto della chiave AVB personalizzata. -- Deve ricevere i principali aggiornamenti Android entro 0-1 mesi dal rilascio. -- Deve ricevere gli aggiornamenti delle funzionalità Android (versione minore) entro 0-14 giorni dal rilascio. -- Deve ricevere regolarmente le patch di sicurezza entro 0-5 giorni dal rilascio. -- **Non** deve essere preconfigurato con il "root". -- **Non** deve abilitare i Google Play Services per impostazione predefinita. -- **Non** deve richiedere la modifica del sistema per supportare i Google Play Services. +- Must support bootloader locking with custom AVB key support. +- Must receive major Android updates within 0-1 months of release. +- Must receive Android feature updates (minor version) within 0-14 days of release. +- Must receive regular security patches within 0-5 days of release. +- Must **not** be "rooted" out of the box. +- Must **not** enable Google Play Services by default. +- Must **not** require system modification to support Google Play Services. ### Dispositivi -- Deve supportare almeno uno dei sistemi operativi personalizzati consigliati. -- Deve essere venduto nuovo nei negozi. -- Deve ricevere un minimo di 5 anni di aggiornamenti di sicurezza. -- Deve disporre di un hardware dedicato agli elementi sicuri. +- Must support at least one of our recommended custom operating systems. +- Must be currently sold new in stores. +- Must receive a minimum of 5 years of security updates. +- Must have dedicated secure element hardware. ### Applicazioni -- Le applicazioni presenti in questa pagina non devono essere applicabili a nessun'altra categoria di software presente sul sito. -- Le applicazioni generali devono estendere o sostituire le funzionalità di base del sistema. -- Le applicazioni devono ricevere aggiornamenti e manutenzione regolari. - ---8<-- "includes/abbreviations.it.txt" +- Applications on this page must not be applicable to any other software category on the site. +- General applications should extend or replace core system functionality. +- Applications should receive regular updates and maintenance. diff --git a/i18n/it/basics/account-creation.md b/i18n/it/basics/account-creation.md index e5a09f40d..61ccd9b11 100644 --- a/i18n/it/basics/account-creation.md +++ b/i18n/it/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Creazione account" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Spesso le persone si iscrivono a servizi senza riflettere. Forse si tratta di un servizio di streaming per guardare la nuova serie di cui tutti parlano, o di un account che ti offre uno sconto per il tuo supermercato preferito. In ogni caso, dovresti considerare le implicazioni per i tuoi dati ora e in futuro. @@ -78,5 +79,3 @@ In molti casi dovrai fornire un numero da cui puoi ricevere SMS o chiamate, in p ### Nome utente e password Alcuni servizi ti consentono di registrarti senza utilizzare un indirizzo email e richiedono solo d'impostare un nome utente e una password. Questi servizi possono fornire un maggiore anonimato se combinati con una VPN o Tor. Tieni presente che per questi account molto probabilmente non ci sarà **nessun modo per recuperare il tuo account** nel caso in cui dimentichi il tuo nome utente o password. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/account-deletion.md b/i18n/it/basics/account-deletion.md index a2f85d949..7609b1099 100644 --- a/i18n/it/basics/account-deletion.md +++ b/i18n/it/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Eliminazione account" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Con il tempo, può essere facile accumulare una serie di profili online, molti dei quali potrebbero non essere più utilizzati. L'eliminazione di questi account inutilizzati è un passo importante per recuperare la propria privacy, poiché gli account inattivi sono vulnerabili alle violazioni dei dati. Una violazione dei dati (anche detta data breach) avviene quando la sicurezza di un servizio è compromessa e le informazioni protette vengono visualizzate, trasmesse o rubate da soggetti non autorizzati. Le violazioni dei dati sono purtroppo [troppo comuni](https://haveibeenpwned.com/PwnedWebsites) al giorno d'oggi e quindi praticare una buona igiene digitale è il modo migliore per ridurre al minimo l'impatto che hanno sulla propria vita. L'obiettivo di questa guida è quindi quello di aiutarvi a superare il fastidioso processo di cancellazione dell'account, spesso reso difficile da un [design ingannevole](https://www.deceptive.design/), per migliorare la propria presenza online. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/common-misconceptions.md b/i18n/it/basics/common-misconceptions.md index 14ff75595..26aec771d 100644 --- a/i18n/it/basics/common-misconceptions.md +++ b/i18n/it/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "I malintesi più comuni" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Il software open-source è sempre sicuro" o "il software proprietario è più sicuro" @@ -56,6 +57,4 @@ Uno dei modelli di minaccia più chiari è quello in cui le persone *sanno chi s L'uso di Tor può aiutare in questo caso. Vale anche la pena di notare che un maggiore anonimato è possibile attraverso la comunicazione asincrona: la comunicazione in tempo reale è vulnerabile all'analisi dei modelli di digitazione (ad esempio, più di un paragrafo di testo, distribuito su un forum, via e-mail, ecc.) ---8<-- "includes/abbreviations.it.txt" - [^1]: Un esempio notevole è [l'incidente del 2021 in cui i ricercatori dell'Università del Minnesota hanno introdotto tre vulnerabilità nel progetto di sviluppo del kernel Linux](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/it/basics/common-threats.md b/i18n/it/basics/common-threats.md index 33c64e217..efc7ebe75 100644 --- a/i18n/it/basics/common-threats.md +++ b/i18n/it/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Minacce comuni" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- In linea di massima, le nostre raccomandazioni sono suddivise in [minacce](threat-modeling.md) o obiettivi che si applicano alla maggior parte delle persone. ==Potete essere interessati a nessuna, una, alcune o tutte queste possibilità== e gli strumenti e i servizi che utilizzate dipendono dai vostri obiettivi. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.it.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/it/basics/email-security.md b/i18n/it/basics/email-security.md index bffa75677..f0c2fb579 100644 --- a/i18n/it/basics/email-security.md +++ b/i18n/it/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/multi-factor-authentication.md b/i18n/it/basics/multi-factor-authentication.md index 6997741d0..a452cfaf1 100644 --- a/i18n/it/basics/multi-factor-authentication.md +++ b/i18n/it/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticazione a più fattori" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **L'autenticazione a più fattori** (**MFA**) è un meccanismo di sicurezza che richiede ulteriori passaggi oltre all'inserimento del nome utente (o email) e della password. Il metodo più comune è quello dei codici a tempo limitato che si possono ricevere via SMS o tramite un'applicazione. @@ -162,5 +163,3 @@ SSH MFA può anche essere impostato utilizzando TOTP. DigitalOcean ha fornito un ### KeePass (e KeePassXC) I database KeePass e KeePassXC possono essere protetti utilizzando Challenge-Response o HOTP come autenticazione di secondo fattore. Yubico ha fornito un documento per KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) e ne esiste uno anche sul sito [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa). - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/passwords-overview.md b/i18n/it/basics/passwords-overview.md index 5348121e5..f2c0908e9 100644 --- a/i18n/it/basics/passwords-overview.md +++ b/i18n/it/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/threat-modeling.md b/i18n/it/basics/threat-modeling.md index a2311a63b..e102ed30c 100644 --- a/i18n/it/basics/threat-modeling.md +++ b/i18n/it/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Modelli di minaccia" icon: 'material/target-account' +description: Bilanciare sicurezza, privacy e usabilità è il primo e il più difficile compito che incontrerai durante il tuo viaggio nella privacy. --- Bilanciare sicurezza, privacy e usabilità è il primo e il più difficile compito che incontrerai durante il tuo viaggio nella privacy. Tutto è un compromesso: più qualcosa è sicuro, più è restrittivo o scomodo in generale, ecc. Spesso, le persone scoprono che il problema con gli strumenti che vedono raccomandati è che sono troppo difficili da iniziare a usare! @@ -107,5 +108,3 @@ Per le persone che cercano di aumentare la loro privacy e sicurezza online, abbi ## Fonti - [EFF Surveillance Self Defense: Your Security Plan (EFF Autodifesa da sorveglianza: il tuo piano di sicurezza)](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/vpn-overview.md b/i18n/it/basics/vpn-overview.md index 8edfef600..78a1a7fc8 100644 --- a/i18n/it/basics/vpn-overview.md +++ b/i18n/it/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: Panoramica VPN icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Le reti private virtuali sono un modo per estendere l'estremità della vostra rete all'uscita di un'altra parte del mondo. Un ISP può vedere il flusso del traffico Internet che entra ed esce dal dispositivo di terminazione della rete (ad esempio, il modem). -I protocolli di crittografia come l'HTTPS sono comunemente utilizzati su Internet, quindi potrebbero non essere in grado di vedere esattamente ciò che state postando o leggendo, ma possono farsi un'idea dei [domini richiesti](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). Una VPN può essere d'aiuto in quanto può spostare la fiducia su un server in un'altra parte del mondo. Di conseguenza, l'ISP vede solo che sei connesso a una VPN e non vede nulla dell'attività che stai trasmettendo. @@ -74,5 +75,3 @@ Per situazioni come queste, o se hai un altro motivo valido, i provider VPN che - [Free VPN App Investigation (Indagine sulle app di VPN gratuite)](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies (Svelati i proprietari segreti delle VPN: 101 prodotti per VPN gestiti da sole 23 aziende)](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions (Questa azienda cinese è segretamente dietro 24 app popolari che cercano autorizzazioni pericolose)](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/calendar.md b/i18n/it/calendar.md index 3fa4081be..2076bd0ea 100644 --- a/i18n/it/calendar.md +++ b/i18n/it/calendar.md @@ -1,6 +1,7 @@ --- title: "Sincronizzazione di calendario e contatti" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -76,5 +77,3 @@ Calendars contain some of your most sensitive data; use products that implement KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikipedia.org/wiki/Comma-separated_values). Ciò può comportare la perdita di dati se si importa questo file in un altro gestore di password. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/cloud.md b/i18n/it/cloud.md index 49baeb5ea..c7e159a86 100644 --- a/i18n/it/cloud.md +++ b/i18n/it/cloud.md @@ -1,6 +1,7 @@ --- title: "Archiviazione in cloud" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Molti fornitori di spazio di archiviazione cloud richiedono la tua totale fiducia sul fatto che non guarderanno nei tuoi file. Le alternative elencate di seguito eliminano la necessità di fiducia mettendo l'utente in controllo dei propri dati o implementando E2EE. @@ -29,7 +30,6 @@ Se queste alternative non soddisfano le tue esigenze, ti suggeriamo di esaminare - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. recommendation Proton Drive desktop clients are still in development. ## CryptPad @@ -67,5 +67,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/cryptocurrency.md b/i18n/it/cryptocurrency.md new file mode 100644 index 000000000..f42e63c6c --- /dev/null +++ b/i18n/it/cryptocurrency.md @@ -0,0 +1,62 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger "Pericolo" + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## CryptPad + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation + +!!! recommendation + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** è un pastebin online minimalista e open-source in cui il server non ha alcuna conoscenza dei dati incollati. Infatti, vengono criptati/decriptati nel tuo browser utilizzando AES a 256 bit. downloads + + - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) + - [:simple-apple: macOS](https://keepassxc.org/download/#mac) + - [:simple-linux: Linux](https://keepassxc.org/download/#linux) + - [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/it/data-redaction.md b/i18n/it/data-redaction.md index 6ba8fe98c..9619bd1e0 100644 --- a/i18n/it/data-redaction.md +++ b/i18n/it/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Rimozione di dati e metadati" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- Quando vengono condivisi file, è importante rimuovere i relativi metadata. I file immagine includono comunemente dati [Exif](https://it.wikipedia.org/wiki/Exif). I metadata delle foto, a volte, includono anche le coordinate GPS. @@ -151,5 +152,3 @@ L'applicazione offre diversi modi per cancellare i metadati dalle immagini. Vale - Le applicazioni sviluppate per sistemi operativi open-source devono essere open-source. - Le applicazioni devono essere gratuite e non devono includere pubblicità o altre limitazioni. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/desktop-browsers.md b/i18n/it/desktop-browsers.md index 47ebb3280..ce8c1ac7e 100644 --- a/i18n/it/desktop-browsers.md +++ b/i18n/it/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Browser desktop" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- Questi sono i browser e le configurazioni per desktop attualmente consigliati per la navigazione standard/non anonima. Se hai bisogno di navigare in Internet in modo anonimo, dovresti invece utilizzare [Tor](tor.md). In generale, si consiglia di ridurre al minimo le estensioni del browser; hanno un accesso privilegiato all'interno del browser, richiedono fiducia nello sviluppatore, possono farti [risaltare](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)e [indebolire l'isolamento del sito](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ). @@ -267,6 +268,4 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.it.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/it/desktop.md b/i18n/it/desktop.md index e621853b8..9a2444122 100644 --- a/i18n/it/desktop.md +++ b/i18n/it/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Le distribuzioni Linux sono comunemente consigliate per la protezione della privacy e la libertà del software. --- Le distribuzioni Linux sono comunemente consigliate per la protezione della privacy e la libertà del software. Se non utilizzi già Linux, di seguito ti suggeriamo alcune distribuzioni da provare, oltre ad alcuni consigli generali per migliorare la privacy e la sicurezza applicabili a molte distribuzioni Linux. @@ -187,5 +188,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/dns.md b/i18n/it/dns.md index a4a12af24..b21050bf4 100644 --- a/i18n/it/dns.md +++ b/i18n/it/dns.md @@ -1,13 +1,12 @@ --- title: "Resolver DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! faq "Quando utilizzare il DNS crittografato?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Il DNS crittografato non aiuta a nascondere la tua attività di navigazione. - I DNS crittografati con server di terze parti dovrebbero essere utilizzati solo per aggirare forme di [blocco del DNS](https://en.wikipedia.org/wiki/DNS_blocking) basilari, quando sei sicuro che ciò non causi alcuna conseguenza. Il DNS crittografato non aiuta a nascondere la tua attività di navigazione. - - [Per saperne di più sul DNS](basics/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Provider consigliati @@ -132,8 +131,6 @@ Una soluzione DNS self-hosted è utile per fornire il filtraggio su piattaforme [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Codice sorgente" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribuisci } ---8<-- "includes/abbreviations.it.txt" - [^1]: AdGuard memorizza le statistiche aggregate delle prestazioni dei propri server DNS, ovvero il numero di richieste dirette a un particolare server, il numero di richieste bloccate e la velocità di elaborazione di esse. Inoltre, conservano e memorizzano i domini richiesti nelle ultime 24 ore. "Abbiamo bisogno di queste informazioni per identificare e bloccare nuovi tracker e minacce" "Registriamo anche quante volte un tracker viene bloccato. Abbiamo bisogno di queste informazioni per rimuovere le regole obsolete dai nostri filtri" [https://adguard.com/it/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare raccoglie e memorizza solo dati limitati delle stringhe DNS che vengono inviate al resolver 1.1.1.1. Il resolver 1.1.1.1 non registra dati personali, e la maggior parte dei dati di identificazione personali limitati nelle stringhe DNS viene archiviata per solo 25 ore. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D registra solo i resolver Premium con profili DNS personalizzati. I resolver gratuiti non registrano dati. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/it/email-clients.md b/i18n/it/email-clients.md index c4af31f7b..5bc1702e3 100644 --- a/i18n/it/email-clients.md +++ b/i18n/it/email-clients.md @@ -1,6 +1,7 @@ --- title: "Condivisione di file" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Il nostro elenco di raccomandazioni contiene client di posta elettronica che supportano sia [OpenPGP](encryption.md#openpgp) che l'autenticazione forte come [Open Authorization (OAuth)](https://it.wikipedia.org/wiki/OAuth). OAuth consente di utilizzare l'[autenticazione a più fattori](basics/multi-factor-authentication.md) e di prevenire il furto di account. @@ -240,5 +241,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/email.md b/i18n/it/email.md index d6a1964f6..7ad51fd02 100644 --- a/i18n/it/email.md +++ b/i18n/it/email.md @@ -1,6 +1,7 @@ --- -title: "Servizi di posta elettronica" +title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- L'e-mail è praticamente una necessità per l'utilizzo di qualsiasi servizio online, tuttavia non la consigliamo per le conversazioni personali. Piuttosto che utilizzare l'email per contattare altre persone, considera l'utilizzo di un mezzo di messaggistica istantanea che supporta la forward secrecy. @@ -9,9 +10,21 @@ L'e-mail è praticamente una necessità per l'utilizzo di qualsiasi servizio onl Per tutto il resto, consigliamo una varietà di provider di posta elettronica basati su modelli di business sostenibile e funzioni di sicurezza integrate. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## Servizi compatibili con OpenPGP -Questi provider supportano in modo nativo la codifica/decodifica OpenPGP, consentendo d'inviare e-mail E2EE in modo indipendente dal provider. Ad esempio, un utente di Proton Mail potrebbe inviare un messaggio E2EE a un utente di Mailbox.org, oppure si potrebbero ricevere notifiche cifrate in OpenPGP dai servizi Internet che lo supportano. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Ad esempio, un utente di Proton Mail potrebbe inviare un messaggio E2EE a un utente di Mailbox.org, oppure si potrebbero ricevere notifiche cifrate in OpenPGP dai servizi Internet che lo supportano. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning "Avviso" @@ -49,41 +62,41 @@ Se hai il piano Proton Unlimited, Business o Visionary, ottieni anche [SimpleLog Proton Mail ha rapporti interni di crash che **non condividono** con terze parti. Questa funzione può essere disattivata in: **Impostazioni** > **Vai alle impostazioni** > **Account** > **Sicurezza e privacy** > **Invia rapporti sui crash**. -??? success "Domini e Alias personalizzati" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Gli abbonati a Proton Mail possono scegliere un dominio personalizzato con il servizio o un indirizzo [catch-all](https://proton.me/it/support/catch-all). Inoltre è presente il supporto per il [subaddressing](https://proton.me/it/support/creating-aliases), utile per chi non vuole acquistare un dominio. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Metodi di pagamento privati" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accetta](https://proton.me/support/payment-options) Bitcoin e contanti via mail, oltre ai pagamenti standard con carta di credito/debito e PayPal. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Sicurezza dell'account" +#### :material-check:{ .pg-green } Account Security - Proton Mail supporta solo [l'autenticazione a due fattori](https://proton.me/it/support/two-factor-authentication-2fa) TOTP. Il supporto per le chiavi di sicurezza U2F non è ancora presente. Proton Mail ha in programma, però, d'integrarlo al completamento del loro codice [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/). +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. Il supporto per le chiavi di sicurezza U2F non è ancora presente. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Sicurezza dei dati" +#### :material-check:{ .pg-green } Data Security - Proton Mail ha [crittografia zero-access](https://proton.me/blog/zero-access-encryption) a riposo per le tue e-mail e [calendari](https://proton.me/news/protoncalendar-security-model). I dati protetti con crittografia zero-access sono accessibili solo da te. - - Alcune informazioni memorizzate nei [Contatti Proton](https://proton.me/it/support/proton-contacts), come i nomi visualizzati e gli indirizzi e-mail, non sono protette dalla crittografia zero-access. I campi dei contatti che supportano la crittografia zero-access, come i numeri di telefono, sono indicati con l'icona di un lucchetto. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). I dati protetti con crittografia zero-access sono accessibili solo da te. -??? success "Crittografia delle email" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. I campi dei contatti che supportano la crittografia zero-access, come i numeri di telefono, sono indicati con l'icona di un lucchetto. - Proton mail ha [integrato la crittografia OpenPGP](https://proton.me/it/support/how-to-use-pgp) nella loro webmail. Le e-mail inviate ad altri account Proton Mail vengono crittografate automaticamente, e la crittografia verso indirizzi non Proton Mail con una chiave OpenPGP può essere abilitata nelle impostazioni dell'account. Permettono inoltre di [crittografare messaggi verso indirizzi non Proton Mail](https://proton.me/it/support/password-protected-emails) senza il bisogno che il ricevente acceda ad un account Proton Mail o utilizzi software come OpenPGP. - - Proton Mail consente anche il reperimento di chiavi pubbliche via HTTP dalla loro [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Questo permette alle persone che non utilizzano Proton Mail di trovare facilmente le chiavi OpenPGP degli account Proton Mail, per un E2EE cross-provider. +#### :material-check:{ .pg-green } Email Encryption -??? check "Sicurezza dei dati" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Le e-mail inviate ad altri account Proton Mail vengono crittografate automaticamente, e la crittografia verso indirizzi non Proton Mail con una chiave OpenPGP può essere abilitata nelle impostazioni dell'account. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail non offre una funzione di eredità digitale. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Questo permette alle persone che non utilizzano Proton Mail di trovare facilmente le chiavi OpenPGP degli account Proton Mail, per un E2EE cross-provider. -??? info "Metodi di pagamento privati" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Se avete un account a pagamento e la vostra [bolletta non è pagata](https://proton.me/support/delinquency) dopo 14 giorni, non potrete accedere ai vostri dati. Dopo 30 giorni, l'account diventerà delinguente e non riceverà più la posta in arrivo. Durante questo periodo la fattura continuerà ad essere addebitata. +Proton Mail non offre una funzione di eredità digitale. -??? info "Funzionalità aggiuntive" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offre un account "Unlimited" a 9,99 euro/mese, che consente anche l'accesso a Proton VPN oltre a fornire account multipli, domini, alias e 500 GB di spazio di archiviazione. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. Dopo 30 giorni, l'account diventerà delinguente e non riceverà più la posta in arrivo. Durante questo periodo la fattura continuerà ad essere addebitata. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offre un account "Unlimited" a 9,99 euro/mese, che consente anche l'accesso a Proton VPN oltre a fornire account multipli, domini, alias e 500 GB di spazio di archiviazione. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail ha rapporti interni di crash che **non condividono** con terze parti - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Domini e Alias personalizzati" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org consente di utilizzare il proprio dominio e supporta gli indirizzi [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org supporta anche [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), utile se non si vuole acquistare un dominio. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? check "Eredità digitale" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org non accetta Bitcoin o altre criptovalute a causa della sospensione delle attività del processore di pagamento BitPay in Germania. Tuttavia, accettano contanti per posta, pagamento in contanti su conto corrente, bonifico bancario, carta di credito, PayPal e un paio di processori specifici per la Germania: paydirekt e Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. Tuttavia, accettano contanti per posta, pagamento in contanti su conto corrente, bonifico bancario, carta di credito, PayPal e un paio di processori specifici per la Germania: paydirekt e Sofortüberweisung. -??? success "Sicurezza dell'account" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supporta l'[autenticazione a due fattori](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) solo per la sua webmail. È possibile utilizzare il TOTP o un [Yubikey](https://it.wikipedia.org/wiki/YubiKey) tramite il [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Gli standard web come [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) non sono ancora supportati. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Sicurezza dei dati" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org consente la crittografia della posta in arrivo utilizzando la sua [casella di posta crittografata] (https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). I nuovi messaggi ricevuti saranno immediatamente crittografati con la tua chiave pubblica. - - Tuttavia, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), la piattaforma software utilizzata da Mailbox.org, [non supporta](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) la crittografia della rubrica e del calendario. Un'[opzione autonoma] (calendario-contatti.md) potrebbe essere più appropriata per queste informazioni. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). I nuovi messaggi ricevuti saranno immediatamente crittografati con la tua chiave pubblica. -??? success "Crittografia delle email" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org ha [integrato la crittografia] (https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) nella sua webmail, che semplifica l'invio di messaggi a persone con chiavi OpenPGP pubbliche. Consentono inoltre [ai destinatari remoti di decriptare un'e-mail](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) sui server di Mailbox.org. Questa funzione è utile quando il destinatario remoto non dispone di OpenPGP e non può decifrare una copia dell'e-mail nella propria casella di posta elettronica. - - Mailbox.org supporta anche il reperimento di chiavi pubbliche via HTTP dalla sua [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Questo permette a persone esterne a Mailbox.org di trovare facilmente le chiavi OpenPGP degli account di Mailbox.org, per un E2EE fra provider diversi. +#### :material-check:{ .pg-green } Email Encryption -??? check "Domini e alias personalizzati" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. Questa funzione è utile quando il destinatario remoto non dispone di OpenPGP e non può decifrare una copia dell'e-mail nella propria casella di posta elettronica. - Mailbox.org dispone di una funzione di eredità digitale per tutti i piani. Puoi scegliere se vuoi che i dati siano trasmessi agli eredi, a condizione che ne facciano richiesta e forniscano il testamento. In alternativa, è possibile nominare una persona per nome e indirizzo. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Questo permette a persone esterne a Mailbox.org di trovare facilmente le chiavi OpenPGP degli account di Mailbox.org, per un E2EE fra provider diversi. -??? info "Metodi di pagamento privati" +#### :material-check:{ .pg-green } Digital Legacy - L'account sarà impostato come account utente limitato alla scadenza del contratto, dopo [30 giorni sarà irrevocabilmente cancellato](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org dispone di una funzione di eredità digitale per tutti i piani. Puoi scegliere se vuoi che i dati siano trasmessi agli eredi, a condizione che ne facciano richiesta e forniscano il testamento. In alternativa, è possibile nominare una persona per nome e indirizzo. -??? info "Funzionalità aggiuntive" +#### :material-information-outline:{ .pg-blue } Account Termination - È possibile accedere al proprio account Mailbox.org tramite IMAP/SMTP utilizzando il loro [servizio .onion] (https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Tuttavia, l'interfaccia webmail non è accessibile tramite il servizio .onion e si possono verificare errori di certificato TLS. - - Tutti gli account sono dotati di uno spazio di archiviazione cloud limitato che [può essere crittografato] (https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org offre anche l'alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), che applica la crittografia TLS alla connessione tra i server di posta, altrimenti il messaggio non verrà inviato affatto. Mailbox.org supporta anche [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) oltre ai protocolli di accesso standard come IMAP e POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Tuttavia, l'interfaccia webmail non è accessibile tramite il servizio .onion e si possono verificare errori di certificato TLS. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## Altri provider + +Questi provider archiviano le tue e-mail con una crittografia a conoscenza zero, il che li rende ottime opzioni per mantenere sicure le tue e-mail archiviate. Tuttavia, non supportano standard di crittografia interoperabili per le comunicazioni E2EE tra provider. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail ha rapporti interni di crash che **non condividono** con terze parti - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Domini e Alias personalizzati" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Gli account personali possono utilizzare alias [Personalizzati o rapidi](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). Sono disponibili anche [domini personalizzati](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain). +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Metodi di pagamento privati" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accetta Visa, MasterCard, American Express e Paypal. StartMail ha anche altre [opzioni di pagamento](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) come Bitcoin (attualmente solo per gli account personali) e l'addebito diretto SEPA per gli account più vecchi di un anno. +StartMail accetta Visa, MasterCard, American Express e Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Sicurezza dell'account" +#### :material-check:{ .pg-green } Account Security - StartMail supporta l'autenticazione a due fattori TOTP [solo per la webmail] (https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Non consentono l'autenticazione con chiave di sicurezza U2F. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Non consentono l'autenticazione con chiave di sicurezza U2F. -??? info "Sicurezza dei dati" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail dispone di [zero accesso ai dati crittografati a riposo](https://www.startmail.com/en/whitepaper/#_Toc458527835), utilizzando il sistema "user vault". Quando accedi, la cassaforte viene aperta e l'e-mail viene spostata dalla coda e inserita, dove viene decifrata dalla corrispondente chiave privata. - - StartMail supporta l'importazione dei [contatti](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts), ma sono accessibili solo nella webmail e non attraverso protocolli come [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Inoltre, i contatti non vengono memorizzati utilizzando la crittografia a "conoscenza zero", quindi potrebbe essere più appropriata un'opzione [autonoma](calendar-contacts.md). +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. Quando accedi, la cassaforte viene aperta e l'e-mail viene spostata dalla coda e inserita, dove viene decifrata dalla corrispondente chiave privata. -??? success "Crittografia delle email" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Inoltre, i contatti non vengono memorizzati utilizzando la crittografia a "conoscenza zero", quindi potrebbe essere più appropriata un'opzione \[autonoma\](calendar-contacts.md). - Startmail ha [integrato la crittografia] (https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) nella sua webmail, che semplifica l'invio di messaggi a utenti con chiavi OpenPGP pubbliche. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Eredità digitale" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail non offre una funzione di eredità digitale. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Chiusura dell'account" +StartMail non offre una funzione di eredità digitale. - Alla scadenza dell'account, StartMail eliminerà definitivamente l'account dopo [6 mesi in 3 fasi](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Funzionalità aggiuntive" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail consente il proxy delle immagini all'interno dei messaggi di posta elettronica. Se consenti il caricamento dell'immagine remota, il mittente non saprà quale sia il tuo indirizzo IP. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## Altri provider - -Questi provider archiviano le tue e-mail con una crittografia a conoscenza zero, il che li rende ottime opzioni per mantenere sicure le tue e-mail archiviate. Tuttavia, non supportano standard di crittografia interoperabili per le comunicazioni E2EE tra provider. +StartMail consente il proxy delle immagini all'interno dei messaggi di posta elettronica. Se consenti il caricamento dell'immagine remota, il mittente non saprà quale sia il tuo indirizzo IP. ### Tutanota @@ -220,44 +240,51 @@ Questi provider archiviano le tue e-mail con una crittografia a conoscenza zero, Tutanota non supporta il [protocollo IMAP](https://tutanota.com/faq/#imap) o l'uso di client [di posta elettronica di terze parti](email-clients.md)e non sarà nemmeno possibile aggiungere [account di posta elettronica esterni](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) all'app Tutanota. Al momento non sono supportate né [Importazione e-mail](https://github.com/tutao/tutanota/issues/630) né [sottocartelle](https://github.com/tutao/tutanota/issues/927) , anche se questo [dovrebbe essere modificato](https://tutanota.com/blog/posts/kickoff-import). Le e-mail possono essere esportate [singolarmente o per selezione in blocco](https://tutanota.com/howto#generalMail) per cartella, il che può essere scomodo se si dispone di molte cartelle. -??? success "Domini e Alias personalizzati" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Gli account Tutanota a pagamento possono utilizzare fino a 5 [alias](https://tutanota.com/faq#alias) e [domini personalizzati](https://tutanota.com/faq#custom-domain). Tutanota non consente [sottoindirizzi (più indirizzi)] (https://tutanota.com/faq#plus), ma è possibile utilizzare un [catch-all](https://tutanota.com/howto#settings-global) con un dominio personalizzato. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Metodi di pagamento privati" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota accetta direttamente solo carte di credito e PayPal, tuttavia Bitcoin e Monero possono essere utilizzati per acquistare carte regalo grazie alla loro [partnership](https://tutanota.com/faq/#cryptocurrency) con Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Sicurezza dell'account" +#### :material-check:{ .pg-green } Account Security - Tutanota supporta [l'autenticazione a due fattori](https://tutanota.com/faq#2fa) sia con TOTP, sia con U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Sicurezza dei dati" +#### :material-check:{ .pg-green } Data Security - Tutanota dispone di [crittografia zero-access a riposo] (https://tutanota.com/faq#what-encrypted) per le e-mail, [contatti della rubrica] (https://tutanota.com/faq#encrypted-address-book) e [calendario](https://tutanota.com/faq#calendar). Ciò significa che i messaggi e gli altri dati memorizzati nel tuo account sono leggibili solo a te. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). Ciò significa che i messaggi e gli altri dati memorizzati nel tuo account sono leggibili solo a te. -??? warning "Crittografia delle email" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [non utilizza OpenPGP](https://www.tutanota.com/faq/#pgp). Gli account Tutanota possono ricevere e-mail cifrate da account di posta elettronica non Tutanota solo se inviate tramite una [casella di posta temporanea Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Eredità digitale" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota non offre una funzione di eredità digitale. +Tutanota non offre una funzione di eredità digitale. -??? info "Chiusura dell'account" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota [chiuderà gli account gratuiti inattivi](https://tutanota.com/faq#inactive-accounts) dopo sei mesi. È possibile riutilizzare un account gratuito disattivato se si paga. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. È possibile riutilizzare un account gratuito disattivato se si paga. -??? info "Funzionalità aggiuntive" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offre la versione business di [Tutanota per le organizzazioni non profit](https://tutanota.com/blog/posts/secure-email-for-non-profit) gratuitamente o con un forte sconto. - - Tutanota dispone anche di una funzione commerciale chiamata [Secure Connect](https://tutanota.com/secure-connect/). Ciò garantisce che il contatto del cliente con l'azienda utilizzi E2EE. La funzione costa 240€ all'anno. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). Ciò garantisce che il contatto del cliente con l'azienda utilizzi E2EE. La funzione costa 240€ all'anno. ## Servizi di alias per email Un servizio di aliasing email consente di generare facilmente un nuovo indirizzo email per ogni sito web a cui ci si registra. Gli alias email generati vengono quindi inoltrati a un indirizzo email di tua scelta, nascondendo sia il tuo indirizzo e-mail "principale" che l'identità del tuo provider di posta elettronica. Il vero aliasing di posta elettronica è meglio dell'indirizzo plus comunemente usato e supportato da molti provider, che ti consente di creare alias come tuonome+[qualsiasicosa]@example.com, perché siti Web, inserzionisti e reti di tracciamento possono banalmente rimuovere qualsiasi cosa dopo il segno + per conoscere il tuo vero indirizzo email. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ L'aliasing e-mail può funzionare da salvaguardia nel caso in cui il tuo provider di posta elettronica cessi di operare. In questo caso, è possibile reindirizzare facilmente gli alias a un nuovo indirizzo email. A sua volta, tuttavia, si sta mettendo fiducia nel servizio di aliasing che continui a funzionare. L'utilizzo di un servizio di aliasing email dedicato presenta una serie di vantaggi rispetto a un alias generico su un dominio personalizzato: @@ -334,7 +361,7 @@ SimpleLogin è stata [acquistata da Proton AG](https://proton.me/news/proton-and Puoi collegare il tuo account SimpleLogin con l'account Proton nelle impostazioni. Se hai il piano Proton Unlimited, Business o Visionary, avrai SimpleLogin Premium gratuitamente. -Funzionalità gratuite degne di nota: +Notable free features: - [x] 10 alias condivisi - [x] Risposte illimitate @@ -387,7 +414,7 @@ Consideriamo queste caratteristiche importanti per fornire un servizio sicuro e - Consentire agli utenti di utilizzare il proprio [nome di dominio](https://en.wikipedia.org/wiki/Domain_name). I nomi di dominio personalizzati sono importanti per gli utenti perché consentono loro di mantenere la propria autonomia dal servizio, se dovesse diventare negativa o essere acquisita da un'altra società che non dà priorità alla privacy. - Opera su un'infrastruttura di proprietà, ovvero non si appoggia a provider di servizi e-mail di terze parti. -**Caso migliore:** +**Best Case:** - Crittografia di tutti i dati dell'account (contatti, calendari ecc.) a riposo con crittografia ad zero-access. - Crittografia webmail integrata E2EE/PGP fornita per comodità. @@ -409,9 +436,9 @@ Preferiamo che i provider da noi consigliati raccolgano il minor numero di dati - Un'informativa sulla privacy che soddisfa i requisiti definiti dal GDPR - Non deve essere hostato negli Stati Uniti a causa del [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism), il quale dev'essere [ancora riformato](https://epic.org/ecpa/). -**Caso migliore:** +**Best Case:** -- Accetta Bitcoin, contanti e altre forme di criptovaluta e/o opzioni di pagamento anonime (carte regalo, ecc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Sicurezza @@ -428,14 +455,14 @@ I server di posta elettronica gestiscono molti dati estremamente sensibili. Ci a - Record [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) e [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) validi. - Record [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) e [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) validi. - Disporre di un record e di una politica [DMARC](https://en.wikipedia.org/wiki/DMARC) adeguati o utilizzare [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) per l'autenticazione. Se si utilizza l'autenticazione DMARC, la politica deve essere impostata su `rifiuta` o `quarantena`. -- Una preferenza per la suite di server TLS 1.2 o successivo e un piano per [deprecare TLSv1.0 e TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [Invio SMTPS](https://en.wikipedia.org/wiki/SMTPS) , supponendo che venga utilizzato SMTP. - Standard di sicurezza del sito web come: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Integrità Subresource](https://en.wikipedia.org/wiki/Subresource_Integrity) se si caricano oggetti da domini esterni. - Deve supportare la visualizzazione di [intestazioni di messaggi](https://en.wikipedia.org/wiki/Email#Message_header), in quanto è una funzione forense cruciale per determinare se un'e-mail è un tentativo di phishing. -**Caso migliore:** +**Best Case:** - Supporto per l'autenticazione hardware, come U2F e [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F e WebAuthn sono più sicuri, in quanto utilizzano una chiave privata memorizzata nel client su un dispositivo hardware per autenticare le persone, rispetto a un segreto condiviso che viene memorizzato sul server web e sul client quando si utilizza TOTP. Inoltre, U2F e WebAuthn sono più resistenti al phishing in quanto la loro risposta di autenticazione si basa sul [nome di dominio](https://en.wikipedia.org/wiki/Domain_name) autenticato. Inoltre, U2F e WebAuthn sono più resistenti al phishing in quanto la loro risposta di autenticazione si basa sul [nome di dominio](https://en.wikipedia.org/wiki/Domain_name) autenticato. - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844), oltre al supporto DANE. @@ -443,7 +470,7 @@ I server di posta elettronica gestiscono molti dati estremamente sensibili. Ci a - Programmi di bug-bounty e/o un processo coordinato di divulgazione delle vulnerabilità. - Standard di sicurezza del sito web come: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Fiducia @@ -453,7 +480,7 @@ Non affideresti le tue finanze a qualcuno con un'identità falsa, quindi perché - Dirigenza o proprietà pubblica. -**Caso migliore:** +**Best Case:** - Dirigenza pubblica. - Rapporti di trasparenza frequenti. @@ -474,12 +501,10 @@ Non deve avere alcun marketing ritenuto irresponsabile: - Riutilizzare informazioni personali (p.e., account e-mail, pseudonimi unici ecc.) con cui hanno eseguito accessi senza software di anonimizzazione (Tor, VPN, ecc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) -**Caso migliore:** +**Best Case:** - Documentazione chiara e di facile lettura. Questo include cose come l'impostazione di 2FA, dei client di posta elettronica, di OpenPGP, ecc. ### Funzionalità aggiuntive Anche se non strettamente necessari, ci sono altri fattori di convenienza o di privacy che abbiamo preso in considerazione per determinare i provider da consigliare. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/encryption.md b/i18n/it/encryption.md index 8fdda992d..a9d671f38 100644 --- a/i18n/it/encryption.md +++ b/i18n/it/encryption.md @@ -1,6 +1,7 @@ --- title: "Software di crittografia" icon: material/file-lock +description: La crittografia dei dati è l'unico modo per controllare chi può accedervi. These tools allow you to encrypt your emails and any other files. --- La crittografia dei dati è l'unico modo per controllare chi può accedervi. Se al momento non stai utilizzando software per la crittografia del tuo hard disk, delle email, o dei file, dovresti scegliere una delle seguenti opzioni. @@ -363,5 +364,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Le applicazioni di crittografia del sistema operativo (FDE) dovrebbero utilizzare una protezione hardware come TPM o Secure Enclave. - Le applicazioni per la crittografia dei file devono avere un supporto di primo o terzo livello per le piattaforme mobili. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/file-sharing.md b/i18n/it/file-sharing.md index 719170d57..4d60eb05d 100644 --- a/i18n/it/file-sharing.md +++ b/i18n/it/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Condivisione e sincronizzazione dei file" icon: material/share-variant +description: Scopri come condividere privatamente i tuoi file tra i tuoi dispositivi, con i tuoi amici e familirai, o in modo anonimo online. --- Scopri come condividere privatamente i tuoi file tra i tuoi dispositivi, con i tuoi amici e familirai, o in modo anonimo online. @@ -161,5 +162,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/financial-services.md b/i18n/it/financial-services.md new file mode 100644 index 000000000..2e19bb464 --- /dev/null +++ b/i18n/it/financial-services.md @@ -0,0 +1,112 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### CryptPad + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation + +!!! recommendation + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** è un pastebin online minimalista e open-source in cui il server non ha alcuna conoscenza dei dati incollati. Infatti, vengono criptati/decriptati nel tuo browser utilizzando AES a 256 bit. downloads + + - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) + - [:simple-apple: macOS](https://keepassxc.org/download/#mac) + - [:simple-linux: Linux](https://keepassxc.org/download/#linux) + - [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### CryptPad + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation + +!!! recommendation + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** è un pastebin online minimalista e open-source in cui il server non ha alcuna conoscenza dei dati incollati. Infatti, vengono criptati/decriptati nel tuo browser utilizzando AES a 256 bit. downloads + + - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) + - [:simple-apple: macOS](https://keepassxc.org/download/#mac) + - [:simple-linux: Linux](https://keepassxc.org/download/#linux) + - [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/it/frontends.md b/i18n/it/frontends.md index 5abff0c6d..392758c02 100644 --- a/i18n/it/frontends.md +++ b/i18n/it/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontend" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- A volte i servizi tentano di costringerti ad iscriverti ad un account bloccando l'accesso ai contenuti con fastidiosi popup. Potrebbero anche cessare di funzionare correttamente senza l'abilitazione di JavaScript. Questi frontend possono consentire di aggirare queste restrizioni. @@ -273,5 +274,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/index.md b/i18n/it/index.md index 8d779e6e9..2a08efebe 100644 --- a/i18n/it/index.md +++ b/i18n/it/index.md @@ -40,5 +40,3 @@ Cercare di proteggere tutti i dati da tutti, in ogni momento, è poco pratico, c [:material-hand-coin-outline:](about/donate.md){ title="Sostieni il progetto" } È importante che un sito web come Privacy Guide rimanga sempre aggiornato. Abbiamo bisogno che il nostro pubblico tenga d'occhio gli aggiornamenti software per le applicazioni elencate sul nostro sito e segua le notizie recenti sui provider che raccomandiamo. È difficile stare al passo con il ritmo veloce di internet, ma facciamo del nostro meglio. Se noti un errore, pensi che un provider non dovrebbe essere elencato, noti che manca un provider qualificato, credi che un plug-in del browser non sia più la scelta migliore o scopri qualsiasi altro problema, faccelo sapere. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/kb-archive.md b/i18n/it/kb-archive.md index 98458cd76..94e2e503f 100644 --- a/i18n/it/kb-archive.md +++ b/i18n/it/kb-archive.md @@ -1,6 +1,7 @@ --- title: Archivio conoscenze di base icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pagine spostate nel blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Cancellazione sicura dei dati](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrazione della rimozioni di metadata](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [Guida alla configurazione di iOS](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/meta/brand.md b/i18n/it/meta/brand.md index f7d7f0143..53cb9ac42 100644 --- a/i18n/it/meta/brand.md +++ b/i18n/it/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/meta/git-recommendations.md b/i18n/it/meta/git-recommendations.md index 78884777a..f59b5f81f 100644 --- a/i18n/it/meta/git-recommendations.md +++ b/i18n/it/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/meta/uploading-images.md b/i18n/it/meta/uploading-images.md index 812fa6a53..55f136f8a 100644 --- a/i18n/it/meta/uploading-images.md +++ b/i18n/it/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/meta/writing-style.md b/i18n/it/meta/writing-style.md index 40932ea58..b9e47a716 100644 --- a/i18n/it/meta/writing-style.md +++ b/i18n/it/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/mobile-browsers.md b/i18n/it/mobile-browsers.md index 5e2beb2f9..6dc2e1b62 100644 --- a/i18n/it/mobile-browsers.md +++ b/i18n/it/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Browser mobile" icon: octicons/device-mobile-16 +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- Questi sono i browser e le configurazioni attualmente consigliati per la navigazione standard e non anonima. Se hai bisogno di navigare in Internet in modo anonimo, dovresti invece utilizzare [Tor](tor.md). In generale, raccomandiamo di tenere il numero di estensioni al minimo: hanno accesso privilegiato all'interno del browser, richiedono di fidarsi dello sviluppatore, possono farti [risaltare](https://it.wikipedia.org/wiki/Device_fingerprint) e [indeboliscono](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) l'isolamento dei siti. @@ -40,7 +41,7 @@ Queste opzioni si trovano in :material-menu: → **Impostazioni** → **Brave Sh Brave include alcune misure contro il fingerprinting nella sua funzionalità [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-). Consigliamo di configurare queste opzioni [globalmente](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) applicate a tutti i siti che visiti. -##### Brave shields global defaults +##### Valori predefiniti globali di Brave Shields Le funzionalità di Shields possono essere ridotte per ogni sito se necessario; ciò nonostante, raccomandiamo le seguenti impostazioni: @@ -59,7 +60,7 @@ Le funzionalità di Shields possono essere ridotte per ogni sito se necessario; 1. Questa opzione fornisce una funzionalità simile alle [modalità di blocco](https://github.com/gorhill/uBlock/wiki/Blocking-mode) avanzate di uBlock Origin o dell'estensione [NoScript](https://noscript.net/). -##### Clear browsing data +##### Svuota dati di navigazione - [x] Seleziona **Cancellare i dati all'uscita** @@ -198,5 +199,3 @@ Liste di filtri aggiuntive possono intaccare le prestazioni ed aumentare la supe - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/multi-factor-authentication.md b/i18n/it/multi-factor-authentication.md index 584947ef1..edb0fd237 100644 --- a/i18n/it/multi-factor-authentication.md +++ b/i18n/it/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticatori a più fattori" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Chiavi di sicurezza fisiche @@ -158,5 +159,3 @@ Consigliamo vivamente di utilizare applicazioni TOTP per dispositivi mobili inve - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/news-aggregators.md b/i18n/it/news-aggregators.md index 608467e8c..5e8468637 100644 --- a/i18n/it/news-aggregators.md +++ b/i18n/it/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "Aggregatori di notizie" icon: octicons/rss-24 +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -Un [aggreggatore di notizie](https://it.wikipedia.org/wiki/Aggregatore) è un modo per tenerti aggiornato con i tuoi blog e siti di notizie favoriti. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Client aggregatori @@ -178,5 +179,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/notebooks.md b/i18n/it/notebooks.md index 7f82b2db9..c42a6666b 100644 --- a/i18n/it/notebooks.md +++ b/i18n/it/notebooks.md @@ -1,6 +1,7 @@ --- title: "Blocchi note" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Tieni traccia delle tue note e diari senza doverli dare a una terza parte. @@ -115,5 +116,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/os/android-overview.md b/i18n/it/os/android-overview.md index 5c823496a..eea683b7b 100644 --- a/i18n/it/os/android-overview.md +++ b/i18n/it/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Panoramica Android icon: fontawesome/brands/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android è un sistema operativo sicuro, dotato di [sandboxing delle app](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB) e di un robusto sistema di controllo delle [autorizzazioni](https://developer.android.com/guide/topics/permissions/overview). @@ -53,9 +54,44 @@ Fairphone, ad esempio, commercializza i propri dispositivi con 6 anni di assiste ## Autorizzazioni di Android -[Le autorizzazioni su Android](https://developer.android.com/guide/topics/permissions/overview) consentono di controllare ciò a cui le applicazioni hanno accesso. Google apporta regolarmente [miglioramenti](https://developer.android.com/about/versions/11/privacy/permissions) al sistema delle autorizzazioni in ogni nuova versione. Tutte le applicazioni installate sono rigorosamente [confinate in una sandbox](https://source.android.com/security/app-sandbox), pertanto non è necessario installare alcuna applicazione come antivirus. Uno smartphone con l'ultima versione di Android sarà sempre più sicuro di un vecchio smartphone con un antivirus a pagamento. È meglio non pagare il software antivirus e risparmiare per acquistare un nuovo smartphone come il Google Pixel. +[Le autorizzazioni su Android](https://developer.android.com/guide/topics/permissions/overview) consentono di controllare ciò a cui le applicazioni hanno accesso. Google apporta regolarmente [miglioramenti](https://developer.android.com/about/versions/11/privacy/permissions) al sistema delle autorizzazioni in ogni nuova versione. Tutte le applicazioni installate sono rigorosamente [confinate in una sandbox](https://source.android.com/security/app-sandbox), pertanto non è necessario installare alcuna applicazione come antivirus. -Se volete eseguire un'applicazione di cui non siete sicuri, prendete in considerazione l'utilizzo di un profilo utente o di lavoro. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning "Avviso" + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Accesso ai media @@ -131,5 +167,3 @@ Ti verrà data la possibilità di eliminare l'ID pubblicità o di *rinunciare ag [SafetyNet](https://developer.android.com/training/safetynet/attestation) e le API [Play Integrity](https://developer.android.com/google/play/integrity) sono generalmente utilizzate per [le app bancarie](https://grapheneos.org/usage#banking-apps). Molte applicazioni bancarie funzionano bene in GrapheneOS con i servizi Play in sandbox, ma alcune applicazioni non finanziarie hanno i loro meccanismi anti-manomissione che potrebbero fallire. GrapheneOS supera il controllo `basicIntegrity`, ma non il controllo di certificazione `ctsProfileMatch`. I dispositivi con Android 8 o successivi dispongono di un supporto di attestazione hardware che non può essere aggirato senza chiavi trapelate o gravi vulnerabilità. Per quanto riguarda Google Wallet, lo sconsigliamo a causa dell'[informativa sulla privacy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), che prevede l'opt-out se non si desidera che il proprio rating creditizio e i propri dati personali vengano condivisi con i servizi di marketing affiliati. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/os/linux-overview.md b/i18n/it/os/linux-overview.md index 941f409a4..c7c2f4e43 100644 --- a/i18n/it/os/linux-overview.md +++ b/i18n/it/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/os/qubes-overview.md b/i18n/it/os/qubes-overview.md index dcd684961..b945bdec5 100644 --- a/i18n/it/os/qubes-overview.md +++ b/i18n/it/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Panoramica di Qubes" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) è un sistema operativo che utilizza l'hypervisor [Xen](https://en.wikipedia.org/wiki/Xen) per fornire una forte sicurezza per il desktop computing attraverso macchine virtuali isolate. Ogni macchina virtuale è chiamata *Qube* e si può assegnare a ogni Qube un livello di fiducia in base al suo scopo. Poiché il sistema operativo Qubes garantisce la sicurezza utilizzando l'isolamento e consentendo azioni solo su base individuale, è l'opposto dell'[enumerazione delle minacce](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ Per ulteriori informazioni si consiglia di consultare le ampie pagine di documen - J. Rutkowska: [*Software compartmentalization vs. physical separation (Compartimentazione del software vs. separazione fisica)*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains (Suddividere la mia vita digitale in domini di sicurezza)*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Articoli correlati*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/passwords.md b/i18n/it/passwords.md index ca0b0f8d5..941acd60a 100644 --- a/i18n/it/passwords.md +++ b/i18n/it/passwords.md @@ -1,6 +1,7 @@ --- title: "Gestori di password" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- I gestori di password consentono di archiviare e gestire in modo sicuro le password e altre credenziali con l'uso di una password principale. @@ -245,5 +246,3 @@ These products are minimal password managers that can be used within scripting a - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) - Must be cross-platform. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/productivity.md b/i18n/it/productivity.md index ac0ccd300..2da0007c2 100644 --- a/i18n/it/productivity.md +++ b/i18n/it/productivity.md @@ -1,6 +1,7 @@ --- title: "Strumenti di produttività" icon: material/file-sign +description: La maggior parte delle suite per ufficio online non supportano la crittografia end-to-end, il che significa che il provider del cloud ha accesso a tutto ciò che fai. --- La maggior parte delle suite per ufficio online non supportano la crittografia end-to-end, il che significa che il provider del cloud ha accesso a tutto ciò che fai. L'informativa sulla privacy potrebbe proteggere legalmente i tuoi diritti, ma non fornisce vincoli tecnici di accesso. @@ -177,5 +178,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/real-time-communication.md b/i18n/it/real-time-communication.md index 4d758e03a..73d803175 100644 --- a/i18n/it/real-time-communication.md +++ b/i18n/it/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Comunicazione in tempo reale" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- Questi sono i nostri consigli per comunicazioni criptate in tempo reale. @@ -200,5 +201,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/router.md b/i18n/it/router.md index 2969569ce..5b1404066 100644 --- a/i18n/it/router.md +++ b/i18n/it/router.md @@ -1,6 +1,7 @@ --- title: "Firmware Router" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Di seguito sono elencati alcuni sistemi operativi alternativi che possono essere usati su router, punti di accesso Wi-Fi, ecc. @@ -56,5 +57,3 @@ OPNsense è stato originariamente sviluppato come fork di [pfSense](https://en.w - Deve essere open source. - Deve ricevere aggiornamenti regolari. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/search-engines.md b/i18n/it/search-engines.md index bb0dc0e1d..6c080469e 100644 --- a/i18n/it/search-engines.md +++ b/i18n/it/search-engines.md @@ -1,6 +1,7 @@ --- title: "Motori di ricerca" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Utilizza un motore di ricerca che non crei un profilo pubblicitario basato sulle tue ricerche. @@ -88,9 +89,9 @@ L'azionista di maggioranza di Startpage è System1, un'azienda di tecnologie pub ## CryptPad -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation +**Si noti che non siamo affiliati a nessuno dei progetti che consigliamo.** Oltre a [i nostri criteri standard](about/criteria.md), abbiamo sviluppato una chiara serie di requisiti che ci permettono di fornire raccomandazioni obiettive. Ti consigliamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e condurre le tue ricerche per assicurarti che sia la scelta giusta per te. -!!! recommendation +!!! esempio "Questa sezione è nuova" ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } @@ -114,5 +115,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Dovrebbe essere basato su software open-source. - Non dovrebbe bloccare gli indirizzi IP dei nodi di uscita di Tor. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/tools.md b/i18n/it/tools.md index c2c90006f..9e952a8b3 100644 --- a/i18n/it/tools.md +++ b/i18n/it/tools.md @@ -3,6 +3,7 @@ title: "Strumenti per la privacy" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Se stai cercando una soluzione specifica per qualcosa, questi sono gli strumenti hardware e software che ti consigliamo in una varietà di categorie. I nostri strumenti di privacy consigliati sono scelti principalmente in base alle funzionalità di sicurezza, con maggiore enfasi sugli strumenti decentralizzati e open-source. Sono applicabili a una varietà di modelli di minaccia che vanno dalla protezione contro i programmi di sorveglianza di massa globali e evitare le grandi aziende tecnologiche alla mitigazione degli attacchi, ma solo tu puoi determinare cosa funzionerà meglio per le tue esigenze. @@ -84,7 +85,7 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -201,6 +202,29 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su [Maggiori informazioni :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Maggiori informazioni :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Maggiori informazioni :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Motori di ricerca
@@ -228,9 +252,9 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -249,6 +273,16 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su [Maggiori informazioni :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Maggiori informazioni :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Rimozione di dati e metadati
@@ -437,5 +471,3 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su
[Maggiori informazioni :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/tor.md b/i18n/it/tor.md index 1a60c3f32..e5b6ca0d5 100644 --- a/i18n/it/tor.md +++ b/i18n/it/tor.md @@ -1,6 +1,7 @@ --- title: "Rete Tor" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Logo Tor](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ La rete **Tor** è un gruppo di server gestiti da volontari che permette di conn Tor funziona instradando il traffico internet attraverso questi server gestiti da volontari, invece di effettuare una connessione diretta al sito che si sta cercando di visitare. In questo modo si offusca la provenienza del traffico e nessun server nel percorso di connessione è in grado di vedere il percorso completo del traffico proveniente e diretto, il che significa che nemmeno i server utilizzati per connettersi possono violare l'anonimato. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - I nodi del percorso possono vedere solo i server a cui sono direttamente collegati, ad esempio il nodo "Entry" mostrato può vedere il vostro indirizzo IP e l'indirizzo del nodo "Middle", ma non ha modo di vedere quale sito web state visitando.
-
- -- [Maggiori informazioni sul funzionamento di Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connessione a Tor @@ -120,5 +115,3 @@ Per resistere agli attacchi di analisi del traffico, considera di abilitare *Iso Snowflake non aumenta in alcun modo la tua privacy e non viene utilizzato per connettersi alla rete Tor all'interno del tuo browser personale. Tuttavia, se la tua connessione a Internet non è censurata, dovresti prendere in considerazione la possibilità di utilizzarlo per aiutare le persone che si trovano in reti censurate a ottenere una migliore privacy. Non c'è bisogno di preoccuparsi dei siti web a cui le persone accedono attraverso il tuo proxy: il loro indirizzo IP di navigazione visibile corrisponderà al loro nodo di uscita Tor, non al tuo. La gestione di un proxy Snowflake è a basso rischio, anche più della gestione di un relay o bridge di Tor, che già non sono attività particolarmente rischiose. Tuttavia, il traffico viene comunque instradato attraverso la tua rete, il che può avere un certo impatto, soprattutto se la tua rete ha una larghezza di banda limitata. Assicurati di comprendere [come Snowflake funziona](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) prima di decidere se gestire un proxy. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/video-streaming.md b/i18n/it/video-streaming.md index aa29b60b3..e24a2594f 100644 --- a/i18n/it/video-streaming.md +++ b/i18n/it/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Streaming video" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- Il rischio principale quando si usa una piattaforma di streaming video è che le tue abitudini e iscrizioni possano essere usate per profilarti. Suggeriamo di utilizzare questi strumenti accompagnati da un [VPN](vpn.md) o [Tor](https://www.torproject.org/) in modo da rendere più difficile la profilazione. @@ -57,5 +58,3 @@ Raccomandiamo di **non sincronizzare** il portafoglio con LBRY Inc. poiché la s - Non deve richiedere un account centralizzato per visualizzare i video. - L'autenticazione decentralizzata, ad esempio tramite la chiave privata di un wallet mobile, è accettabile. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/vpn.md b/i18n/it/vpn.md index 677c569db..d0262b9a5 100644 --- a/i18n/it/vpn.md +++ b/i18n/it/vpn.md @@ -1,11 +1,20 @@ --- -title: "Servizi VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Trova un operatore VPN che non si occupi di leggere o vendere il tuo traffico web. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "Le VPN non forniscono anonimato" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "Le VPN non forniscono anonimato" L'utilizzo di una VPN **non** manterrà anonime le tue abitudini di navigazione, né aggiungerà ulteriore sicurezza al traffico non sicuro (HTTP). @@ -15,80 +24,11 @@ Trova un operatore VPN che non si occupi di leggere o vendere il tuo traffico we [Scarica Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](basics/tor-overview.md){ .md-button } -??? question "Quando sono utili le VPN?" - - Se stai cercando una maggiore **privacy** dal tuo ISP, su una rete Wi-Fi pubblica o durante il torrenting di file, una VPN potrebbe essere la soluzione, a patto che ne comprendi i rischi. - - [Maggior informazioni](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Provider consigliati -!!! summary "Criteri" - - I fornitori che consigliamo utilizzano la crittografia, accettano Monero, supportano WireGuard & OpenVPN e applicano una politica di non registrazione del traffico. Leggi la nostra [lista completa dei criteri](#our-criteria). - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** è un forte concorrente nello spazio VPN ed è attivo dal 2016. Proton AG ha sede in Svizzera e offre un livello gratuito limitato, così come un'opzione premium più ricca di funzioni. - - **Gratuito** — **Piano Plus da 71,88€ all'anno** (1) - - [:octicons-home-16: Pagina principale](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Informativa sulla privacy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentazione} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Codice sorgente" } downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 paesi" - - Proton VPN ha [server in 67 paesi](https://protonvpn.com/vpn-servers) (1). Scegliere un provider VPN con un server più vicino a voi ridurrà la latenza del traffico di rete inviato. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). - - Riteniamo inoltre che sia meglio per la sicurezza della chiave privata del provider VPN se utilizza [server dedicati](https://en.wikipedia.org/wiki/Dedicated_hosting_service), invece che soluzioni condivise (con altri clienti) più economiche, come un [virtual private server (VPS)](https://it.wikipedia.org/wiki/Virtual_private_server). - -1. Ultimo controllo: 16-09-2022 - -??? success "Audit indipendente" - - Nel mese di gennaio del 2020, Proton VPN è stato sottoposto ad un audit indipendente da parte di SEC Consult. SEC Consult ha riscontrato alcune vulnerabilità di basso e medio rischio nelle applicazioni di Windows, Android e iOS, le quali sono state "adeguatamente risolte" da Proton VPN prima della pubblicazione dei rapporti. Nessuno dei problemi identificati avrebbe potuto garantire a un hacker di accedere da remoto al tuo dispositivo o al tuo traffico. Puoi vedere i singoli rapporti per ogni piattaforma su [protonvpn.com](https://protonvpn.com/blog/open-source/). Nell'aprile 2022 Proton VPN è stata sottoposta ad [un altro audit](https://protonvpn.com/blog/no-logs-audit/) e il rapporto è stato [prodotto da Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Una [lettera di attestazione](https://proton.me/blog/security-audit-all-proton-apps) è stata fornita per le applicazioni di Proton VPN il 9 novembre 2021 da [Securitum](https://research.securitum.com). - -??? success "Client Open-Source" - - Proton VPN fornisce il codice sorgente dei loro client desktop e mobile nella loro [organizzazione GitHub](https://github.com/ProtonVPN). - -??? success "Accetta contanti" - - Oltre ad accettare carte di credito/debito e PayPal, Proton VPN accetta pagamenti in Bitcon e **contanti/valuta locale** come forma di pagamento anonima. - -??? success "Supporto WireGuard" - - Proton VPN supporta principalmente il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) è un protocollo più recente che utilizza una [cryptography](https://www.wireguard.com/protocol/) di ultima generazione. Inoltre, WireGuard mira a essere più semplice e performante. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) l'utilizzo di WireGuard con il loro servizio. Nelle applicazioni Windows, macOS, iOS, Android, ChromeOS e Android TV, WireGuard è il protocollo predefinito, tuttavia il [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) per il protocollo non è presente nella loro applicazione Linux. - -??? warning "Remote Port Forwarding" - - Proton VPN supporta attualmente il [port forwarding](https://protonvpn.com/support/port-forwarding/) remoto solo su Windows, il che potrebbe impattare alcune applicazioni. In particolare le applicazioni Peer-to-peer come i client Torrent. - -??? success "Client mobile" - - In aggiunta ai file di configurazione OpenVPN standard, Proton VPN fornisce client per i dispositivi mobili su [App Store](https://apps.apple.com/it/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl_it)e [GitHub](https://github.com/ProtonVPN/android-app/releases), permettendo connessioni facili ai loro server. - -??? info "Funzionalità aggiuntive" - - I client Proton VPN supportano l'autenticazione a due fattori su tutte le piattaforme, ad eccezione di Linux, al momento. Proton VPN ha i propri server e datacenter in Svizzera, Islanda e Svezia. Offrono il blocco delle pubblicità e dei domini malware noti mediante il loro servizio DNS. Inoltre, Proton VPN offre server "Tor" permettendoti di connetterti facilmente ai siti onion; consigliamo fortemente di utilizzare il [browser Tor ufficiale](https://www.torproject.org/) per questo scopo. - -!!! danger "La funzione Killswitch non funziona sui Mac con processori Intel" - - Si possono verificare arresti anomali del sistema (https://protonvpn.com/support/macos-t2-chip-kill-switch/) sui Mac basati su Intel quando si utilizza il killswitch VPN. Se hai bisogno di questa funzione e utilizzi un Mac con chipset Intel, dovresti considerare l'utilizzo di un altro servizio VPN. +I fornitori che consigliamo utilizzano la crittografia, accettano Monero, supportano WireGuard & OpenVPN e applicano una politica di non registrazione del traffico. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Trova un operatore VPN che non si occupi di leggere o vendere il tuo traffico we - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 paesi" +#### :material-check:{ .pg-green } 35 Countries - IVPN ha [server in 35 paesi](https://www.ivpn.net/server-locations) (1). Scegliere un provider VPN con un server più vicino a voi ridurrà la latenza del traffico di rete inviato. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). - - Riteniamo inoltre che sia meglio per la sicurezza della chiave privata del provider VPN se utilizza [server dedicati](https://en.wikipedia.org/wiki/Dedicated_hosting_service), invece che soluzioni condivise (con altri clienti) più economiche, come un [virtual private server (VPS)](https://it.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). +{ .annotate } 1. Ultimo controllo: 16-09-2022 -??? success "Audit indipendente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN è stato sottoposto a un [audit no-logging da parte di Cure53](https://cure53.de/audit-report_ivpn.pdf), che si è concluso in accordo con l'affermazione no-logging di IVPN. IVPN ha anche completato un [rapporto pentest completo Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) nel gennaio 2020. IVPN ha dichiarato di avere in programma [rapporti annuali](https://www.ivpn.net/blog/independent-security-audit-concluded) in futuro. Un'ulteriore ispezione è stata condotta [nell'aprile 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) ed è stata resa pubblica da Cure53 [sul loro sito web](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Client Open-Source" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - Da febbrario del 2020, le [applicazioni di IVPN sono open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Il codice sorgente può essere ottenuto dalla loro [organizzazione GitHub](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accetta contanti e Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - Oltre ad accettare carte di credito/debito e PayPal, IVPN accetta pagamenti in Bitcon, **Monero** e **contanti/valuta locale** (su piani annuali) come forma di pagamento anonima. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "Supporto WireGuard" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supporta il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) è un protocollo più recente che utilizza una [cryptography](https://www.wireguard.com/protocol/) di ultima generazione. Inoltre, WireGuard mira a essere più semplice e performante. - - IVPN [recommends](https://www.ivpn.net/wireguard/) l'uso di WireGuard con il loro servizio e, come tale, il protocollo è predefinito su tutte le app IVPN. IVPN inoltre offre un generatore di configurazioni WireGuard per l'uso con le [app](https://www.wireguard.com/install/) ufficiali del protocollo. +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supporta il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Inoltre, WireGuard mira a essere più semplice e performante. - Il [port forwarding](https://it.wikipedia.org/wiki/Port_forwarding) remoto è possibile con un piano Pro. Il port forwarding [può essere attivato](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) mediante il client. Il port forwarding è disponibile solo su IVPN quando si utilizzano protocolli WireGuard o OpenVPN ed è [disabilitato sui server statunitensi](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Client mobile" +#### :material-check:{ .pg-green } Remote Port Forwarding - In aggiunta ai file di configurazione OpenVPN standard, IVPN fornisce client per i dispositivi mobili su [App Store](https://apps.apple.com/it/app/ivpn-serious-privacy-protection/id1193122683), [Google Play] e [GitHub](https://github.com/ivpn/android-app/releases)(https://play.google.com/store/apps/details?id=net.ivpn.client), permettendo connessioni facili ai loro server. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Funzionalità aggiuntive" +#### :material-check:{ .pg-green } Mobile Clients - I client IVPN supportano l'autenticazione a due fattori (i client Mullvad no). IVPN inoltre fornisce la funzionalità "[AntiTracker](https://www.ivpn.net/antitracker)", la quale blocca le reti pubblicitarie e i tracker a livello di rete. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +I client IVPN supportano l'autenticazione a due fattori (i client Mullvad no). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Trova un operatore VPN che non si occupi di leggere o vendere il tuo traffico we - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 paesi" +#### :material-check:{ .pg-green } 41 Countries - Mullvad ha [server in 41 paesi](https://mullvad.net/servers/) (1). Scegliere un provider VPN con un server più vicino a voi ridurrà la latenza del traffico di rete inviato. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). - - Riteniamo inoltre che sia meglio per la sicurezza della chiave privata del provider VPN se utilizza [server dedicati](https://en.wikipedia.org/wiki/Dedicated_hosting_service), invece che soluzioni condivise (con altri clienti) più economiche, come un [virtual private server (VPS)](https://it.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). +{ .annotate } 1. Ultimo controllo: 19-01-2023 -??? success "Audit indipendente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - I client VPN di Mullvad sono stati revisionati da Cure53 e Assured AB in un rapporto di pentest [pubblicato su cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). I ricercatori di sicurezza hanno concluso che: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. Con la dedizione alla sicurezza del team interno al complesso Mullvad VPN, i tester non hanno dubbi riguardo alla giusta direzione del progetto da un punto di vista della sicurezza. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] L'ecosistema applicativo complessivo utilizzato da Mullvad lascia un'impressione solida e strutturata. La struttura complessiva dell'applicazione rende facile l'introduzione di patch e correzioni in modo strutturato. Più di ogni altra cosa, i risultati individuati da Cure53 mostrano l'importanza di controllare e rivalutare costantemente gli attuali vettori di fuga, al fine di garantire sempre la privacy degli utenti finali. Detto questo, Mullvad fa un ottimo lavoro nel proteggere l'utente finale dalle comuni perdite di informazioni d'identificazione personale e i relativi rischi legati alla privacy. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Accettano inoltre Swish e bonifici bancari. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supporta il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Inoltre, WireGuard mira a essere più semplice e performante. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. Questo per evitare che Mullvad possa identificarti in base all'utilizzo della porta e alle informazioni di abbonamento memorizzate. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure 53 e Assured AB sono soddisfatte dai risultati della verifica e il software lascia un'impressione complessivamente positiva. Con la dedizione alla sicurezza del team interno al complesso Mullvad VPN, i tester non hanno dubbi riguardo alla giusta direzione del progetto da un punto di vista della sicurezza. + **Proton VPN** è un forte concorrente nello spazio VPN ed è attivo dal 2016. Proton AG ha sede in Svizzera e offre un livello gratuito limitato, così come un'opzione premium più ricca di funzioni. - Nel 2020, un secondo audit [è stato annunciato](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) e il [rapporto finale](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) è stato reso disponibile nel sito web di Cure53: + **Gratuito** — **Piano Plus da 71,88€ all'anno** (1) - > I risultati di questo progetto del periodo maggio-giugno del 2020, riguardante il complesso di Mullvad, sono risultati piuttosto positivi. [...] L'ecosistema applicativo complessivo utilizzato da Mullvad lascia un'impressione solida e strutturata. La struttura complessiva dell'applicazione rende facile l'introduzione di patch e correzioni in modo strutturato. Più di ogni altra cosa, i risultati individuati da Cure53 mostrano l'importanza di controllare e rivalutare costantemente gli attuali vettori di fuga, al fine di garantire sempre la privacy degli utenti finali. Detto questo, Mullvad fa un ottimo lavoro nel proteggere l'utente finale dalle comuni perdite di informazioni d'identificazione personale e i relativi rischi legati alla privacy. + [:octicons-home-16: Pagina principale](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Informativa sulla privacy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentazione} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Codice sorgente" } downloads - Nel 2021, [è stato annunciato](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) un audit dell'infrastruttura e il [rapporto finale](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) è stato reso disponibile sul sito web di Cure53. Un altro rapporto è stato commissionato [nel giugno 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) ed è disponibile sul [sito web di Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Client Open-Source" +#### :material-check:{ .pg-green } 67 Countries - Mullvad rende disponibile il codice sorgente per i loro client desktop e per dispositivi mobili nella loro [organizzazione GitHub](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). +{ .annotate } -??? success "Accetta contanti e Monero" +1. Ultimo controllo: 16-09-2022 - Oltre ad accettare carte di credito/debito e PayPal, Mullvad accetta pagamenti in Bitcon, Bitcoin Cash, **Monero** e **contanti/valuta locale** come forma di pagamento anonima. Accettano inoltre Swish e bonifici bancari. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "Supporto WireGuard" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supporta il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) è un protocollo più recente che utilizza una [cryptography](https://www.wireguard.com/protocol/) di ultima generazione. Inoltre, WireGuard mira a essere più semplice e performante. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) l'utilizzo di WireGuard con il loro servizio. È il protocollo unico e predefinito nelle applicazioni su Android, iOS, macOS e Linux, mentre su Windows WireGuard va [attivato manualmente](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/). Mullvad offre un generatore di configurazioni WireGuard per l'uso con le [apps](https://www.wireguard.com/install/) ufficiali del protocollo. +Nel mese di gennaio del 2020, Proton VPN è stato sottoposto ad un audit indipendente da parte di SEC Consult. SEC Consult ha riscontrato alcune vulnerabilità di basso e medio rischio nelle applicazioni di Windows, Android e iOS, le quali sono state "adeguatamente risolte" da Proton VPN prima della pubblicazione dei rapporti. Nessuno dei problemi identificati avrebbe potuto garantire a un hacker di accedere da remoto al tuo dispositivo o al tuo traffico. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "Supporto IPv6" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supporta il futuro del networking [IPv6](https://it.wikipedia.org/wiki/IPv6). La loro rete ti permette di [accedere a servizi che utilizzano IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/), al contrario degli altri provider, che bloccano le connessioni IPv6. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Il [port forwarding](https://it.wikipedia.org/wiki/Port_forwarding) remoto è possibile per utenti che eseguono pagamenti una tantum, ma non per gli account con un metodo di pagamento ricorrente/sottoscrizione. Questo per evitare che Mullvad possa identificarti in base all'utilizzo della porta e alle informazioni di abbonamento memorizzate. Per ulteriori informazioni, vedere [port forwarding con Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/). +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Client mobile" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad ha pubblicato i client su [App Store](https://apps.apple.com/it/app/mullvad-vpn/id1488466513) e [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), entrambi supportano un'interfaccia facile da usare, invece che richiederti di configurare manualmente la tua connnesione WireGuard. Il client Android è disponibile anche su [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN supporta principalmente il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Inoltre, WireGuard mira a essere più semplice e performante. -??? info "Funzionalità aggiuntive" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad è molto trasparente su quali nodi [possiede o fitta](https://mullvad.net/en/servers/). Utilizzano [ShadowSocks](https://shadowsocks.org/) nella loro configurazione ShadowSocks + OpenVPN, rendendoli più resistenti ai firewall con [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) che cercano di bloccare le VPN. A quanto pare, [la Cina deve utilizzare un metodo diverso per bloccare i server ShadowSocks](https://github.com/net4people/bbs/issues/22). Il sito web di Mullvad è inoltre accessibile mediante Tor presso [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. In particolare le applicazioni Peer-to-peer come i client Torrent. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +I client Proton VPN supportano l'autenticazione a due fattori su tutte le piattaforme, ad eccezione di Linux, al momento. Proton VPN ha i propri server e datacenter in Svizzera, Islanda e Svezia. Offrono il blocco delle pubblicità e dei domini malware noti mediante il loro servizio DNS. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Se hai bisogno di questa funzione e utilizzi un Mac con chipset Intel, dovresti considerare l'utilizzo di un altro servizio VPN. ## CryptPad @@ -255,13 +261,13 @@ Preferiamo che i provider da noi consigliati raccolgano il minor numero di dati **Requisiti minimi:** -- Opzione di pagamento in contanti o in Monero. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - Nessuna informazione personale richiesta per registrarsi: solo nome utente, password ed e-mail al massimo. **Caso migliore:** -- Accetta Monero, contanti e altre forme di pagamento anonimo (carte regalo, etc.) -- Nessuna informazione personale richiesta (nome utente autogenerato, nessuna e-mail richiesta, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Sicurezza @@ -273,7 +279,7 @@ Una VPN è inutile se non è nemmeno in grado di fornire una sicurezza adeguata. - Perfect Forward Secrecy (PFS). - Audit sulla sicurezza pubblicati da un'azienda terza affidabile. -**Caso migliore:** +**Best Case:** - Crittografia più forte: RSA-4096. - Perfect Forward Secrecy (PFS). @@ -288,7 +294,7 @@ Non affideresti le tue finanze a qualcuno con un'identità falsa, quindi perché - Dirigenza o proprietà pubblica. -**Caso migliore:** +**Best Case:** - Dirigenza pubblica. - Rapporti di trasparenza frequenti. @@ -319,5 +325,3 @@ Il marketing responsabile, che è sia educativo che utile per il consumatore, po ### Funzionalità aggiuntive Anche se non requisiti rigidi, ci sono alcuni fattori che abbiamo considerato nel determinare quali servizi consigliare. Tra questi ci sono funzionalità di blocco dei tracker e delle pubblicità, canarini di garanzia, connessioni multihop, eccellenza nell'assistenza clienti, numero di connessioni simultanee consentite, ecc. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/ku/404.md b/i18n/ku/404.md new file mode 100644 index 000000000..d0ab82f6e --- /dev/null +++ b/i18n/ku/404.md @@ -0,0 +1,19 @@ +--- +hide: + - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" +--- + +# ٤٠٤ - نەدۆزرایەوە + +نەمانتوانی ئەو پەڕەیە بدۆزینەوە کە بەدوایدا دەگەڕایت! لەوانەیە تۆ بەدوای یەکێک لەمانەدا بگەڕێیت؟ + +- [پێشەکی بۆ مۆدێلی هەڕەشە](basics/threat-modeling.md) +- [دابینکەرانی DNSـی پێشنیارکراو](dns.md) +- [باشترین وێبگەڕانی کۆمپیوتەر](desktop-browsers.md) +- [باشترین دابینکەرانی VPN](vpn.md) +- [سەکۆی Privacy Guides](https://discuss.privacyguides.net) +- [بڵۆگەکەنان](https://blog.privacyguides.org) diff --git a/i18n/ku/CODE_OF_CONDUCT.md b/i18n/ku/CODE_OF_CONDUCT.md new file mode 100644 index 000000000..88a0e9100 --- /dev/null +++ b/i18n/ku/CODE_OF_CONDUCT.md @@ -0,0 +1,53 @@ +# Community Code of Conduct + +**We pledge** to make our community a harassment-free experience for everyone. + +**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others. + +**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment. + +## Community Standards + +What we expect from members of our communities: + +1. **Don't spread misinformation** + + We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. + +1. **Don't abuse our willingness to help** + + Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). + +1. **Behave in a positive and constructive manner** + + Examples of behavior that contributes to a positive environment for our community include: + + - Demonstrating empathy and kindness toward other people + - Being respectful of differing opinions, viewpoints, and experiences + - Giving and gracefully accepting constructive feedback + - Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience + - Focusing on what is best not just for us as individuals, but for the overall community + +### Unacceptable Behavior + +The following behaviors are considered harassment and are unacceptable within our community: + +- The use of sexualized language or imagery, and sexual attention or advances of any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a professional setting + +## Scope + +Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities. + +We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion. + +### Contact + +If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system. + +If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. diff --git a/i18n/ku/about/criteria.md b/i18n/ku/about/criteria.md new file mode 100644 index 000000000..3084230bd --- /dev/null +++ b/i18n/ku/about/criteria.md @@ -0,0 +1,40 @@ +--- +title: General Criteria +--- + +!!! example "Work in Progress" + + The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24) + +Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion. + +## Financial Disclosure + +We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors. + +## General Guidelines + +We apply these priorities when considering new recommendations: + +- **Secure**: Tools should follow security best-practices wherever applicable. +- **Source Availability**: Open source projects are generally preferred over equivalent proprietary alternatives. +- **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in. +- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases. +- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required. +- **Documented**: Tools should have clear and extensive documentation for use. + +## Developer Self-Submissions + +We have these requirements in regard to developers which wish to submit their project or software for consideration. + +- Must disclose affiliation, i.e. your position within the project being submitted. + +- Must have a security whitepaper if it is a project that involves handling of sensitive information like a messenger, password manager, encrypted cloud storage etc. + - Third party audit status. We want to know if you have one, or have one planned. If possible please mention who will be conducting the audit. + +- Must explain what the project brings to the table in regard to privacy. + - Does it solve any new problem? + - Why should anyone use it over the alternatives? + +- Must state what the exact threat model is with their project. + - It should be clear to potential users what the project can provide, and what it cannot. diff --git a/i18n/ku/about/donate.md b/i18n/ku/about/donate.md new file mode 100644 index 000000000..8accd67a1 --- /dev/null +++ b/i18n/ku/about/donate.md @@ -0,0 +1,50 @@ +--- +title: Supporting Us +--- + + +It takes a lot of [people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) and [work](https://github.com/privacyguides/privacyguides.org/pulse/monthly) to keep Privacy Guides up to date and spreading the word about privacy and mass surveillance. If you like what we do, consider getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides). + +If you want to support us financially, the most convenient method for us is contributing via Open Collective, a website operated by our fiscal host. Open Collective accepts payments via credit/debit card, PayPal, and bank transfers. + +[Donate on OpenCollective.com](https://opencollective.com/privacyguides/donate ""){.md-button.md-button--primary} + +Donations made directly to us on Open Collective are generally tax-deductible in the US, because our fiscal host (the Open Collective Foundation) is a registered 501(c)3 organization. You will receive a receipt from the Open Collective Foundation after donating. Privacy Guides does not provide financial advice, and you should contact your tax advisor to find out whether this is applicable to you. + +If you already make use of GitHub sponsorships, you can also sponsor our organization there. + +[Sponsor us on GitHub](https://github.com/sponsors/privacyguides ""){.md-button} + +## Backers + +A special thanks to all those who support our mission! :heart: + +*Please note: This section loads a widget directly from Open Collective. This section does not reflect donations made outside of Open Collective, and we have no control over the specific donors featured in this section.* + + + +## How We Use Donations + +Privacy Guides is a **non-profit** organization. We use donations for a variety of purposes, including: + +**Domain Registrations** +: + +We have a few domain names like `privacyguides.org` which cost us around $10 yearly to maintain their registration. + +**Web Hosting** +: + +Traffic to this website uses hundreds of gigabytes of data per month, we use a variety of service providers to keep up with this traffic. + +**Online Services** +: + +We host [internet services](https://privacyguides.net) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of which are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.). + +**Product Purchases** +: + +We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). + +We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). diff --git a/i18n/ku/about/index.md b/i18n/ku/about/index.md new file mode 100644 index 000000000..619406fee --- /dev/null +++ b/i18n/ku/about/index.md @@ -0,0 +1,89 @@ +--- +template: schema.html +title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. +--- + +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } + +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. + +## Our Team + +??? person "@jonah" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/jonah) + - [:simple-github: GitHub](https://github.com/jonaharagon "@jonaharagon") + - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){rel=me} + - [:fontawesome-solid-house: Homepage](https://www.jonaharagon.com) + +??? person "@niek-de-wilde" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/Niek-de-Wilde) + - [:simple-github: GitHub](https://github.com/blacklight447 "@blacklight447") + - [:simple-mastodon: Mastodon](https://mastodon.social/@blacklight447 "@blacklight447@mastodon.social"){rel=me} + +??? person "@dngray" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/dngray) + - [:simple-github: GitHub](https://github.com/dngray "@dngray") + - [:simple-mastodon: Mastodon](https://mastodon.social/@dngray "@dngray@mastodon.social"){rel=me} + - [:fontawesome-solid-envelope: Email](mailto:dngray@privacyguides.org) + +??? person "@freddy" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/freddy) + - [:simple-github: GitHub](https://github.com/freddy-m "@freddy-m") + - [:simple-mastodon: Mastodon](https://social.lol/@freddy "@freddy@social.lol"){rel=me} + - [:fontawesome-solid-envelope: Email](mailto:freddy@privacyguides.org) + - [:fontawesome-solid-house: Homepage](https://freddy.omg.lol) + +??? person "@mfwmyfacewhen" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/mfwmyfacewhen) + - [:simple-github: GitHub](https://github.com/mfwmyfacewhen "@mfwmyfacewhen") + - [:fontawesome-solid-house: Homepage](https://mfw.omg.lol) + +??? person "@olivia" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/olivia) + - [:simple-github: GitHub](https://github.com/hook9 "@hook9") + - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} + +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). + +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. + +## Site License + +*The following is a human-readable summary of (and not a substitute for) the [license](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):* + +:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. + +This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! diff --git a/i18n/ku/about/notices.md b/i18n/ku/about/notices.md new file mode 100644 index 000000000..bb32edd50 --- /dev/null +++ b/i18n/ku/about/notices.md @@ -0,0 +1,43 @@ +--- +title: "Notices and Disclaimers" +hide: + - toc +--- + +## Legal Disclaimer + +Privacy Guides is not a law firm. As such, the Privacy Guides website and contributors are not providing legal advice. The material and recommendations in our website and guides do not constitute legal advice nor does contributing to the website or communicating with Privacy Guides or other contributors about our website create an attorney-client relationship. + +Running this website, like any human endeavor, involves uncertainty and trade-offs. We hope this website helps, but it may include mistakes and can’t address every situation. If you have any questions about your situation, we encourage you to do your own research, seek out other experts, and engage in discussions with the Privacy Guides community. If you have any legal questions, you should consult with your own legal counsel before moving forward. + +Privacy Guides is an open source project contributed to under licenses that include terms that, for the protection of the website and its contributors, make clear that the Privacy Guides project and website is offered "as-is", without warranty, and disclaiming liability for damages resulting from using the website or any recommendations contained within. Privacy Guides does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on the website or otherwise relating to such materials on the website or on any third-party sites linked on this site. + +Privacy Guides additionally does not warrant that this website will be constantly available, or available at all. + +## Licenses + +Unless otherwise noted, all content on this website is made available under the terms of the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). + +This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive: + +* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt). + +Portions of this notice itself were adopted from [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) on GitHub. That resource and this page itself are released under [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE). + +This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo. + +We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://www.copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.* + +When you contribute to this repository you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project. + +## Acceptable Use + +You may not use this website in any way that causes or may cause damage to the website or impairment of the availability or accessibility of Privacy Guides, or in any way which is unlawful, illegal, fraudulent, harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity. + +You must not conduct any systematic or automated data collection activities on or in relation to this website without express written consent, including: + +* Excessive Automated Scans +* Denial of Service Attacks +* Scraping +* Data Mining +* 'Framing' (IFrames) diff --git a/i18n/ku/about/privacy-policy.md b/i18n/ku/about/privacy-policy.md new file mode 100644 index 000000000..f83197fa1 --- /dev/null +++ b/i18n/ku/about/privacy-policy.md @@ -0,0 +1,61 @@ +--- +title: "سیاسەتی تایبەتێتـی" +--- + +Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). + +## Data We Collect From Visitors + +The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website: + +- No personal information is collected +- No information such as cookies are stored in the browser +- No information is shared with, sent to or sold to third-parties +- No information is shared with advertising companies +- No information is mined and harvested for personal and behavioral trends +- No information is monetized + +You can view the data we collect on our [statistics](statistics.md) page. + +We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected. + +Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy). + +## Data We Collect From Account Holders + +On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform. + +To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site. + +We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services. + +We use your email to: + +- Notify you about posts and other activity on the websites or services. +- Reset your password and help keep your account secure. +- Contact you in special circumstances related to your account. +- Contact you about legal requests, such as DMCA takedown requests. + +On some websites and services you may provide additional information for your account, such as a short biography, avatar, your location, or your birthday. We make that information available to everyone who can access the website or service in question. This information is not required to use any of our services and can be erased at any time. + +We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days. + +## Contacting Us + +The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to: + +```text +Jonah Aragon +Services Administrator +jonah@privacyguides.org +``` + +For all other inquiries, you can contact any member of our team. + +For complaints under GDPR more generally, you may lodge complaints with your local data protection supervisory authorities. In France it's the Commission Nationale de l'Informatique et des Libertés which take care and handle the complaints. They provide a [template of complaint letter](https://www.cnil.fr/en/plaintes) to use. + +## About This Policy + +We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. + +A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. diff --git a/i18n/ku/about/privacytools.md b/i18n/ku/about/privacytools.md new file mode 100644 index 000000000..515c21f59 --- /dev/null +++ b/i18n/ku/about/privacytools.md @@ -0,0 +1,118 @@ +--- +title: "PrivacyTools FAQ" +--- + +# Why we moved on from PrivacyTools + +In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. + +Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition. + +After the organizational move was completed, the founder of PrivacyTools returned and began to spread misinformation about the Privacy Guides project. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. We are creating this page to clear up any misconceptions. + +## What is PrivacyTools? + +PrivacyTools was created in 2015 by "BurungHantu," who wanted to make a privacy information resource - helpful tools following the Snowden revelations. The site grew into a flourishing open-source project with [many contributors](https://github.com/privacytools/privacytools.io/graphs/contributors), some eventually given various organizational responsibilities, such as operating online services like Matrix and Mastodon, managing and reviewing changes to the site on GitHub, finding sponsors for the project, writing blog posts and operating social media outreach platforms like Twitter, etc. + +Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. This change was unanimously agreed upon by the team and went uncontested. + +## Why We Moved On + +In 2020, BurungHantu's absence grew much more noticeable. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. He would disappear from the public chat and private team chat rooms on Matrix for months at a time, occasionally popping in to give some small feedback or promise to be more active before disappearing once again. + +In October 2020, the PrivacyTools system administrator (Jonah) [left](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) the project because of these difficulties, handing control to another long-time contributor. Jonah had been operating nearly every PrivacyTools service and acting as the *de facto* project lead for website development in BurungHantu's absence, thus his departure was a significant change to the organization. At the time, because of these significant organizational changes, BurungHantu promised the remaining team he would return to take control of the project going forward. ==The PrivacyTools team reached out via several communication methods over the following months, but did not receive any response.== + +## Domain Name Reliance + +At the beginning of 2021, the PrivacyTools team grew worried about the future of the project, because the domain name was set to expire on 1st March 2021. The domain was ultimately renewed by BurungHantu with no comment. + +The team’s concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. We also would have had trouble reaching the community to inform them of what took place. + +Without being in any contact with BurungHantu, we decided the best course of action would be to move to a new domain name while we still had guaranteed control over the old domain name, sometime before March 2022. This way, we would be able to cleanly redirect all PrivacyTools resources to the new site without any interruption in service. This decision was made many months in advance and communicated to the entire team in the hopes that BurungHantu would reach out and assure his continued support for the project, because with a recognizable brand name and large communities online, moving away from "PrivacyTools" was the least desirable possible outcome. + +In mid-2021 the PrivacyTools team reached out to Jonah, who agreed to rejoin the team to help with the transition. + +## Community Call to Action + +At the end of July 2021, we [informed](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) the PrivacyTools community of our intention to choose a new name and continue the project on a new domain, to be [chosen](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) on 2nd August 2022. In the end, "Privacy Guides" was selected, with the `privacyguides.org` domain already owned by Jonah for a side-project from 2020 that went undeveloped. + +## Control of r/privacytoolsIO + +Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit. + +Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms. + +> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer. +> +> r/redditrequest is Reddit's way of making sure communities have active moderators and is part of the [Moderator Code of Conduct](https://www.redditinc.com/policies/moderator-code-of-conduct). + +## Beginning the Transition + +On September 14th, 2021, we [announced](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) the beginning of our migration to this new domain: + +> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc. + +This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/) + +- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). +- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site. +- Posting announcements to our subreddit and various other communities informing people of the official change. +- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible. + +Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped. + +## Following Events + +Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project. + +At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible). + +Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services. + +Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so. + +BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim. + +## PrivacyTools.io Now + +As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs. + +==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder. + +## r/privacytoolsIO Now + +After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021: + +> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you. +> +> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It’s not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It’s unfair to the team formed years ago. It’s unfair to you. [...] + +Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides. + +In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) of Reddit rules: + +> Retaliation from any moderator with regards to removal requests is disallowed. + +For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is. + +## OpenCollective Now + +Our fundraising platform, OpenCollective, is another source of contention. Our position is that OpenCollective was put in place by our team and managed by our team to fund services we currently operate and which PrivacyTools no longer does. We [reached out](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) to all of our donors regarding our move to Privacy Guides, and we were unanimously supported by our sponsors and community. + +Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer: + +> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net. + +## Further Reading + +This topic has been discussed extensively within our communities in various locations, and it seems likely that most people reading this page will already be familiar with the events leading up to the move to Privacy Guides. Some of our previous posts on the matter may have extra detail we omitted here for brevity. They have been linked below for the sake of completion. + +- [June 28, 2021 request for control of r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) +- [July 27, 2021 announcement of our intentions to move on the PrivacyTools blog, written by the team](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) +- [Sept 13, 2021 announcement of the beginning of our transition to Privacy Guides on r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/) +- [Sept 17, 2021 announcement on OpenCollective from Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) +- [Sept 30, 2021 Twitter thread detailing most of the events now described on this page](https://twitter.com/privacy_guides/status/1443633412800225280) +- [Oct 1, 2021 post by u/dng99 noting subdomain failure](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) +- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) +- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) +- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) diff --git a/i18n/ku/about/services.md b/i18n/ku/about/services.md new file mode 100644 index 000000000..71f2c95b7 --- /dev/null +++ b/i18n/ku/about/services.md @@ -0,0 +1,38 @@ +# Privacy Guides Services + +We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below. + +[:material-comment-alert: Report an issue](https://discuss.privacyguides.net/c/services/2 ""){.md-button.md-button--primary} + +## Discourse + +- Domain: [discuss.privacyguides.net](https://discuss.privacyguides.net) +- Availability: Public +- Source: [github.com/discourse/discourse](https://github.com/discourse/discourse) + +## Gitea + +- Domain: [code.privacyguides.dev](https://code.privacyguides.dev) +- Availability: Invite-Only + Access may be granted upon request to any team working on *Privacy Guides*-related development or content. +- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea) + +## Matrix + +- Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org) +- Availability: Invite-Only + Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence. +- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) + +## SearXNG + +- Domain: [search.privacyguides.net](https://search.privacyguides.net) +- Availability: Public +- Source: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker) + +## Invidious + +- Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net) +- Availability: Semi-Public + We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. +- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) diff --git a/i18n/ku/about/statistics.md b/i18n/ku/about/statistics.md new file mode 100644 index 000000000..8f17240c3 --- /dev/null +++ b/i18n/ku/about/statistics.md @@ -0,0 +1,61 @@ +--- +title: Traffic Statistics +--- + +## Website Statistics + + +
Stats powered by Plausible Analytics
+ + + + +## Blog Statistics + + +
Stats powered by Plausible Analytics
+ + + diff --git a/i18n/ku/advanced/communication-network-types.md b/i18n/ku/advanced/communication-network-types.md new file mode 100644 index 000000000..1f07a2c4c --- /dev/null +++ b/i18n/ku/advanced/communication-network-types.md @@ -0,0 +1,103 @@ +--- +title: "Types of Communication Networks" +icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. +--- + +There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. + +[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} + +## Centralized Networks + +![Centralized networks diagram](../assets/img/layout/network-centralized.svg){ align=left } + +Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization. + +Some self-hosted messengers allow you to set up your own server. Self-hosting can provide additional privacy guarantees, such as no usage logs or limited access to metadata (data about who is talking to whom). Self-hosted centralized messengers are isolated and everyone must be on the same server to communicate. + +**Advantages:** + +- New features and changes can be implemented more quickly. +- Easier to get started with and to find contacts. +- Most mature and stable features ecosystems, as they are easier to program in a centralized software. +- Privacy issues may be reduced when you trust a server that you're self-hosting. + +**Disadvantages:** + +- Can include [restricted control or access](https://drewdevault.com/2018/08/08/Signal.html). This can include things like: +- Being [forbidden from connecting third-party clients](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165) to the centralized network that might provide for greater customization or a better experience. Often defined in Terms and Conditions of usage. +- Poor or no documentation for third-party developers. +- The [ownership](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/), privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on. +- Self-hosting requires effort and knowledge of how to set up a service. + +## Federated Networks + +![Federated networks diagram](../assets/img/layout/network-decentralized.svg){ align=left } + +Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network. + +When self-hosted, members of a federated server can discover and communicate with members of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server). + +**Advantages:** + +- Allows for greater control over your own data when running your own server. +- Allows you to choose whom to trust your data with by choosing between multiple "public" servers. +- Often allows for third-party clients which can provide a more native, customized, or accessible experience. +- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member). + +**Disadvantages:** + +- Adding new features is more complex because these features need to be standardized and tested to ensure they work with all servers on the network. +- Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion. +- Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used). +- Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is used. +- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with members of those servers. + +## Peer-to-Peer Networks + +![P2P diagram](../assets/img/layout/network-distributed.svg){ align=left } + +P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server. + +Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://www.scuttlebutt.nz) social network protocol). + +Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient. + +P2P networks do not use servers, as peers communicate directly between each other and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as user discovery or relaying offline messages, which can benefit from self-hosting. + +**Advantages:** + +- Minimal information is exposed to third-parties. +- Modern P2P platforms implement E2EE by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models. + +**Disadvantages:** + +- Reduced feature set: +- Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online. +- Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online. +- Some common messenger features may not be implemented or incompletely, such as message deletion. +- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../vpn.md) or [Tor](../tor.md). Many countries have some form of mass surveillance and/or metadata retention. + +## Anonymous Routing + +![Anonymous routing diagram](../assets/img/layout/network-anonymous-routing.svg){ align=left } + +A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three. + +There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers." + +Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit. + +**Advantages:** + +- Minimal to no information is exposed to other parties. +- Messages can be relayed in a decentralized manner even if one of the parties is offline. + +**Disadvantages:** + +- Slow message propagation. +- Often limited to fewer media types, mostly text, since the network is slow. +- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. +- More complex to get started, as the creation and secured backup of a cryptographic private key is required. +- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. diff --git a/i18n/ku/advanced/dns-overview.md b/i18n/ku/advanced/dns-overview.md new file mode 100644 index 000000000..b47af2809 --- /dev/null +++ b/i18n/ku/advanced/dns-overview.md @@ -0,0 +1,306 @@ +--- +title: "DNS Overview" +icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. +--- + +The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. + +## What is DNS? + +When you visit a website, a numerical address is returned. For example, when you visit `privacyguides.org`, the address `192.98.54.105` is returned. + +DNS has existed since the [early days](https://en.wikipedia.org/wiki/Domain_Name_System#History) of the Internet. DNS requests made to and from DNS servers are **not** generally encrypted. In a residential setting, a customer is given servers by the ISP via [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol). + +Unencrypted DNS requests are able to be easily **surveilled** and **modified** in transit. In some parts of the world, ISPs are ordered to do primitive [DNS filtering](https://en.wikipedia.org/wiki/DNS_blocking). When you request the IP address of a domain that is blocked, the server may not respond or may respond with a different IP address. As the DNS protocol is not encrypted, the ISP (or any network operator) can use [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) to monitor requests. ISPs can also block requests based on common characteristics, regardless of which DNS server is used. Unencrypted DNS always uses [port](https://en.wikipedia.org/wiki/Port_(computer_networking)) 53 and always uses UDP. + +Below, we discuss and provide a tutorial to prove what an outside observer may see using regular unencrypted DNS and [encrypted DNS](#what-is-encrypted-dns). + +### Unencrypted DNS + +1. Using [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html) (part of the [Wireshark](https://en.wikipedia.org/wiki/Wireshark) project) we can monitor and record internet packet flow. This command records packets that meet the rules specified: + + ```bash + tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8 + ``` + +2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS etc) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS. + + === "Linux, macOS" + + ``` + dig +noall +answer privacyguides.org @1.1.1.1 + dig +noall +answer privacyguides.org @8.8.8.8 + ``` + === "Windows" + + ``` + nslookup privacyguides.org 1.1.1.1 + nslookup privacyguides.org 8.8.8.8 + ``` + +3. Next, we want to [analyse](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results: + + === "Wireshark" + + ``` + wireshark -r /tmp/dns.pcap + ``` + + === "tshark" + + ``` + tshark -r /tmp/dns.pcap + ``` + +If you run the Wireshark command above, the top pane shows the "[frames](https://en.wikipedia.org/wiki/Ethernet_frame)", and the bottom pane shows all the data about the selected frame. Enterprise filtering and monitoring solutions (such as those purchased by governments) can do the process automatically, without human interaction, and can aggregate those frames to produce statistical data useful to the network observer. + +| No. | Time | Source | Destination | Protocol | Length | Info | +| --- | -------- | --------- | ----------- | -------- | ------ | ---------------------------------------------------------------------- | +| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | DNS | 104 | Standard query 0x58ba A privacyguides.org OPT | +| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | DNS | 108 | Standard query response 0x58ba A privacyguides.org A 198.98.54.105 OPT | +| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | DNS | 104 | Standard query 0xf1a9 A privacyguides.org OPT | +| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | DNS | 108 | Standard query response 0xf1a9 A privacyguides.org A 198.98.54.105 OPT | + +An observer could modify any of these packets. + +## What is "encrypted DNS"? + +Encrypted DNS can refer to one of a number of protocols, the most common ones being: + +### DNSCrypt + +[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh). + +### DNS over TLS (DoT) + +[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS) is another method for encrypting DNS communication that is defined in [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858). Support was first implemented in Android 9, iOS 14, and on Linux in [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) in version 237. Preference in the industry has been moving away from DoT to DoH in recent years, as DoT is a [complex protocol](https://dnscrypt.info/faq/) and has varying compliance to the RFC across the implementations that exist. DoT also operates on a dedicated port 853 which can be blocked easily by restrictive firewalls. + +### DNS over HTTPS (DoH) + +[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83. + +Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../dns.md#encrypted-dns-proxies). + +## What can an outside party see? + +In this example we will record what happens when we make a DoH request: + +1. First, start `tshark`: + + ```bash + tshark -w /tmp/dns_doh.pcap -f "tcp port https and host 1.1.1.1" + ``` + +2. Second, make a request with `curl`: + + ```bash + curl -vI --doh-url https://1.1.1.1/dns-query https://privacyguides.org + ``` + +3. After making the request, we can stop the packet capture with CTRL + C. + +4. Analyse the results in Wireshark: + + ```bash + wireshark -r /tmp/dns_doh.pcap + ``` + +We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) and [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) that occurs with any encrypted connection. When looking at the "application data" packets that follow, none of them contain the domain we requested or the IP address returned. + +## Why **shouldn't** I use encrypted DNS? + +In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity. + +When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS: + +### IP Address + +The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides. + +This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet. + +### Server Name Indication (SNI) + +Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection. + +1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets: + + ```bash + tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105 + ``` + +2. Then we visit [https://privacyguides.org](https://privacyguides.org). + +3. After visiting the website, we want to stop the packet capture with CTRL + C. + +4. Next we want to analyze the results: + + ```bash + wireshark -r /tmp/pg.pcap + ``` + + We will see the connection establishment, followed by the TLS handshake for the Privacy Guides website. Around frame 5. you'll see a "Client Hello". + +5. Expand the triangle ▸ next to each field: + + ```text + ▸ Transport Layer Security + ▸ TLSv1.3 Record Layer: Handshake Protocol: Client Hello + ▸ Handshake Protocol: Client Hello + ▸ Extension: server_name (len=22) + ▸ Server Name Indication extension + ``` + +6. We can see the SNI value which discloses the website we are visiting. The `tshark` command can give you the value directly for all packets containing a SNI value: + + ```bash + tshark -r /tmp/pg.pcap -Tfields -Y tls.handshake.extensions_server_name -e tls.handshake.extensions_server_name + ``` + +This means even if we are using "Encrypted DNS" servers, the domain will likely be disclosed through SNI. The [TLS v1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3) protocol brings with it [Encrypted Client Hello](https://blog.cloudflare.com/encrypted-client-hello/), which prevents this kind of leak. + +Governments, in particular [China](https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) and [Russia](https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/), have either already [started blocking](https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello) it or expressed a desire to do so. Recently, Russia has [started blocking foreign websites](https://github.com/net4people/bbs/issues/108) that use the [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) standard. This is because the [QUIC](https://en.wikipedia.org/wiki/QUIC) protocol that is a part of HTTP/3 requires that `ClientHello` also be encrypted. + +### Online Certificate Status Protocol (OCSP) + +Another way your browser can disclose your browsing activities is with the [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). When visiting an HTTPS website, the browser might check to see if the website's [certificate](https://en.wikipedia.org/wiki/Public_key_certificate) has been revoked. This is generally done through the HTTP protocol, meaning it is **not** encrypted. + +The OCSP request contains the certificate "[serial number](https://en.wikipedia.org/wiki/Public_key_certificate#Common_fields)", which is unique. It is sent to the "OCSP responder" in order to check its status. + +We can simulate what a browser would do using the [`openssl`](https://en.wikipedia.org/wiki/OpenSSL) command. + +1. Get the server certificate and use [`sed`](https://en.wikipedia.org/wiki/Sed) to keep just the important part and write it out to a file: + + ```bash + openssl s_client -connect privacyguides.org:443 < /dev/null 2>&1 | + sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_server.cert + ``` + +2. Get the intermediate certificate. [Certificate Authorities (CA)](https://en.wikipedia.org/wiki/Certificate_authority) normally don't sign a certificate directly; they use what is known as an "intermediate" certificate. + + ```bash + openssl s_client -showcerts -connect privacyguides.org:443 < /dev/null 2>&1 | + sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_and_intermediate.cert + ``` + +3. The first certificate in `pg_and_intermediate.cert` is actually the server certificate from step 1. We can use `sed` again to delete until the first instance of END: + + ```bash + sed -n '/^-*END CERTIFICATE-*$/!d;:a n;p;ba' \ + /tmp/pg_and_intermediate.cert > /tmp/intermediate_chain.cert + ``` + +4. Get the OCSP responder for the server certificate: + + ```bash + openssl x509 -noout -ocsp_uri -in /tmp/pg_server.cert + ``` + + Our certificate shows the Lets Encrypt certificate responder. If we want to see all the details of the certificate we can use: + + ```bash + openssl x509 -text -noout -in /tmp/pg_server.cert + ``` + +5. Start the packet capture: + + ```bash + tshark -w /tmp/pg_ocsp.pcap -f "tcp port http" + ``` + +6. Make the OCSP request: + + ```bash + openssl ocsp -issuer /tmp/intermediate_chain.cert \ + -cert /tmp/pg_server.cert \ + -text \ + -url http://r3.o.lencr.org + ``` + +7. Open the capture: + + ```bash + wireshark -r /tmp/pg_ocsp.pcap + ``` + + There will be two packets with the "OCSP" protocol: a "Request" and a "Response". For the "Request" we can see the "serial number" by expanding the triangle ▸ next to each field: + + ```bash + ▸ Online Certificate Status Protocol + ▸ tbsRequest + ▸ requestList: 1 item + ▸ Request + ▸ reqCert + serialNumber + ``` + + For the "Response" we can also see the "serial number": + + ```bash + ▸ Online Certificate Status Protocol + ▸ responseBytes + ▸ BasicOCSPResponse + ▸ tbsResponseData + ▸ responses: 1 item + ▸ SingleResponse + ▸ certID + serialNumber + ``` + +8. Or use `tshark` to filter the packets for the Serial Number: + + ```bash + tshark -r /tmp/pg_ocsp.pcap -Tfields -Y ocsp.serialNumber -e ocsp.serialNumber + ``` + +If the network observer has the public certificate, which is publicly available, they can match the serial number with that certificate and therefore determine the site you're visiting from that. The process can be automated and can associate IP addresses with serial numbers. It is also possible to check [Certificate Transparency](https://en.wikipedia.org/wiki/Certificate_Transparency) logs for the serial number. + +## Should I use encrypted DNS? + +We made this flow chart to describe when you *should* use encrypted DNS: + +``` mermaid +graph TB + Start[Start] --> anonymous{Trying to be
anonymous?} + anonymous--> | Yes | tor(Use Tor) + anonymous --> | No | censorship{Avoiding
censorship?} + censorship --> | Yes | vpnOrTor(Use
VPN or Tor) + censorship --> | No | privacy{Want privacy
from ISP?} + privacy --> | Yes | vpnOrTor + privacy --> | No | obnoxious{ISP makes
obnoxious
redirects?} + obnoxious --> | Yes | encryptedDNS(Use
encrypted DNS
with 3rd party) + obnoxious --> | No | ispDNS{Does ISP support
encrypted DNS?} + ispDNS --> | Yes | useISP(Use
encrypted DNS
with ISP) + ispDNS --> | No | nothing(Do nothing) +``` + +Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering. + +[List of recommended DNS servers](../dns.md ""){.md-button} + +## What is DNSSEC? + +[Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC) is a feature of DNS that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but rather prevents attackers from manipulating or poisoning the responses to DNS requests. + +In other words, DNSSEC digitally signs data to help ensure its validity. In order to ensure a secure lookup, the signing occurs at every level in the DNS lookup process. As a result, all answers from DNS can be trusted. + +The DNSSEC signing process is similar to someone signing a legal document with a pen; that person signs with a unique signature that no one else can create, and a court expert can look at that signature and verify that the document was signed by that person. These digital signatures ensure that data has not been tampered with. + +DNSSEC implements a hierarchical digital signing policy across all layers of DNS. For example, in the case of a `privacyguides.org` lookup, a root DNS server would sign a key for the `.org` nameserver, and the `.org` nameserver would then sign a key for `privacyguides.org`’s authoritative nameserver. + +Adapted from [DNS Security Extensions (DNSSEC) overview](https://cloud.google.com/dns/docs/dnssec) by Google and [DNSSEC: An Introduction](https://blog.cloudflare.com/dnssec-an-introduction/) by Cloudflare, both licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/). + +## What is QNAME minimization? + +A QNAME is a "qualified name", for example `privacyguides.org`. QNAME minimisation reduces the amount of information sent from the DNS server to the [authoritative name server](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server). + +Instead of sending the whole domain `privacyguides.org`, QNAME minimization means the DNS server will ask for all the records that end in `.org`. Further technical description is defined in [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816). + +## What is EDNS Client Subnet (ECS)? + +The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a method for a recursive DNS resolver to specify a [subnetwork](https://en.wikipedia.org/wiki/Subnetwork) for the [host or client](https://en.wikipedia.org/wiki/Client_(computing)) which is making the DNS query. + +It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. + +This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. diff --git a/i18n/ku/advanced/payments.md b/i18n/ku/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/ku/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/ku/advanced/tor-overview.md b/i18n/ku/advanced/tor-overview.md new file mode 100644 index 000000000..dd9d2a951 --- /dev/null +++ b/i18n/ku/advanced/tor-overview.md @@ -0,0 +1,80 @@ +--- +title: "Tor Overview" +icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. +--- + +Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. + +## Path Building + +Tor works by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays). + +Every time you connect to Tor, it will choose three nodes to build a path to the internet—this path is called a "circuit." Each of these nodes has its own function: + +### The Entry Node + +The entry node, often called the guard node, is the first node to which your Tor client connects. The entry node is able to see your IP address, however it is unable to see what you are connecting to. + +Unlike the other nodes, the Tor client will randomly select an entry node and stick with it for two to three months to protect you from certain attacks.[^1] + +### The Middle Node + +The middle node is the second node to which your Tor client connects. It can see which node the traffic came from—the entry node—and to which node it goes to next. The middle node cannot, see your IP address or the domain you are connecting to. + +For each new circuit, the middle node is randomly selected out of all available Tor nodes. + +### The Exit Node + +The exit node is the point in which your web traffic leaves the Tor network and is forwarded to your desired destination. The exit node is unable to see your IP address, but it does know what site it's connecting to. + +The exit node will be chosen at random from all available Tor nodes ran with an exit relay flag.[^2] + +
+ ![Tor path](../assets/img/how-tor-works/tor-path.svg#only-light) + ![Tor path](../assets/img/how-tor-works/tor-path-dark.svg#only-dark) +
Tor circuit pathway
+
+ +## Encryption + +Tor encrypts each packet (a block of transmitted data) three times with the keys from the exit, middle, and entry node—in that order. + +Once Tor has built a circuit, data transmission is done as follows: + +1. Firstly: when the packet arrives at the entry node, the first layer of encryption is removed. In this encrypted packet, the entry node will find another encrypted packet with the middle node’s address. The entry node will then forward the packet to the middle node. + +2. Secondly: when the middle node receives the packet from the entry node, it too will remove a layer of encryption with its key, and this time finds an encrypted packet with the exit node's address. The middle node will then forward the packet to the exit node. + +3. Lastly: when the exit node receives its packet, it will remove the last layer of encryption with its key. The exit node will see the destination address and forward the packet to that address. + +Below is an alternative diagram showing the process. Each node removes its own layer of encryption, and when the destination server returns data, the same process happens entirely in reverse. For example, the exit node does not know who you are, but it does know which node it came from, and so it adds its own layer of encryption and sends it back. + +
+ ![Tor encryption](../assets/img/how-tor-works/tor-encryption.svg#only-light) + ![Tor encryption](../assets/img/how-tor-works/tor-encryption-dark.svg#only-dark) +
Sending and receiving data through the Tor Network
+
+ +Tor allows us to connect to a server without any single party knowing the entire path. The entry node knows who you are, but not where you are going; the middle node doesn’t know who you are or where you are going; and the exit node knows where you are going, but not who you are. Because the exit node is what makes the final connection, the destination server will never know your IP address. + +## Caveats + +Though Tor does provide strong privacy guarantees, one must be aware that Tor is not perfect: + +- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis. Nor does Tor protect you from exposing yourself by mistake, such as if you share too much information about your real identity. +- Tor exit nodes can also monitor traffic that passes through them. This means traffic which is not encrypted, such as plain HTTP traffic, can be recorded and monitored. If such traffic contains personally identifiable information, then it can deanonymize you to that exit node. Thus, we recommend using HTTPS over Tor where possible. + +If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting. + +- [Tor Browser :material-arrow-right-drop-circle:](../tor.md#tor-browser) + +## Additional Resources + +- [Tor Browser User Manual](https://tb-manual.torproject.org) +- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) +- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) + +[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) + +[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/ku/android.md b/i18n/ku/android.md new file mode 100644 index 000000000..2300ac5bd --- /dev/null +++ b/i18n/ku/android.md @@ -0,0 +1,353 @@ +--- +title: "ئەندرۆید" +icon: 'simple/android' +description: 'دەتوانیت سیستەمی کارپێکردن سەر تەلەفۆنی ئەندرۆیدەکەت بگۆڕیت بۆ ئەم جێگرەوانەی، کە پارێزراو و ڕێزگرن لە تایبەتمەندێتی.' +--- + +![Android logo](assets/img/android/android.svg){ align=right } + +**پڕۆژەی ئەندرۆیدی سەرچاوەکراوە** سیستەمی سەرچاوەکراوەی کارپێکردنی مۆبایلە کە لە لایەن گووگڵەوە بەڕێوەدەبرێت, کە زۆربەی ئامێرەکانی مۆبایل لە جیهاندا بەکاردێت. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features. + +[:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage } +[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} +[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Source Code" } + +These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: + +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} + +## AOSP Derivatives + +We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. + +!!! note + + End-of-life devices (such as GrapheneOS or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software. + +### GrapheneOS + +!!! recommendation + + ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right } + ![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right } + + **GrapheneOS** is the best choice when it comes to privacy and security. + + GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported. + + [:octicons-home-16: Homepage](https://grapheneos.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. + +Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). + +### DivestOS + +!!! recommendation + + ![DivestOS logo](assets/img/android/divestos.svg){ align=right } + + **DivestOS** is a soft-fork of [LineageOS](https://lineageos.org/). + DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices. + + [:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary } + [:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" } + [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute } + +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. + +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). + +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. + +!!! warning + + DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. + + Not all of the supported devices have verified boot, and some perform it better than others. + +## Android Devices + +When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. + +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. + +Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. + +A few more tips regarding Android devices and operating system compatibility: + +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. +- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! + +### Google Pixel + +Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element. + +!!! recommendation + + ![Google Pixel 6](assets/img/android/google-pixel.png){ align=right } + + **Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems. + + Beginning with the **Pixel 6** and **6 Pro**, Pixel devices receive a minimum of 5 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-4 years competing OEMs typically offer. + + [:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary } + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface. + +Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. + +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. + +A few more tips for purchasing a Google Pixel: + +- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. +- Consider price beating options and specials offered at physical stores. +- Look at online community bargain sites in your country. These can alert you to good sales. +- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. + +## General Apps + +We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. + +### Shelter + +!!! recommendation + + ![Shelter logo](assets/img/android/shelter.svg){ align=right } + + **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device. + + Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)). + + [:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter) + +!!! warning + + Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). + + When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile. + +### Auditor + +!!! recommendation + + ![Auditor logo](assets/img/android/auditor.svg#only-light){ align=right } + ![Auditor logo](assets/img/android/auditor-dark.svg#only-dark){ align=right } + + **Auditor** is an app which leverages hardware security features to provide device integrity monitoring for [supported devices](https://attestation.app/about#device-support). Currently, it only works with GrapheneOS and the device's stock operating system. + + [:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary } + [:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation} + [:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" } + [:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play) + - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases) + - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) + +Auditor performs attestation and intrusion detection by: + +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). +- The *auditor* records the current state and configuration of the *auditee*. +- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. +- You will be alerted to the change. + +No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. + +If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection. + +### Secure Camera + +!!! recommendation + + ![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right } + ![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right } + + **Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices. + + [:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary } + [:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play) + - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) + - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) + +Main privacy features include: + +- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required +- Microphone permission not required unless you want to record sound + +!!! note + + Metadata is not currently deleted from video files but that is planned. + + The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser). + +### Secure PDF Viewer + +!!! recommendation + + ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right } + ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right } + + **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files. + + [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content. + + [:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play) + - [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases) + - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) + +## Obtaining Applications + +### GrapheneOS App Store + +GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. + +### Aurora Store + +The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store. + +!!! recommendation + + ![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right } + + **Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps. + + [:octicons-home-16: Homepage](https://auroraoss.com/){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) + +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. + +### Manually with RSS Notifications + +For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases. + +![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark) + +#### GitHub + +On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: + +`https://github.com/GrapheneOS/Camera/releases.atom` + +#### GitLab + +On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL: + +`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` + +#### Verifying APK Fingerprints + +If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). + +1. Install [Java JDK](https://www.oracle.com/java/technologies/downloads/). + +2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools). + +3. Extract the downloaded archive: + + ```bash + unzip commandlinetools-*.zip + cd cmdline-tools + ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3" + ``` + +4. Run the signature verification command: + + ```bash + ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk + ``` + +5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk/) on their website. + + ```bash + Signer #1 certificate DN: CN=GrapheneOS + Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59 + Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c + Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3 + ``` + +### F-Droid + +![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px } + +==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages. + +Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. + +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. + +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. + +!!! note + + In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Operating Systems + +- Must be open-source software. +- Must support bootloader locking with custom AVB key support. +- Must receive major Android updates within 0-1 months of release. +- Must receive Android feature updates (minor version) within 0-14 days of release. +- Must receive regular security patches within 0-5 days of release. +- Must **not** be "rooted" out of the box. +- Must **not** enable Google Play Services by default. +- Must **not** require system modification to support Google Play Services. + +### Devices + +- Must support at least one of our recommended custom operating systems. +- Must be currently sold new in stores. +- Must receive a minimum of 5 years of security updates. +- Must have dedicated secure element hardware. + +### Applications + +- Applications on this page must not be applicable to any other software category on the site. +- General applications should extend or replace core system functionality. +- Applications should receive regular updates and maintenance. diff --git a/i18n/ku/assets/img/account-deletion/exposed_passwords.png b/i18n/ku/assets/img/account-deletion/exposed_passwords.png new file mode 100644 index 000000000..5295c902c Binary files /dev/null and b/i18n/ku/assets/img/account-deletion/exposed_passwords.png differ diff --git a/i18n/ku/assets/img/android/rss-apk-dark.png b/i18n/ku/assets/img/android/rss-apk-dark.png new file mode 100644 index 000000000..974869a4e Binary files /dev/null and b/i18n/ku/assets/img/android/rss-apk-dark.png differ diff --git a/i18n/ku/assets/img/android/rss-apk-light.png b/i18n/ku/assets/img/android/rss-apk-light.png new file mode 100644 index 000000000..21d6ef03a Binary files /dev/null and b/i18n/ku/assets/img/android/rss-apk-light.png differ diff --git a/i18n/ku/assets/img/android/rss-changes-dark.png b/i18n/ku/assets/img/android/rss-changes-dark.png new file mode 100644 index 000000000..b46283571 Binary files /dev/null and b/i18n/ku/assets/img/android/rss-changes-dark.png differ diff --git a/i18n/ku/assets/img/android/rss-changes-light.png b/i18n/ku/assets/img/android/rss-changes-light.png new file mode 100644 index 000000000..f88f7b404 Binary files /dev/null and b/i18n/ku/assets/img/android/rss-changes-light.png differ diff --git a/i18n/ku/assets/img/how-tor-works/tor-encryption-dark.svg b/i18n/ku/assets/img/how-tor-works/tor-encryption-dark.svg new file mode 100644 index 000000000..95e681571 --- /dev/null +++ b/i18n/ku/assets/img/how-tor-works/tor-encryption-dark.svg @@ -0,0 +1,131 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Your + + Device + + + + Sending data to a website + + + + + Receiving data from a website + + + + + Your + + Device + + + + Entry + + + + + Middle + + + + + Exit + + + + + PrivacyGuides.org + + + + + PrivacyGuides.org + + + + + Entry + + + + + Middle + + + + + Exit + + + + + + + + + + + + + + + + + + + + + + + diff --git a/i18n/ku/assets/img/how-tor-works/tor-encryption.svg b/i18n/ku/assets/img/how-tor-works/tor-encryption.svg new file mode 100644 index 000000000..f5b1e2915 --- /dev/null +++ b/i18n/ku/assets/img/how-tor-works/tor-encryption.svg @@ -0,0 +1,131 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Your + + Device + + + + Sending data to a website + + + + + Receiving data from a website + + + + + Your + + Device + + + + Entry + + + + + Middle + + + + + Exit + + + + + PrivacyGuides.org + + + + + PrivacyGuides.org + + + + + Entry + + + + + Middle + + + + + Exit + + + + + + + + + + + + + + + + + + + + + + + diff --git a/i18n/ku/assets/img/how-tor-works/tor-path-dark.svg b/i18n/ku/assets/img/how-tor-works/tor-path-dark.svg new file mode 100644 index 000000000..9002c9b16 --- /dev/null +++ b/i18n/ku/assets/img/how-tor-works/tor-path-dark.svg @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + Your + Device + + + + Entry + + + + + Middle + + + + + Exit + + + + + PrivacyGuides.org + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/i18n/ku/assets/img/how-tor-works/tor-path.svg b/i18n/ku/assets/img/how-tor-works/tor-path.svg new file mode 100644 index 000000000..cb53d8b13 --- /dev/null +++ b/i18n/ku/assets/img/how-tor-works/tor-path.svg @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + Your + Device + + + + Entry + + + + + Middle + + + + + Exit + + + + + PrivacyGuides.org + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/i18n/ku/assets/img/multi-factor-authentication/fido.png b/i18n/ku/assets/img/multi-factor-authentication/fido.png new file mode 100644 index 000000000..7a4a0d170 Binary files /dev/null and b/i18n/ku/assets/img/multi-factor-authentication/fido.png differ diff --git a/i18n/ku/assets/img/multi-factor-authentication/yubico-otp.png b/i18n/ku/assets/img/multi-factor-authentication/yubico-otp.png new file mode 100644 index 000000000..f81058d88 Binary files /dev/null and b/i18n/ku/assets/img/multi-factor-authentication/yubico-otp.png differ diff --git a/i18n/ku/assets/img/qubes/qubes-trust-level-architecture.png b/i18n/ku/assets/img/qubes/qubes-trust-level-architecture.png new file mode 100644 index 000000000..cde3771e0 Binary files /dev/null and b/i18n/ku/assets/img/qubes/qubes-trust-level-architecture.png differ diff --git a/i18n/ku/assets/img/qubes/r4.0-xfce-three-domains-at-work.png b/i18n/ku/assets/img/qubes/r4.0-xfce-three-domains-at-work.png new file mode 100644 index 000000000..d71381491 Binary files /dev/null and b/i18n/ku/assets/img/qubes/r4.0-xfce-three-domains-at-work.png differ diff --git a/i18n/ku/basics/account-creation.md b/i18n/ku/basics/account-creation.md new file mode 100644 index 000000000..afa5d429f --- /dev/null +++ b/i18n/ku/basics/account-creation.md @@ -0,0 +1,81 @@ +--- +title: "Account Creation" +icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. +--- + +Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. + +There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer. + +It can also be difficult to delete the accounts on some services. Sometimes [overwriting data](account-deletion.md#overwriting-account-information) associated with an account can be possible, but in other cases the service will keep an entire history of changes to the account. + +## Terms of Service & Privacy Policy + +The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for. + +The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect. + +We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start. + +Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy. + +## Authentication methods + +There are usually multiple ways to sign up for an account, each with their own benefits and drawbacks. + +### Email and password + +The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords. + +!!! tip + + You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key. + +You will be responsible for managing your login credentials. For added security, you can set up [MFA](multi-factor-authentication.md) on your accounts. + +[Recommended password managers](../passwords.md ""){.md-button} + +#### Email aliases + +If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to. + +Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked. + +[Recommended email aliasing services](../email.md#email-aliasing-services ""){.md-button} + +### Single sign-on + +!!! note + + We are discussing Single sign-on for personal use, not enterprise users. + +Single sign-on (SSO) is an authentication method that allows you to register for a service without sharing much information, if any. Whenever you see something along the lines of "Sign-in with *provider name*" on a registration form it's SSO. + +When you choose single sign-on in a website, it will prompt your SSO provider login page and after that your account will be connected. Your password won't be shared but some basic information will (you can review it during the login request). This process is needed every time you want to log in to the same account. + +The main advantages are: + +- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials. +- **Ease of use**: multiple accounts are managed by a single login. + +But there are disadvantages: + +- **Privacy**: a SSO provider will know the services you use. +- **Centralization**: if your SSO account gets compromised or you aren't able to login to it, all other accounts connected to it are affected. + +SSO can be especially useful in those situations where you could benefit from deeper integration between services. For example, one of those services may offer SSO for the others. Our recommendation is to limit SSO to only where you need it and protect the main account with [MFA](multi-factor-authentication.md). + +All services that use SSO will be as secure as your SSO account. For example, if you want to secure an account with a hardware key but that service doesn't support hardware keys, you can secure your SSO account with a hardware key and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your SSO account means that any account tied to that login will also be weak. + +### Phone number + +We recommend avoiding services that require a phone number for sign up. A phone number can identity you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted. + +You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts. + +In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number! + +### Username and password + +Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. diff --git a/i18n/ku/basics/account-deletion.md b/i18n/ku/basics/account-deletion.md new file mode 100644 index 000000000..2498d6045 --- /dev/null +++ b/i18n/ku/basics/account-deletion.md @@ -0,0 +1,62 @@ +--- +title: "Account Deletion" +icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. +--- + +Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. + +## Finding Old Accounts + +### Password Manager + +If you have a password manager that you've used for your entire digital life, this part will be very easy. Oftentimes, they include built-in functionality for detecting if your credentials were exposed in a data breach—such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned/). + +
+ ![Bitwarden's Data Breach Report feature](../assets/img/account-deletion/exposed_passwords.png) +
+ +Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser or your phone without even realizing it. For example: [Firefox Password Manager](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Google Password Manager](https://passwords.google.com/intro) and [Edge Password Manager](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336). + +Desktop platforms also often have a password manager which may help you recover passwords you've forgotten about: + +- Windows [Credential Manager](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0) +- macOS [Passwords](https://support.apple.com/en-us/HT211145) +- iOS [Passwords](https://support.apple.com/en-us/HT211146) +- Linux, Gnome Keyring, which can be accessed through [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager) + +### Email + +If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts. + +## Deleting Old Accounts + +### Log In + +In order to delete your old accounts, you'll need to first make sure you can log in to them. Again, if the account was in your password manager, this step is easy. If not, you can try to guess your password. Failing that, there are typically options to regain access to your account, commonly available through a "forgot password" link on the login page. It may also be possible that accounts you've abandoned have already been deleted—sometimes services prune all old accounts. + +When attempting to regain access, if the site returns an error message saying that email is not associated with an account, or you never receive a reset link after multiple attempts, then you do not have an account under that email address and should try a different one. If you can't figure out which email address you used, or you no longer have access to that email, you can try contacting the service's customer support. Unfortunately, there is no guarantee that you will be able to reclaim access your account. + +### GDPR (EEA residents only) + +Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://www.gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation. + +### Overwriting Account information + +In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information. + +For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails. + +### Delete + +You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some. + +For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../passwords.md) can be useful for this). + +If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password. + +Even when you are able to delete an account, there is no guarantee that all your information will be removed. In fact, some companies are required by law to keep certain information, particularly when related to financial transactions. It's mostly out of your control what happens to your data when it comes to websites and cloud services. + +## Avoid New Accounts + +As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! diff --git a/i18n/ku/basics/common-misconceptions.md b/i18n/ku/basics/common-misconceptions.md new file mode 100644 index 000000000..41997417f --- /dev/null +++ b/i18n/ku/basics/common-misconceptions.md @@ -0,0 +1,60 @@ +--- +title: "Common Misconceptions" +icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. +--- + +## "Open-source software is always secure" or "Proprietary software is more secure" + +These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. + +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1] + +On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. + +To avoid biased decisions, it's *vital* that you evaluate the privacy and security standards of the software you use. + +## "Shifting trust can increase privacy" + +We talk about "shifting trust" a lot when discussing solutions like VPNs (which shift the trust you place in your ISP to the VPN provider). While this protects your browsing data from your ISP *specifically*, the VPN provider you choose still has access to your browsing data: Your data isn't completely secured from all parties. This means that: + +1. You must exercise caution when choosing a provider to shift trust to. +2. You should still use other techniques, like E2EE, to protect your data completely. Merely distrusting one provider to trust another is not securing your data. + +## "Privacy-focused solutions are inherently trustworthy" + +Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../encryption.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider. + +The privacy policies and business practices of providers you choose are very important, but should be considered secondary to technical guarantees of your privacy: You shouldn't shift trust to another provider when trusting a provider isn't a requirement at all. + +## "Complicated is better" + +We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?" + +Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips: + +1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions. +2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember. +3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight. + +So, how might this look? + +One of the clearest threat models is one where people *know who you are* and one where they do not. There will always be situations where you must declare your legal name and there are others where you don't need to. + +1. **Known identity** - A known identity is used for things where you must declare your name. There are many legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, customs declarations when importing items, or otherwise dealing with your government. These things will usually lead to credentials such as credit cards, credit rating checks, account numbers, and possibly physical addresses. + + We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means. + + !!! tip + + When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private. + +2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc. + + You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://www.getmonero.org/). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC. + +3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly. + + Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) + +[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/ku/basics/common-threats.md b/i18n/ku/basics/common-threats.md new file mode 100644 index 000000000..e278c0cbf --- /dev/null +++ b/i18n/ku/basics/common-threats.md @@ -0,0 +1,148 @@ +--- +title: "Common Threats" +icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. +--- + +Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. + +- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. +- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. +- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. +- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). +- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. +- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. +- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. +- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. + +Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-target-account: Targeted Attacks, but they probably still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. + +## Anonymity vs. Privacy + +:material-incognito: Anonymity + +Anonymity is often confused with privacy, but they're distinct concepts. While privacy is a set of choices you make about how your data is used and shared, anonymity is the complete disassociation of your online activities from your real identity. + +Whistleblowers and journalists, for example, can have a much more extreme threat model which requires total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by malicious actors or governments, but also hiding who they are entirely. They will often sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, because their lives could depend on it. Most people don't need to go so far. + +## Security and Privacy + +:material-bug-outline: Passive Attacks + +Security and privacy are also often confused, because you need security to obtain any semblance of privacy: Using tools—even if they're private by design—is futile if they could be easily exploited by attackers who later release your data. However, the inverse isn't necessarily true: The most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google who, given their scale, have had few security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides very secure services, very few people would consider their data private in Google's free consumer products (Gmail, YouTube, etc.) + +When it comes to application security, we generally don't (and sometimes can't) know if the software we use is malicious, or might one day become malicious. Even with the most trustworthy developers, there's generally no guarantee that their software doesn't have a serious vulnerability that could later be exploited. + +To minimize the damage that a malicious piece of software *could* do, you should employ security by compartmentalization. For example, this could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control. + +!!! tip + + Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources. + + Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../desktop/#qubes-os). + +:material-target-account: Targeted Attacks + +Targeted attacks against a specific person are more problematic to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If this is a concern for you, you should employ more advanced threat mitigation strategies. + +!!! tip + + By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this. + +If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user. + +## Privacy From Service Providers + +:material-server-network: Service Providers + +We live in a world where almost everything is connected to the internet. Our "private" messages, emails, and social interactions are typically stored on a server, somewhere. Generally, when you send someone a message it's stored on a server, and when your friend wants to read the message the server will show it to them. + +The obvious problem with this is that the service provider (or a hacker who has compromised the server) can access your conversations whenever and however they want, without you ever knowing. This applies to many common services, like SMS messaging, Telegram, and Discord. + +Thankfully, E2EE can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, assuming the service provider doesn't have access to the private keys of either party. + +!!! note "Note on Web-based Encryption" + + In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). + + On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt. + + Therefore, you should use native applications over web clients whenever possible. + +Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all. + +## Mass Surveillance Programs + +:material-eye-outline: Mass Surveillance + +Mass surveillance is the intricate effort to monitor the "behavior, many activities, or information" of an entire (or substantial fraction of a) population.[^1] It often refers to government programs, such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative. + +!!! abstract "Atlas of Surveillance" + + If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/). + + In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net. + +Governments often justify mass surveillance programs as necessary means to combat terrorism and prevent crime. However, breaching human rights, it's most often used to disproportionately target minority groups and political dissidents, among others. + +!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" + + In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline. + +Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] + +Online, you can be tracked via a variety of methods: + +- Your IP address +- Browser cookies +- The data you submit to websites +- Your browser or device fingerprint +- Payment method correlation + +\[This list isn't exhaustive]. + +If you're concerned about mass surveillance programs, you can use strategues like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. + +:material-account-cash: Surveillance Capitalism + +> Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] + +For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4] + +Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you. + +## Limiting Public Information + +:material-account-search: Public Exposure + +The best way to keep your data private is simply not making it public in the first place. Deleting unwanted information you find about yourself online is one of the best first steps you can take to regain your privacy. + +- [View our guide on account deletion :material-arrow-right-drop-circle:](account-deletion.md) + +On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, enable "private mode" on your accounts if given the option: This ensures that your account isn't being indexed by search engines, and that it can't be viewed without your permission. + +If you've already submitted your real information to sites which shouldn't have it, consider using disinformation tactics, like submitting fictitious information related to that online identity. This makes your real information indistinguishable from the false information. + +## Avoiding Censorship + +:material-close-outline: Censorship + +Censorship online can be carried out (to varying degrees) by actors including totalitarian governments, network administrators, and service providers. These efforts to control communication and restrict access to information will always be incompatible with the human right to Freedom of Expression.[^5] + +Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. + +People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. + +!!! tip + + While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. + + You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection). + +You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. + +[^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). +[^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) +[^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) +[^4]: "[Enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (or, "listing all the bad things that we know about"), as many adblockers and antivirus programs do, fails to adequately protect you from new and unknown threats because they have not yet been added to the filter list. You should also employ other mitigation techniques. +[^5]: United Nations: [*Universal Declaration of Human Rights*](https://www.un.org/en/about-us/universal-declaration-of-human-rights). diff --git a/i18n/ku/basics/email-security.md b/i18n/ku/basics/email-security.md new file mode 100644 index 000000000..f0c2fb579 --- /dev/null +++ b/i18n/ku/basics/email-security.md @@ -0,0 +1,41 @@ +--- +title: Email Security +icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. +--- + +Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. + +As a result, email is best used for receiving transactional emails (like notifications, verification emails, password resets, etc.) from the services you sign up for online, not for communicating with others. + +## Email Encryption Overview + +The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org). + +There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however, it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). + +Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible. + +### What Email Clients Support E2EE? + +Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication. + +### How Do I Protect My Private Keys? + +A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device. + +It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device. + +## Email Metadata Overview + +Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message and includes some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account. + +Client software may use email metadata to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent. + +### Who Can View Email Metadata? + +Email metadata is protected from outside observers with [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) protecting it from outside observers, but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages. + +### Why Can't Metadata be E2EE? + +Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. diff --git a/i18n/ku/basics/multi-factor-authentication.md b/i18n/ku/basics/multi-factor-authentication.md new file mode 100644 index 000000000..ae57848d5 --- /dev/null +++ b/i18n/ku/basics/multi-factor-authentication.md @@ -0,0 +1,165 @@ +--- +title: "Multi-Factor Authentication" +icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. +--- + +**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. + +Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone. + +MFA methods vary in security, but are based on the premise that the more difficult it is for an attacker to gain access to your MFA method, the better. Examples of MFA methods (from weakest to strongest) include SMS, Email codes, app push notifications, TOTP, Yubico OTP and FIDO. + +## MFA Method Comparison + +### SMS or Email MFA + +Receiving OTP codes via SMS or email are one of the weaker ways to secure your accounts with MFA. Obtaining a code by email or SMS takes away from the "something you *have*" idea, because there are a variety of ways a hacker could [take over your phone number](https://en.wikipedia.org/wiki/SIM_swap_scam) or gain access to your email without having physical access to any of your devices at all. If an unauthorized person gained access to your email, they would be able to use that access to both reset your password and receive the authentication code, giving them full access to your account. + +### Push Notifications + +Push notification MFA takes the form of a message being sent to an app on your phone asking you to confirm new account logins. This method is a lot better than SMS or email, since an attacker typically wouldn't be able to get these push notifications without having an already logged-in device, which means they would need to compromise one of your other devices first. + +We all make mistakes, and there is the risk that you might accept the login attempt by accident. Push notification login authorizations are typically sent to *all* your devices at once, widening the availability of the MFA code if you have many devices. + +The security of push notification MFA is dependent on both the quality of the app, the server component and the trust of the developer who produces it. Installing an app may also require you to accept invasive privileges that grant access to other data on your device. An individual app also requires that you have a specific app for each service which may not require a password to open, unlike a good TOTP generator app. + +### Time-based One-time Password (TOTP) + +TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password. + +The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes. + +If you have a hardware security key with TOTP support (such as a YubiKey with [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)), we recommend that you store your "shared secrets" on the hardware. Hardware such as the YubiKey was developed with the intention of making the "shared secret" difficult to extract and copy. A YubiKey is also not connected to the Internet, unlike a phone with a TOTP app. + +Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 60 seconds). + +An adversary could set up a website to imitate an official service in an attempt to trick you into giving out your username, password and current TOTP code. If the adversary then uses those recorded credentials they may be able to log into the real service and hijack the account. + +Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../multi-factor-authentication.md#hardware-security-keys) are not supported [authenticator apps](../multi-factor-authentication.md#authenticator-apps) are still a good option. + +### Hardware security keys + +The YubiKey stores data on a tamper-resistant solid-state chip which is [impossible to access](https://security.stackexchange.com/a/245772) non-destructively without an expensive process and a forensics laboratory. + +These keys are generally multi-function and provide a number of methods to authenticate. Below are the most common ones. + +#### Yubico OTP + +Yubico OTP is an authentication protocol typically implemented in hardware security keys. When you decide to use Yubico OTP, the key will generate a public ID, private ID, and a Secret Key which is then uploaded to the Yubico OTP server. + +When logging into a website, all you need to do is to physically touch the security key. The security key will emulate a keyboard and print out a one-time password into the password field. + +The service will then forward the one-time password to the Yubico OTP server for validation. A counter is incremented both on the key and Yubico's validation server. The OTP can only be used once, and when a successful authentication occurs, the counter is increased which prevents reuse of the OTP. Yubico provides a [detailed document](https://developers.yubico.com/OTP/OTPs_Explained.html) about the process. + +
+ ![Yubico OTP](../assets/img/multi-factor-authentication/yubico-otp.png) +
+ +There are some benefits and disadvantages to using Yubico OTP when compared to TOTP. + +The Yubico validation server is a cloud based service, and you're placing trust in Yubico that they are storing data securely and not profiling you. The public ID associated with Yubico OTP is reused on every website and could be another avenue for third-parties to profile you. Like TOTP, Yubico OTP does not provide phishing resistance. + +If your threat model requires you to have different identities on different websites, **do not** use Yubico OTP with the same hardware security key across those websites as public ID is unique to each security key. + +#### FIDO (Fast IDentity Online) + +[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). + +U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol), which is the protocol between the security key and the computer, such as a laptop or phone. It complements WebAuthn which is the component used to authenticate with the website (the "Relying Party") you're trying to log in on. + +WebAuthn is the most secure and private form of second factor authentication. While the authentication experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third-party server. Instead, it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication. + +
+ ![FIDO](../assets/img/multi-factor-authentication/fido.png) +
+ +When you create an account, the public key is sent to the service, then when you log in, the service will require you to "sign" some data with your private key. The benefit of this is that no password data is ever stored by the service, so there is nothing for an adversary to steal. + +This presentation discusses the history of password authentication, the pitfalls (such as password reuse), and discussion of FIDO2 and [WebAuthn](https://webauthn.guide) standards. + +
+ +
+ +FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods. + +Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy. + +Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys. + +If a website or service supports WebAuthn for the authentication, it is highly recommended that you use it over any other form of MFA. + +## General Recommendations + +We have these general recommendations: + +### Which Method Should I Use? + +When configuring your MFA method, keep in mind that it is only as secure as your weakest authentication method you use. This means it is important that you only use the best MFA method available. For instance, if you are already using TOTP, you should disable email and SMS MFA. If you are already using FIDO2/WebAuthn, you should not be using Yubico OTP or TOTP on your account. + +### Backups + +You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one. + +When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt)). + +### Initial Set Up + +When buying a security key, it is important that you change the default credentials, set up password protection for the key, and enable touch confirmation if your key supports it. Products such as the YubiKey have multiple interfaces with separate credentials for each one of them, so you should go over each interface and set up protection as well. + +### Email and SMS + +If you have to use email for MFA, make sure that the email account itself is secured with a proper MFA method. + +If you use SMS MFA, use a carrier who will not switch your phone number to a new SIM card without account access, or use a dedicated VoIP number from a provider with similar security to avoid a [SIM swap attack](https://en.wikipedia.org/wiki/SIM_swap_scam). + +[MFA tools we recommend](../multi-factor-authentication.md ""){.md-button} + +## More Places to Set Up MFA + +Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well. + +### Windows + +Yubico has a dedicated [Credential Provider](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) that adds Challenge-Response authentication for the username + password login flow for local Windows accounts. If you have a YubiKey with Challenge-Response authentication support, take a look at the [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), which will allow you to set up MFA on your Windows computer. + +### macOS + +macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer. + +Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/en-us/articles/360016649059) which can help you set up your YubiKey on macOS. + +After your smartcard/security key is set up, we recommend running this command in the Terminal: + +```text +sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES +``` + +The command will prevent an adversary from bypassing MFA when the computer boots. + +### Linux + +!!! warning + + If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide. + +The `pam_u2f` module on Linux can provide two-factor authentication for logging in on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS. + +### Qubes OS + +Qubes OS has support for Challenge-Response authentication with YubiKeys. If you have a YubiKey with Challenge-Response authentication support, take a look at the Qubes OS [YubiKey documentation](https://www.qubes-os.org/doc/yubikey/) if you want to set up MFA on Qubes OS. + +### SSH + +#### Hardware Security Keys + +SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH/) on how to set this up. + +#### Time-based One-time Password (TOTP) + +SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ. + +### KeePass (and KeePassXC) + +KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. diff --git a/i18n/ku/basics/passwords-overview.md b/i18n/ku/basics/passwords-overview.md new file mode 100644 index 000000000..6858d8b5b --- /dev/null +++ b/i18n/ku/basics/passwords-overview.md @@ -0,0 +1,111 @@ +--- +title: "Introduction to Passwords" +icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. +--- + +Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. + +## Best Practices + +### Use unique passwords for every service + +Imagine this; you sign up for an account with the same e-mail and password on multiple online services. If one of those service providers is malicious, or their service has a data breach that exposes your password in an unencrypted format, all a bad actor would have to do is try that e-mail and password combination across multiple popular services until they get a hit. It doesn't matter how strong that one password is, because they already have it. + +This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing), and it is one of the most common ways that your accounts can be compromised by bad actors. To avoid this, make sure that you never re-use your passwords. + +### Use randomly generated passwords + +==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices. + +All of our [recommended password managers](../passwords.md) include a built-in password generator that you can use. + +### Rotating Passwords + +You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it. + +When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage. + +!!! tip "Checking for data breaches" + + If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../news-aggregators.md). + +## Creating strong passwords + +### Passwords + +A lot of services impose certain criteria when it comes to passwords, including a minimum or maximum length, as well as which special characters, if any, can be used. You should use your password manager's built-in password generator to create passwords that are as long and complex as the service will allow by including capitalized and lowercase letters, numbers and special characters. + +If you need a password you can memorize, we recommend a [diceware passphrase](#diceware-passphrases). + +### Diceware Passphrases + +Diceware is a method for creating passphrases which are easy to remember, but hard to guess. + +Diceware passphrases are a great option when you need to memorize or manually input your credentials, such as for your password manager's master password or your device's encryption password. + +An example of a diceware passphrase is `viewable fastness reluctant squishy seventeen shown pencil`. + +To generate a diceware passphrase using real dice, follow these steps: + +!!! note + + These instructions assume that you are using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy. + +1. Roll a six-sided die five times, noting down the number after each roll. + +2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`. + +3. You will find the word `encrypt`. Write that word down. + +4. Repeat this process until your passphrase has as many words as you need, which you should separate with a space. + +!!! warning "Important" + + You should **not** re-roll words until you get a combination of words that appeal to you. The process should be completely random. + +If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords. + +We recommend using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English. + +??? note "Explanation of entropy and strength of diceware passphrases" + + To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example. + + One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as $\text{log}_2(\text{WordsInList})$ and the overall entropy of the passphrase is calculated as $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$. + + Therefore, each word in the aforementioned list results in ~12.9 bits of entropy ($\text{log}_2(7776)$), and a seven word passphrase derived from it has ~90.47 bits of entropy ($\text{log}_2(7776^7)$). + + The [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is $\text{WordsInList}^\text{WordsInPhrase}$, or in our case, $7776^7$. + + Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases. + + On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true: + + - Your adversary knows that you used the diceware method. + - Your adversary knows the specific wordlist that you used. + - Your adversary knows how many words your passphrase contains. + +To sum it up, diceware passphrases are your best option when you need something that is both easy to remember *and* exceptionally strong. + +## Storing Passwords + +### Password Managers + +The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them. + +There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware passphrase](#diceware-passphrases) comprised of at least seven words. + +[List of recommended password managers](../passwords.md ""){.md-button} + +!!! warning "Don't place your passwords and TOTP tokens inside the same password manager" + + When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps). + + Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager. + + Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device. + +### Backups + +You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. diff --git a/i18n/ku/basics/threat-modeling.md b/i18n/ku/basics/threat-modeling.md new file mode 100644 index 000000000..fc1b3b411 --- /dev/null +++ b/i18n/ku/basics/threat-modeling.md @@ -0,0 +1,110 @@ +--- +title: "Threat Modeling" +icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. +--- + +Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! + +If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And, even then, ==nothing is ever fully secure.== There's **high** security, but never **full** security. That's why threat models are important. + +**So, what are these threat models, anyway?** + +==A threat model is a list of the most probable threats to your security and privacy endeavors.== Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is an event that could undermine your efforts to stay private and secure. + +Focusing on the threats that matter to you narrows down your thinking about the protection you need, so you can choose the tools that are right for the job. + +## Creating Your Threat Model + +To identify what could happen to the things you value and determine from whom you need to protect them, you should answer these five questions: + +1. What do I want to protect? +2. Who do I want to protect it from? +3. How likely is it that I will need to protect it? +4. How bad are the consequences if I fail? +5. How much trouble am I willing to go through to try to prevent potential consequences? + +### What do I want to protect? + +An “asset” is something you value and want to protect. In the context of digital security, ==an asset is usually some kind of information.== For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets. + +*Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it.* + +### Who do I want to protect it from? + +To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network. + +*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.* + +Depending on who your adversaries are, under some circumstances, this list might be something you want to destroy after you're done security planning. + +### How likely is it that I will need to protect it? + +==Risk is the likelihood that a particular threat against a particular asset will actually occur.== It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low. + +It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not). + +Assessing risks is both a personal and subjective process. Many people find certain threats unacceptable, no matter the likelihood they will occur, because the mere presence of the threat is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem. + +*Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.* + +### How bad are the consequences if I fail? + +There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data. + +==The motives of adversaries differ widely, as do their tactics.== A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing. + +Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all of your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities. + +*Write down what your adversary might want to do with your private data.* + +### How much trouble am I willing to go through to try to prevent potential consequences? + +==There is no perfect option for security.== Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy. + +For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos. + +*Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.* + +### Try it yourself: Protecting Your Belongings + +These questions can apply to a wide variety of situations, online and offline. As a generic demonstration of how these questions work, let's build a plan to keep your house and possessions safe. + +**What do you want to protect? (Or, *what do you have that is worth protecting?*)** +: + +Your assets might include jewelry, electronics, important documents, or photos. + +**Who do you want to protect it from?** +: + +Your adversaries might include burglars, roommates, or guests. + +**How likely is it that you will need to protect it?** +: + +Does your neighborhood have a history of burglaries? How trustworthy are your roommates or guests? What are the capabilities of your adversaries? What are the risks you should consider? + +**How bad are the consequences if you fail?** +: + +Do you have anything in your house that you cannot replace? Do you have the time or money to replace those things? Do you have insurance that covers goods stolen from your home? + +**How much trouble are you willing to go through to prevent these consequences?** +: + +Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there? + +Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market and consider adding a security system. + +Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face. + +## Further Reading + +For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. + +- [Common Goals and Threats :material-arrow-right-drop-circle:](common-threats.md) + +## Sources + +- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) diff --git a/i18n/ku/basics/vpn-overview.md b/i18n/ku/basics/vpn-overview.md new file mode 100644 index 000000000..a1a007f52 --- /dev/null +++ b/i18n/ku/basics/vpn-overview.md @@ -0,0 +1,77 @@ +--- +title: VPN Overview +icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. +--- + +Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). + +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). + +A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. + +## Should I use a VPN? + +**Yes**, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service. + +VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way. + +However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking. + +## When shouldn't I use a VPN? + +Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful. + +Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website. + +## What about encryption? + +Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption. + +In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf). + +## Should I use encrypted DNS with a VPN? + +Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third-party servers will simply add more entities to trust and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider. + +A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different. + +Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit and would allow the encrypted DNS provider to deanonymize you. + +## Should I use Tor *and* a VPN? + +By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md). + +## What if I need anonymity? + +VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead. + +## What about VPN providers that provide Tor nodes? + +Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). + +The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway. + +## When are VPNs useful? + +A VPN may still be useful to you in a variety of scenarios, such as: + +1. Hiding your traffic from **only** your Internet Service Provider. +1. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations. +1. Hiding your IP from third-party websites and services, preventing IP based tracking. + +For situations like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor. + +## Sources and Further Reading + +1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert +1. [Tor Network Overview](../advanced/tor-overview.md) +1. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides) +1. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them. + +## Related VPN Information + +- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) +- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) +- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) +- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) diff --git a/i18n/ku/calendar.md b/i18n/ku/calendar.md new file mode 100644 index 000000000..bbcb033ad --- /dev/null +++ b/i18n/ku/calendar.md @@ -0,0 +1,70 @@ +--- +title: "Calendar Sync" +icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. +--- + +Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. + +## Tutanota + +!!! recommendation + + ![Tutanota logo](assets/img/calendar/tutanota.svg#only-light){ align=right } + ![Tutanota logo](assets/img/calendar/tutanota-dark.svg#only-dark){ align=right } + + **Tutanota** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tutanota.com/calendar-app-comparison/). + + Multiple calendars and extended sharing functionality is limited to paid subscribers. + + [:octicons-home-16: Homepage](https://tutanota.com/calendar){ .md-button .md-button--primary } + [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" } + [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/tutanota/id922429609) + - [:simple-windows11: Windows](https://tutanota.com/blog/posts/desktop-clients/) + - [:simple-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/) + - [:simple-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/com.tutanota.Tutanota) + - [:octicons-browser-16: Web](https://mail.tutanota.com/) + +## Proton Calendar + +!!! recommendation + + ![Proton](assets/img/calendar/proton-calendar.svg){ align=right } + + **Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. + + [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar) + - [:octicons-browser-16: Web](https://calendar.proton.me) + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Qualifications + +- Must sync and store information with E2EE to ensure data is not visible to the service provider. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should integrate with native OS calendar and contact management apps if applicable. diff --git a/i18n/ku/cloud.md b/i18n/ku/cloud.md new file mode 100644 index 000000000..2bcc2596f --- /dev/null +++ b/i18n/ku/cloud.md @@ -0,0 +1,60 @@ +--- +title: "Cloud Storage" +icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! +--- + +Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. + +If these alternatives do not fit your needs, we suggest you look into [Encryption Software](encryption.md). + +??? question "Looking for Nextcloud?" + + Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do not recommend Nextcloud's built-in E2EE functionality for home users. + +## Proton Drive + +!!! recommendation + + ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } + + **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail). + + [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) + + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Requirements + +- Must enforce end-to-end encryption. +- Must offer a free plan or trial period for testing. +- Must support TOTP or FIDO2 multi-factor authentication, or Passkey logins. +- Must offer a web interface which supports basic file management functionality. +- Must allow for easy exports of all files/documents. +- Must use standard, audited encryption. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Clients should be open-source. +- Clients should be audited in their entirety by an independent third-party. +- Should offer native clients for Linux, Android, Windows, macOS, and iOS. + - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. +- Should support easy file-sharing with other users. +- Should offer at least basic file preview and editing functionality on the web interface. diff --git a/i18n/ku/cryptocurrency.md b/i18n/ku/cryptocurrency.md new file mode 100644 index 000000000..ba06ba1ea --- /dev/null +++ b/i18n/ku/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/ku/data-redaction.md b/i18n/ku/data-redaction.md new file mode 100644 index 000000000..961594a8d --- /dev/null +++ b/i18n/ku/data-redaction.md @@ -0,0 +1,145 @@ +--- +title: "Data and Metadata Redaction" +icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. +--- + +When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. + +## Desktop + +### MAT2 + +!!! recommendation + + ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right } + + **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org). + + On Linux, a third-party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). + + [:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary } + [:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation} + [:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-windows11: Windows](https://pypi.org/project/mat2) + - [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew) + - [:simple-linux: Linux](https://pypi.org/project/mat2) + - [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface) + +## Mobile + +### ExifEraser (Android) + +!!! recommendation + + ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right } + + **ExifEraser** is a modern, permissionless image metadata erasing application for Android. + + It currently supports JPEG, PNG and WebP files. + + [:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser) + - [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser) + - [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases) + +The metadata that is erased depends on the image's file type: + +* **JPEG**: ICC Profile, Exif, Photoshop Image Resources and XMP/ExtendedXMP metadata will be erased if it exists. +* **PNG**: ICC Profile, Exif and XMP metadata will be erased if it exists. +* **WebP**: ICC Profile, Exif and XMP metadata will be erased if it exists. + +After processing the images, ExifEraser provides you with a full report about what exactly was removed from each image. + +The app offers multiple ways to erase metadata from images. Namely: + +* You can share an image from another application with ExifEraser. +* Through the app itself, you can select a single image, multiple images at once, or even an entire directory. +* It features a "Camera" option, which uses your operating system's camera app to take a photo, and then it removes the metadata from it. +* It allows you to drag photos from another app into ExifEraser when they are both open in split-screen mode. +* Lastly, it allows you to paste an image from your clipboard. + +### Metapho (iOS) + +!!! recommendation + + ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right } + + **Metapho** is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location. + + [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary } + [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/us/app/metapho/id914457352) + +### PrivacyBlur + +!!! recommendation + + ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right } + + **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online. + + [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/privacyblur/id1536274106) + +!!! warning + + You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid). + +## Command-line + +### ExifTool + +!!! recommendation + + ![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right } + + **ExifTool** is the original perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more). + + It's often a component of other Exif removal applications and is in most Linux distribution repositories. + + [:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" } + [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://exiftool.org) + - [:simple-apple: macOS](https://exiftool.org) + - [:simple-linux: Linux](https://exiftool.org) + +!!! example "Deleting data from a directory of files" + + ```bash + exiftool -all= *.file_extension + ``` + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Apps developed for open-source operating systems must be open-source. +- Apps must be free and should not include ads or other limitations. diff --git a/i18n/ku/desktop-browsers.md b/i18n/ku/desktop-browsers.md new file mode 100644 index 000000000..1c21c296f --- /dev/null +++ b/i18n/ku/desktop-browsers.md @@ -0,0 +1,262 @@ +--- +title: "Desktop Browsers" +icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. +--- + +These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. + +## Firefox + +!!! recommendation + + ![Firefox logo](assets/img/browsers/firefox.svg){ align=right } + + **Firefox** provides strong privacy settings such as [Enhanced Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop), which can help block various [types of tracking](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks). + + [:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.mozilla.org/privacy/firefox/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://firefox-source-docs.mozilla.org/){ .card-link title=Documentation} + [:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" } + [:octicons-heart-16:](https://donate.mozilla.org/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://www.mozilla.org/firefox/windows) + - [:simple-apple: macOS](https://www.mozilla.org/firefox/mac) + - [:simple-linux: Linux](https://www.mozilla.org/firefox/linux) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.firefox) + +!!! warning + Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/). + +### Recommended Configuration + +Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. + +These options can be found in :material-menu: → **Settings** → **Privacy & Security**. + +##### Enhanced Tracking Protection + +- [x] Select **Strict** Enhanced Tracking Protection + +This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from *all* fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability. + +##### Sanitize on Close + +If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data** → **Manage Exceptions...** + +- [x] Check **Delete cookies and site data when Firefox is closed** + +This protects you from persistent cookies, but does not protect you against cookies acquired during any one browsing session. When this is enabled, it becomes possible to easily cleanse your browser cookies by simply restarting Firefox. You can set exceptions on a per-site basis, if you wish to stay logged in to a particular site you visit often. + +##### Search Suggestions + +- [ ] Uncheck **Provide search suggestions** + +Search suggestion features may not be available in your region. + +Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider. + +##### Telemetry + +- [ ] Uncheck **Allow Firefox to send technical and interaction data to Mozilla** +- [ ] Uncheck **Allow Firefox to install and run studies** +- [ ] Uncheck **Allow Firefox to send backlogged crash reports on your behalf** + +> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs. + +Additionally, the Firefox Accounts service collects [some technical data](https://www.mozilla.org/en-US/privacy/firefox/#firefox-accounts). If you use a Firefox Account you can opt-out: + +1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection) +2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts** + +##### HTTPS-Only Mode + +- [x] Select **Enable HTTPS-Only Mode in all windows** + +This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing. + +### Firefox Sync + +[Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices and protects it with E2EE. + +### Arkenfox (advanced) + +The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) are subjectively strict and/or may cause some websites to not work properly - [which you can easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/en-US/kb/containers#w_for-advanced-users) support. + +## Brave + +!!! recommendation + + ![Brave logo](assets/img/browsers/brave.svg){ align=right } + + **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default. + + Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues. + + [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary } + [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" } + + ??? downloads annotate + + - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) + - [:simple-windows11: Windows](https://brave.com/download/) + - [:simple-apple: macOS](https://brave.com/download/) + - [:simple-linux: Linux](https://brave.com/linux/) (1) + + 1. We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc. + +### Recommended Configuration + +Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. + +These options can be found in :material-menu: → **Settings**. + +##### Shields + +Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit. + +Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: + +
+ +- [x] Select **Prevent sites from fingerprinting me based on my language preferences** +- [x] Select **Aggressive** under Trackers & ads blocking + + ??? warning "Use default filter lists" + Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. + +- [x] (Optional) Select **Block Scripts** (1) +- [x] Select **Strict, may break sites** under Block fingerprinting + +
+ +1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension. + +##### Social media blocking + +- [ ] Uncheck all social media components + +##### Privacy and security + +
+ +- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) +- [ ] Uncheck **Use Google services for push messaging** +- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** +- [ ] Uncheck **Automatically send daily usage ping to Brave** +- [ ] Uncheck **Automatically send diagnostic reports** +- [x] Select **Always use secure connections** in the **Security** menu +- [ ] Uncheck **Private window with Tor** (1) + + !!! tip "Sanitizing on Close" + - [x] Select **Clear cookies and site data when you close all windows** in the *Cookies and other site data* menu + + If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis under the *Customized behaviors* section. + +
+ +1. Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](tor.md#tor-browser). + +##### Extensions + +Disable built-in extensions you do not use in **Extensions** + +- [ ] Uncheck **Hangouts** +- [ ] Uncheck **WebTorrent** + +##### IPFS + +InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. + +- [x] Select **Disabled** on Method to resolve IPFS resources + +##### Additional settings + +Under the *System* menu + +
+ +- [ ] Uncheck **Continue running apps when Brave is closed** to disable background apps (1) + +
+ +1. This option is not present on all platforms. + +### Brave Sync + +[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. + +## Additional Resources + +We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin may prove useful if you value content blocking functionality. + +### uBlock Origin + +!!! recommendation + + ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right } + + **uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts. + + [:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm) + - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak) + +We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css). + +##### Other lists + +These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding: + +- [x] Check **Privacy** > **AdGuard URL Tracking Protection** +- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt) + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Requirements + +- Must be open-source software. +- Supports automatic updates. +- Receives engine updates in 0-1 days from upstream release. +- Available on Linux, macOS, and Windows. +- Any changes required to make the browser more privacy-respecting should not negatively impact user experience. +- Blocks third-party cookies by default. +- Supports [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1] + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Includes built-in content blocking functionality. +- Supports cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers)). +- Supports Progressive Web Apps. + PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps, because you benefit from your browser's regular security updates. +- Does not include add-on functionality (bloatware) that does not impact user privacy. +- Does not collect telemetry by default. +- Provides open-source sync server implementation. +- Defaults to a [private search engine](search-engines.md). + +### Extension Criteria + +- Must not replicate built-in browser or OS functionality. +- Must directly impact user privacy, i.e. must not simply provide information. + +[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/ku/desktop.md b/i18n/ku/desktop.md new file mode 100644 index 000000000..2db4d1191 --- /dev/null +++ b/i18n/ku/desktop.md @@ -0,0 +1,183 @@ +--- +title: "Desktop/PC" +icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. +--- + +Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. + +- [General Linux Overview :material-arrow-right-drop-circle:](os/linux-overview.md) + +## Traditional Distributions + +### Fedora Workstation + +!!! recommendation + + ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ align=right } + + **Fedora Workstation** is our recommended distribution for people new to Linux. Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org). These new technologies often come with improvements in security, privacy, and usability in general. + + [:octicons-home-16: Homepage](https://getfedora.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=Documentation} + [:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute } + +Fedora has a semi-rolling release cycle. While some packages like [GNOME](https://www.gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months. + +### openSUSE Tumbleweed + +!!! recommendation + + ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ align=right } + + **openSUSE Tumbleweed** is a stable rolling release distribution. + + openSUSE Tumbleweed has a [transactional update](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) system that uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem. + + [:octicons-home-16: Homepage](https://get.opensuse.org/tumbleweed/){ .md-button .md-button--primary } + [:octicons-info-16:](https://doc.opensuse.org/){ .card-link title=Documentation} + [:octicons-heart-16:](https://shop.opensuse.org/){ .card-link title=Contribute } + +Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When you upgrade your system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality. + +### Arch Linux + +!!! recommendation + + ![Arch logo](assets/img/linux-desktop/archlinux.svg){ align=right } + + **Arch Linux** is a lightweight, do-it-yourself (DIY) distribution meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions). + + [:octicons-home-16: Homepage](https://archlinux.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://wiki.archlinux.org/){ .card-link title=Documentation} + [:octicons-heart-16:](https://archlinux.org/donate/){ .card-link title=Contribute } + +Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently. + +Being a DIY distribution, you are [expected to set up and maintain](os/linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier. + +A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org). + +## Immutable Distributions + +### Fedora Silverblue + +!!! recommendation + + ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ align=right } + + **Fedora Silverblue** and **Fedora Kinoite** are immutable variants of Fedora with a strong focus on container workflows. Silverblue comes with the [GNOME](https://www.gnome.org/) desktop environment while Kinoite comes with [KDE](https://kde.org/). Silverblue and Kinoite follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream. + + [:octicons-home-16: Homepage](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://docs.fedoraproject.org/en-US/fedora-silverblue/){ .card-link title=Documentation} + [:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute } + +Silverblue (and Kinoite) differ from Fedora Workstation as they replace the [DNF](https://fedoraproject.org/wiki/DNF) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/package-management/rpm-ostree/). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image. + +After the update is complete you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily rollback if something breaks in the new deployment. There is also the option to pin more deployments as needed. + +[Flatpak](https://www.flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image. + +As an alternative to Flatpaks, there is the option of [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/) to create [Podman](https://podman.io) containers with a shared home directory with the host operating system and mimic a traditional Fedora environment, which is a [useful feature](https://containertoolbx.org) for the discerning developer. + +### NixOS + +!!! recommendation + + ![NixOS logo](assets/img/linux-desktop/nixos.svg){ align=right } + + NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability. + + [:octicons-home-16: Homepage](https://nixos.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://nixos.org/learn.html){ .card-link title=Documentation} + [:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title=Contribute } + +NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only. + +NixOS also provides atomic updates; first it downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation; you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system. + +Nix the package manager uses a purely functional language - which is also called Nix - to define packages. + +[Nixpkgs](https://github.com/nixos/nixpkgs) (the main source of packages) are contained in a single GitHub repository. You can also define your own packages in the same language and then easily include them in your config. + +Nix is a source-based package manager; if there’s no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible, thus making binaries reproducible. + +## Anonymity-Focused Distributions + +### Whonix + +!!! recommendation + + ![Whonix logo](assets/img/linux-desktop/whonix.svg){ align=right } + + **Whonix** is based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os). + + [:octicons-home-16: Homepage](https://www.whonix.org/){ .md-button .md-button--primary } + [:simple-torbrowser:](http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="Onion Service" } + [:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation} + [:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=Contribute } + +Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden. + +Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator. + +Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system. + +Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has various [disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors. + +### Tails + +!!! recommendation + + ![Tails logo](assets/img/linux-desktop/tails.svg){ align=right } + + **Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off. + + [:octicons-home-16: Homepage](https://tails.boum.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://tails.boum.org/doc/index.en.html){ .card-link title=Documentation} + [:octicons-heart-16:](https://tails.boum.org/donate/){ .card-link title=Contribute } + +Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized. + +Tails includes [uBlock Origin](desktop-browsers.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device. + +By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/persistent_storage/index.en.html) can be configured to store some data between reboots. + +## Security-focused Distributions + +### Qubes OS + +!!! recommendation + + ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ align=right } + + **Qubes OS** is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and use most of the Linux drivers. + + [:octicons-home-16: Homepage](https://www.qubes-os.org/){ .md-button .md-button--primary } + [:material-arrow-right-drop-circle: Overview](os/qubes-overview.md){ .md-button .md-button--primary } + [:simple-torbrowser:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://www.qubes-os.org/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.qubes-os.org/doc/){ .card-link title=Documentation } + [:octicons-code-16:](https://github.com/QubesOS/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.qubes-os.org/donate/){ .card-link title=Contribute } + +Qubes OS is a Xen-based operating system meant to provide strong security for desktop computing through secure virtual machines (VMs), also known as *Qubes*. + +The Qubes OS operating system secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate VMs. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the system. For further details see the Qubes [FAQ](https://www.qubes-os.org/faq/). + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +Our recommended operating systems: + +- Must be open-source. +- Must receive regular software and Linux kernel updates. +- Linux distributions must support [Wayland](os/linux-overview.md#Wayland). +- Must support full-disk encryption during installation. +- Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. +- Must support a wide variety of hardware. diff --git a/i18n/ku/dns.md b/i18n/ku/dns.md new file mode 100644 index 000000000..ca458095a --- /dev/null +++ b/i18n/ku/dns.md @@ -0,0 +1,139 @@ +--- +title: "چارەسەرکەرانی DNS" +icon: material/dns +description: ئەمانە هەندێک لە دابینکەرانی DNSـی شفرەکراون، کە پێشنیاری بەکارهێنانیان دەکەین. بۆ ڕزگارت بوون لە شێوەپێدراوە بنەڕەتیکانی ISPـیەکەت. +--- + +DNSـی شفرەکراو تەنها دەبێت بەکار بهێنرێت لەگەڵ ڕاژەکاری لایەنی سێیەم بۆ تێپەڕاندنی [قەدەغەکردنێکی DNSـی](https://en.wikipedia.org/wiki/DNS_blocking) سادە. کاتێک دڵنیا دەبیت کە هیچ دەرئەنجامێک نابێت. DNSـی شفرەکراو یارمەتیت نادات لە شاردنەوەی هیچ یەکێک لە چالاکیەکانی گەڕانت. + +[دەربارەی DNS زیاتر فێربە:material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} + +## دابینکەرانی پێشنیارکراو + +| دابینکەری DNS | سیاسەتی تایبەتێتـی | پڕۆتۆکۆڵەکان | هەڵگرتنی تۆمار | ECS | پاڵاوتن | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | هەندێک١ | نەخێر | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. لیستی پاڵاوتنی بەکارهێنراو لێرە دەدۆزرێتەوە. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH
DoT | هەندێک٢ | نەخێر | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | ئارەزوومەندانە٣ | نەخێر | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | نەخێر٤ | نەخێر | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. لیستی پاڵاوتنی بەکارهێنراو لێرە دەدۆزرێتەوە. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH
DoT | ئارەزوومەندانە٥ | ئارەزوومەندانە | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | هەندێک٦ | ئارەزوومەندانە | لەسەر بنەمای هەڵبژاردنی ڕاژەیە، لەبنەڕەتەوە بەربەستی زیانەواڵەیە. | + +## پێوەرەکان + +**تکایە تێبینی ئەوە بکە کە ئێمە سەر بە هیچ کام لەو پرۆژانە نین کە پێشنیاری دەکەین.** وە جگە لە [ پێوەرە بنچینەییەکانمان](about/criteria.md), ئێمە کۆمەڵێک داواکاری ڕوونمان دامەزراندووە بۆ ئەوەی ڕێگەمان پێبدات پێشنیاری بنچینە بکەین. ئێمە پێشنیاری ئەوە دەکەین کە تۆ خۆت ئاشنا بکەیت لەگەڵ ئەم لیستە پێش هەڵبژاردن و بەکارهێنانی دابینکەرەکە وە لێکۆڵینەوەی خۆت بکەیت بۆ دڵنیابوون لەوەی، کە ئەمە هەڵبژاردنێکی گونجاوە بۆ تۆ. + +!!! نموونە "ئەم بەشە نوێیە" + + ئێمە کار لەسەر دانانی پێوەرە پێناسەکراوەکان دەکەین بۆ هەموو بەشێکی ماڵپەڕەکەمان, وە ئەمە لەوانەیە بگۆڕدرێت. ئەگەر هیچ پرسیارێکت هەیە سەبارەت بە پێوەرەکانی ئێمە. ئەوا تکایە [لە سەکۆکەمان پرسیار بکە](https://discuss.privacyguides.net/latest). وە وادامەنێ کە ئێمە هیچ شتێکمان لەبەرچاو نەگرتوە لە کاتی دروستکردنی پێشنیارەکانمان ئەگەر لە لیستەکە نەبێت. چەندین هۆکار هەن کە لەبەرچاو دەگرین و گفتوگۆیان لەسەر دەکرێت کاتێک پێشنیاری پرۆژەیەک دەکەین. وە تۆمارکردنی هەریەکەیان کارێکی بەردەوامە. + +- پێویستە بشتگیری [DNSSEC](advanced/dns-overview.md#what-is-dnssec) بکات. +- [بچووکردنەوەی QNAME](advanced/dns-overview.md#what-is-qname-minimization). +- ڕێگە بە ناچالاک کردنی [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) بدات. +- پەسند کردنی [Anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) یان پشتگیری "ئاڕاستەی-جوگرافی". + +## پشتگیری لە سیستەمی کارپێکەری بنەچەیی + +### ئەندرۆید + +ئەندرۆیدی ٩ و سەرووتر پشتگیری DNS دەکەن لە ڕێگەی TLS. ڕێکخستنەکان دەتوانرێ بدۆزرێتەوە لە: **Settings**→**Network & Internet**→**Private DNS**. + +### ئامێرەکانی Apple + +کۆتا وەشەنەکان لە tvOS، iPadOS، iOS لەگەڵ macOS هەموویان پشتگیری لە DoT و DoH دەکەن. هەردوو پرۆتۆکۆلەکە بە شێوەیەکی ڕەسەن پشتگیری دەکرێن لە ڕێگەی [شێوەپێدانی پڕؤفایلەکان](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) یان لە ڕێگەی [ڕێکخستنەکانیDNS API](https://developer.apple.com/documentation/networkextension/dns_settings). + +دوای دامەزراندنی شێوەپێدانێکی پڕۆفایل یان کاربەرنامەیەک کە ڕێکخستنەکانی DNS API بەکاردێنێ، دەتوانیت شێوەپێدانی DNS دیاریبکەیت. ئەگەر VPN چالاک بێت، چارەسەری ناو تونێلی VPNـەکە ڕێکخستەنەکانی DNSـی VPNـەکە بەکاردێنیت. نەک ڕێکخستەنە فراوانەکەی سیستەمەکەت. + +#### Signed Profiles + +Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). + +!!! info + + `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + +## Encrypted DNS Proxies + +Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). + +### RethinkDNS + +!!! recommendation + + ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } + ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } + + **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. + + [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) + - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) + +### dnscrypt-proxy + +!!! recommendation + + ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } + + **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). + + !!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." + + [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" } + [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) + - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) + - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) + +## Self-hosted Solutions + +A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. + +### AdGuard Home + +!!! recommendation + + ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } + + **AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + + AdGuard Home features a polished web interface to view insights and manage blocked content. + + [:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } + [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } + +### Pi-hole + +!!! recommendation + + ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } + + **Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + + Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. + + [:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } + [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } + +[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) +[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) +[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) +[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) +[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) +[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) diff --git a/i18n/ku/email-clients.md b/i18n/ku/email-clients.md new file mode 100644 index 000000000..eec0e2923 --- /dev/null +++ b/i18n/ku/email-clients.md @@ -0,0 +1,238 @@ +--- +title: "Email Clients" +icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. +--- + +Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. + +??? warning "Email does not provide forward secrecy" + + When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email. + + OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](basics/email-security.md) Consider using a medium that provides forward secrecy: + + [Real-time Communication](real-time-communication.md){ .md-button } + +## Cross-Platform + +### Thunderbird + +!!! recommendation + + ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ align=right } + + **Thunderbird** is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by the Thunderbird community, and previously by the Mozilla Foundation. + + [:octicons-home-16: Homepage](https://www.thunderbird.net){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.mozilla.org/privacy/thunderbird){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mozilla.org/products/thunderbird){ .card-link title=Documentation} + [:octicons-code-16:](https://hg.mozilla.org/comm-central){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-windows11: Windows](https://www.thunderbird.net) + - [:simple-apple: macOS](https://www.thunderbird.net) + - [:simple-linux: Linux](https://www.thunderbird.net) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.Thunderbird) + +#### Recommended Configuration + +We recommend changing some of these settings to make Thunderbird a little more private. + +These options can be found in :material-menu: → **Settings** → **Privacy & Security**. + +##### Web Content + +- [ ] Uncheck **Remember websites and links I've visited** +- [ ] Uncheck **Accept cookies from sites** + +##### Telemetry + +- [ ] Uncheck **Allow Thunderbird to send technical and interaction data to Mozilla** + +#### Thunderbird-user.js (advanced) + +[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js), is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce surface area and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js). + +## Platform Specific + +### Apple Mail (macOS) + +!!! recommendation + + ![Apple Mail logo](assets/img/email-clients/applemail.png){ align=right } + + **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](encryption.md#gpg-suite), which adds the ability to send PGP-encrypted email. + + [:octicons-home-16: Homepage](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.apple.com/legal/privacy/en-ww/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.apple.com/guide/mail/toc){ .card-link title=Documentation} + +### Canary Mail (iOS) + +!!! recommendation + + ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ align=right } + + **Canary Mail** is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock. + + [:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://canarymail.zendesk.com/){ .card-link title=Documentation} + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1236045954) + - [:simple-windows11: Windows](https://canarymail.io/downloads.html) + +!!! warning + + Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts. + +Canary Mail is closed-source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE. + +### FairEmail (Android) + +!!! recommendation + + ![FairEmail logo](assets/img/email-clients/fairemail.svg){ align=right } + + **FairEmail** is a minimal, open-source email app, using open standards (IMAP, SMTP, OpenPGP) with a low data and battery usage. + + [:octicons-home-16: Homepage](https://email.faircode.eu){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/M66B/FairEmail/blob/master/FAQ.md){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/M66B/FairEmail){ .card-link title="Source Code" } + [:octicons-heart-16:](https://email.faircode.eu/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=eu.faircode.email) + - [:simple-github: GitHub](https://github.com/M66B/FairEmail/releases) + +### GNOME Evolution (GNOME) + +!!! recommendation + + ![Evolution logo](assets/img/email-clients/evolution.svg){ align=right } + + **Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable/) to help you get started. + + [:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary } + [:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://help.gnome.org/users/evolution/stable/){ .card-link title=Documentation} + [:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.gnome.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gnome.Evolution) + +### K-9 Mail (Android) + +!!! recommendation + + ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ align=right } + + **K-9 Mail** is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP. + + In the future, K-9 Mail will be the [officially branded](https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html) Thunderbird client for Android. + + [:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary } + [:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.k9mail.app/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/k9mail/k-9){ .card-link title="Source Code" } + [:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9) + - [:simple-github: GitHub](https://github.com/k9mail/k-9/releases) + +!!! warning + + When replying to someone on a mailing list the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738). + +### Kontact (KDE) + +!!! recommendation + + ![Kontact logo](assets/img/email-clients/kontact.svg){ align=right } + + **Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, organizer and RSS client. + + [:octicons-home-16: Homepage](https://kontact.kde.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://kontact.kde.org/users/){ .card-link title=Documentation} + [:octicons-code-16:](https://invent.kde.org/pim/kmail){ .card-link title="Source Code" } + [:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-linux: Linux](https://kontact.kde.org/download) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.kontact) + +### Mailvelope (Browser) + +!!! recommendation + + ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ align=right } + + **Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard. + + [:octicons-home-16: Homepage](https://www.mailvelope.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.mailvelope.com/en/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://mailvelope.com/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/mailvelope/mailvelope){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/mailvelope) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke) + - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc) + +### NeoMutt (CLI) + +!!! recommendation + + ![NeoMutt logo](assets/img/email-clients/mutt.svg){ align=right } + + **NeoMutt** is an open-source command line mail reader (or MUA) for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features. + + NeoMutt is a text-based client that has a steep learning curve. It is however, very customizable. + + [:octicons-home-16: Homepage](https://neomutt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://neomutt.org/guide/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/neomutt/neomutt){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.paypal.com/paypalme/russon/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-apple: macOS](https://neomutt.org/distro) + - [:simple-linux: Linux](https://neomutt.org/distro) + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Qualifications + +- Apps developed for open-source operating systems must be open-source. +- Must not collect telemetry, or have an easy way to disable all telemetry. +- Must support OpenPGP message encryption. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should be open-source. +- Should be cross-platform. +- Should not collect any telemetry by default. +- Should support OpenPGP natively, i.e. without extensions. +- Should support storing OpenPGP encrypted emails locally. diff --git a/i18n/ku/email.md b/i18n/ku/email.md new file mode 100644 index 000000000..7ab4c31d5 --- /dev/null +++ b/i18n/ku/email.md @@ -0,0 +1,510 @@ +--- +title: "Email Services" +icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. +--- + +Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. + +[Recommended Instant Messengers](real-time-communication.md ""){.md-button} + +For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. + +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + +## OpenPGP Compatible Services + +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
+ +!!! warning + + When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). + + OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) + +### Proton Mail + +!!! recommendation + + ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + + **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + + [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } + [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id979659905) + - [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases) + - [:simple-windows11: Windows](https://proton.me/mail/bridge#download) + - [:simple-apple: macOS](https://proton.me/mail/bridge#download) + - [:simple-linux: Linux](https://proton.me/mail/bridge#download) + - [:octicons-browser-16: Web](https://mail.proton.me) + +Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). + +If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. + +Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. + +#### :material-check:{ .pg-green } Custom Domains and Aliases + +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. + +#### :material-check:{ .pg-green } Private Payment Methods + +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. + +#### :material-check:{ .pg-green } Account Security + +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. + +#### :material-check:{ .pg-green } Data Security + +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. + +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. + +#### :material-check:{ .pg-green } Email Encryption + +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. + +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. + +#### :material-alert-outline:{ .pg-orange } Digital Legacy + +Proton Mail doesn't offer a digital legacy feature. + +#### :material-information-outline:{ .pg-blue } Account Termination + +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. + +### Mailbox.org + +!!! recommendation + + ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right } + + **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed. + + [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation} + + ??? downloads + + - [:octicons-browser-16: Web](https://login.mailbox.org) + +#### :material-check:{ .pg-green } Custom Domains and Aliases + +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. + +#### :material-check:{ .pg-green } Private Payment Methods + +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. + +#### :material-check:{ .pg-green } Account Security + +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. + +#### :material-information-outline:{ .pg-blue } Data Security + +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. + +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. + +#### :material-check:{ .pg-green } Email Encryption + +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. + +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. + +#### :material-check:{ .pg-green } Digital Legacy + +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. + +#### :material-information-outline:{ .pg-blue } Account Termination + +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
+ +### StartMail + +!!! recommendation + + ![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right } + ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right } + + **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial. + + [:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation} + + ??? downloads + + - [:octicons-browser-16: Web](https://mail.startmail.com/login) + +#### :material-check:{ .pg-green } Custom Domains and Aliases + +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. + +#### :material-alert-outline:{ .pg-orange } Private Payment Methods + +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. + +#### :material-check:{ .pg-green } Account Security + +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. + +#### :material-information-outline:{ .pg-blue } Data Security + +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. + +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. + +#### :material-check:{ .pg-green } Email Encryption + +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. + +#### :material-alert-outline:{ .pg-orange } Digital Legacy + +StartMail does not offer a digital legacy feature. + +#### :material-information-outline:{ .pg-blue } Account Termination + +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. + +### Tutanota + +!!! recommendation + + ![Tutanota logo](assets/img/email/tutanota.svg){ align=right } + + **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan. + + [:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" } + [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota) + - [:simple-appstore: App Store](https://apps.apple.com/app/tutanota/id922429609) + - [:simple-github: GitHub](https://github.com/tutao/tutanota/releases) + - [:simple-windows11: Windows](https://tutanota.com/#download) + - [:simple-apple: macOS](https://tutanota.com/#download) + - [:simple-linux: Linux](https://tutanota.com/#download) + - [:octicons-browser-16: Web](https://mail.tutanota.com/) + +Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. + +#### :material-check:{ .pg-green } Custom Domains and Aliases + +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. + +#### :material-information-outline:{ .pg-blue } Private Payment Methods + +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. + +#### :material-check:{ .pg-green } Account Security + +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. + +#### :material-check:{ .pg-green } Data Security + +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. + +#### :material-information-outline:{ .pg-blue } Email Encryption + +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). + +#### :material-alert-outline:{ .pg-orange } Digital Legacy + +Tutanota doesn't offer a digital legacy feature. + +#### :material-information-outline:{ .pg-blue } Account Termination + +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. + +## Email Aliasing Services + +An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. + +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ +Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. + +Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: + +- Aliases can be turned on and off individually when you need them, preventing websites from emailing you randomly. +- Replies are sent from the alias address, shielding your real email address. + +They also have a number of benefits over "temporary email" services: + +- Aliases are permanent and can be turned on again if you need to receive something like a password reset. +- Emails are sent to your trusted mailbox rather than stored by the alias provider. +- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you. + +Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign. + +Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider. + +### AnonAddy + +!!! recommendation + + ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right } + ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right } + + **AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. + + [:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" } + [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app) + - [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe) + +The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year. + +Notable free features: + +- [x] 20 Shared Aliases +- [x] Unlimited Standard Aliases +- [ ] No Outgoing Replies +- [x] 2 Recipient Mailboxes +- [x] Automatic PGP Encryption + +### SimpleLogin + +!!! recommendation + + ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right } + + **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains. + + [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858) + - [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn) + - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff) + - [:simple-safari: Safari](https://apps.apple.com/app/id1494051017) + +SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf). + +You can link your SimpleLogin account in the settings with your Proton account. If you have the Proton Unlimited, Business, or Visionary Plan, you will have SimpleLogin Premium for free. + +Notable free features: + +- [x] 10 Shared Aliases +- [x] Unlimited Replies +- [x] 1 Recipient Mailbox + +## Self-Hosting Email + +Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. + +### Combined software solutions + +!!! recommendation + + ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } + + **Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. + + [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } + [:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute } + +!!! recommendation + + ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right } + + **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server. + + [:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary } + [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" } + +For a more manual approach we've picked out these two articles: + +- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) +- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017) + +## Criteria + +**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. + +### Technology + +We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. + +**Minimum to Qualify:** + +- Encrypts email account data at rest with zero-access encryption. +- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. +- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy. +- Operates on owned infrastructure, i.e. not built upon third-party email service providers. + +**Best Case:** + +- Encrypts all account data (Contacts, Calendars, etc) at rest with zero-access encryption. +- Integrated webmail E2EE/PGP encryption provided as a convenience. +- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com` +- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. +- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). +- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support. +- Catch-all or alias functionality for those who own their own domains. +- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. + +### Privacy + +We prefer our recommended providers to collect as little data as possible. + +**Minimum to Qualify:** + +- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Don't require personally identifiable information (PII) besides a username and a password. +- Privacy policy that meets the requirements defined by the GDPR +- Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/). + +**Best Case:** + +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) + +### Security + +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. + +**Minimum to Qualify:** + +- Protection of webmail with 2FA, such as TOTP. +- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. +- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://www.hardenize.com/), [testssl.sh](https://testssl.sh/), or [Qualys SSL Labs](https://www.ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). +- A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. +- A valid [MTA-STS](https://tools.ietf.org/html/rfc8461) and [TLS-RPT](https://tools.ietf.org/html/rfc8460) policy. +- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. +- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. +- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). +- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. +- Website security standards such as: + - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) + - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. +- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. + +**Best Case:** + +- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Website security standards such as: + - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) + +### Trust + +You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. + +**Minimum to Qualify:** + +- Public-facing leadership or ownership. + +**Best Case:** + +- Public-facing leadership. +- Frequent transparency reports. + +### Marketing + +With the email providers we recommend we like to see responsible marketing. + +**Minimum to Qualify:** + +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. + +Must not have any marketing which is irresponsible: + +- Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: + +- Reusing personal information e.g. (email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc) +- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) + +**Best Case:** + +- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. + +### Additional Functionality + +While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. diff --git a/i18n/ku/encryption.md b/i18n/ku/encryption.md new file mode 100644 index 000000000..ded8533b1 --- /dev/null +++ b/i18n/ku/encryption.md @@ -0,0 +1,356 @@ +--- +title: "Encryption Software" +icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. +--- + +Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. + +## Multi-platform + +The options listed here are multi-platform and great for creating encrypted backups of your data. + +### Cryptomator (Cloud) + +!!! recommendation + + ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right } + + **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider. + + [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" } + [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163) + - [:simple-android: Android](https://cryptomator.org/android) + - [:simple-windows11: Windows](https://cryptomator.org/downloads) + - [:simple-apple: macOS](https://cryptomator.org/downloads) + - [:simple-linux: Linux](https://cryptomator.org/downloads) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator) + +Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders. + +Some Cryptomator cryptographic libraries have been [audited](https://community.cryptomator.org/t/has-there-been-a-security-review-audit-of-cryptomator/44) by Cure53. The scope of the audited libraries includes: [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). The audit did not extend to [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift), which is a library used by Cryptomator for iOS. + +Cryptomator's documentation details its intended [security target](https://docs.cryptomator.org/en/latest/security/security-target/), [security architecture](https://docs.cryptomator.org/en/latest/security/architecture/), and [best practices](https://docs.cryptomator.org/en/latest/security/best-practices/) for use in further detail. + +### Picocrypt (File) + +!!! recommendation + + ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right } + + **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features. + + [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" } + [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases) + - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases) + - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases) + +### VeraCrypt (Disk) + +!!! recommendation + + ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right } + ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right } + + **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication. + + [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary } + [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation} + [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html) + - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html) + - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html) + +VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed. + +When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher. + +Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). + +## OS Full Disk Encryption + +Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor). + +### BitLocker + +!!! recommendation + + ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } + + **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). + + [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation} + +BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites. + +??? example "Enabling BitLocker on Windows Home" + + To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. + + 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style": + + ``` + powershell Get-Disk + ``` + + 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`: + + ``` + powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm + ``` + + 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**. + + 4. Login with your admin account and type this in the command prompt to start encryption: + + ``` + manage-bde -on c: -used + ``` + + 5. Close the command prompt and continue booting to regular Windows. + + 6. Open an admin command prompt and run the following commands: + + ``` + manage-bde c: -protectors -add -rp -tpm + manage-bde -protectors -enable c: + manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt + ``` + + !!! tip + + Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data. + +### FileVault + +!!! recommendation + + ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } + + **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. + + [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation} + +We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. + +### Linux Unified Key Setup + +!!! recommendation + + ![LUKS logo](assets/img/encryption-software/luks.png){ align=right } + + **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. + + [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary } + [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation} + [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" } + +??? example "Creating and opening encrypted containers" + + ``` + dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress + sudo cryptsetup luksFormat /path-to-file + ``` + + + #### Opening encrypted containers + We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface. + ``` + udisksctl loop-setup -f /path-to-file + udisksctl unlock -b /dev/loop0 + ``` + +!!! note "Remember to back up volume headers" + + We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: + + ``` + cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img + ``` + +## Browser-based + +Browser-based encryption can be useful when you need to encrypt a file but cannot install software or apps on your device. + +### hat.sh + +!!! recommendation + + ![hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ align=right } + ![hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ align=right } + + **Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies. + + [:octicons-globe-16: Website](https://hat.sh){ .md-button .md-button--primary } + [:octicons-eye-16:](https://hat.sh/about/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://hat.sh/about/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" } + +## Command-line + +Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script). + +### Kryptor + +!!! recommendation + + ![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right } + + **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG. + + [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://www.kryptor.co.uk) + - [:simple-apple: macOS](https://www.kryptor.co.uk) + - [:simple-linux: Linux](https://www.kryptor.co.uk) + +### Tomb + +!!! recommendation + + ![Tomb logo](assets/img/encryption-software/tomb.png){ align=right } + + **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work). + + [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute } + +## OpenPGP + +OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options. + +When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf). + +!!! tip "Use future defaults when generating a key" + + When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/): + + ```bash + gpg --quick-gen-key alice@example.com future-default + ``` + +### GNU Privacy Guard + +!!! recommendation + + ![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right } + + **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government. + + [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation} + [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) + - [:simple-windows11: Windows](https://gpg4win.org/download.html) + - [:simple-apple: macOS](https://gpgtools.org) + - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary) + +### GPG4win + +!!! recommendation + + ![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right } + + **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005. + + [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation} + [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" } + [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://gpg4win.org/download.html) + +### GPG Suite + +!!! note + + We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices. + +!!! recommendation + + ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } + + **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. + + We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support. + + [:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-apple: macOS](https://gpgtools.org) + +### OpenKeychain + +!!! recommendation + + ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } + + **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). + + [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Qualifications + +- Cross-platform encryption apps must be open-source. +- File encryption apps must support decryption on Linux, macOS, and Windows. +- External disk encryption apps must support decryption on Linux, macOS, and Windows. +- Internal (OS) disk encryption apps must be cross-platform or built in to the operating system natively. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. +- File encryption apps should have first- or third-party support for mobile platforms. diff --git a/i18n/ku/file-sharing.md b/i18n/ku/file-sharing.md new file mode 100644 index 000000000..3e79d791f --- /dev/null +++ b/i18n/ku/file-sharing.md @@ -0,0 +1,147 @@ +--- +title: "File Sharing and Sync" +icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. +--- + +Discover how to privately share your files between your devices, with your friends and family, or anonymously online. + +## File Sharing + +### Send + +!!! recommendation + + ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right } + + **Send** is a fork of Mozilla’s discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee/). You can use other public instances, or you can host Send yourself. + + [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary } + [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"} + [:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute } + +Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server: + +```bash +ffsend upload --host https://send.vis.ee/ FILE +``` + +### OnionShare + +!!! recommendation + + ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ align=right } + + **OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files. + + [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary } + [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" } + [:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-windows11: Windows](https://onionshare.org/#download) + - [:simple-apple: macOS](https://onionshare.org/#download) + - [:simple-linux: Linux](https://onionshare.org/#download) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must not store decrypted data on a remote server. +- Must be open-source software. +- Must either have clients for Linux, macOS, and Windows; or have a web interface. + +## FreedomBox + +!!! recommendation + + ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right } + + **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host. + + [:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation} + [:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" } + [:octicons-heart-16:](https://freedomboxfoundation.org/donate/){ .card-link title=Contribute } + +## File Sync + +### Nextcloud (Client-Server) + +!!! recommendation + + ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } + + **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + + [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } + [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) + - [:simple-github: GitHub](https://github.com/nextcloud/android/releases) + - [:simple-windows11: Windows](https://nextcloud.com/install/#install-clients) + - [:simple-apple: macOS](https://nextcloud.com/install/#install-clients) + - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud) + +!!! danger + + We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. + +### Syncthing (P2P) + +!!! recommendation + + ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right } + + **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS. + + [:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary } + [:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" } + [:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid) + - [:simple-windows11: Windows](https://syncthing.net/downloads/) + - [:simple-apple: macOS](https://syncthing.net/downloads/) + - [:simple-linux: Linux](https://syncthing.net/downloads/) + - [:simple-freebsd: FreeBSD](https://syncthing.net/downloads/) + - [:simple-openbsd: OpenBSD](https://syncthing.net/downloads/) + - [:simple-netbsd: NetBSD](https://syncthing.net/downloads/) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +#### Minimum Requirements + +- Must not require a third-party remote/cloud server. +- Must be open-source software. +- Must either have clients for Linux, macOS, and Windows; or have a web interface. + +#### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Has mobile clients for iOS and Android, which at least support document previews. +- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. diff --git a/i18n/ku/financial-services.md b/i18n/ku/financial-services.md new file mode 100644 index 000000000..480c924c3 --- /dev/null +++ b/i18n/ku/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/ku/frontends.md b/i18n/ku/frontends.md new file mode 100644 index 000000000..7f245f412 --- /dev/null +++ b/i18n/ku/frontends.md @@ -0,0 +1,267 @@ +--- +title: "Frontends" +icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. +--- + +Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. + +## LBRY + +### Librarian + +!!! recommendation + + ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ align=right } + ![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ align=right } + + **Librarian** is a free and open-source frontend for [Odysee](https://odysee.com/) (LBRY) that is also self-hostable. + + There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support. + + [:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary } + [:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"} + [:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" } + +!!! warning + + Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy. + +!!! tip + + Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting. + +When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII. + +## Twitter + +### Nitter + +!!! recommendation + + ![Nitter logo](assets/img/frontends/nitter.svg){ align=right } + + **Nitter** is a free and open-source frontend for [Twitter](https://twitter.com) that is also self-hostable. + + There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support. + + [:octicons-repo-16: Repository](https://github.com/zedeus/nitter){ .md-button .md-button--primary } + [:octicons-server-16:](https://github.com/zedeus/nitter/wiki/Instances){ .card-link title="Public Instances"} + [:octicons-info-16:](https://github.com/zedeus/nitter/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute } + +!!! tip + + Nitter is useful if you want to browse Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter). + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Nitter, as other peoples' usage will be linked to your hosting. + +When you are using a Nitter instance, make sure to read the privacy policy of that specific instance. Nitter instances can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII. + +## TikTok + +### ProxiTok + +!!! recommendation + + ![ProxiTok logo](assets/img/frontends/proxitok.svg){ align=right } + + **ProxiTok** is an open source frontend to the [TikTok](https://www.tiktok.com) website that is also self-hostable. + + There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support. + + [:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary } + [:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances"} + [:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" } + +!!! tip + + ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting ProxiTok, as other peoples' usage will be linked to your hosting. + +When you are using a ProxiTok instance, make sure to read the privacy policy of that specific instance. ProxiTok instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII. + +## YouTube + +### FreeTube + +!!! recommendation + + ![FreeTube logo](assets/img/frontends/freetube.svg){ align=right } + + **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device. + + By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. + + [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" } + [:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://freetubeapp.io/#download) + - [:simple-apple: macOS](https://freetubeapp.io/#download) + - [:simple-linux: Linux](https://freetubeapp.io/#download) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube) + +!!! warning + + When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +### Yattee + +!!! recommendation + + ![Yattee logo](assets/img/frontends/yattee.svg){ align=right } + + **Yattee** is a free and open-source privacy oriented video player for iOS, tvOS and macOS for [YouTube](https://youtube.com). When using Yattee, your subscription list are saved locally on your device. + + You will need to take a few [extra steps](https://gonzoknows.com/posts/Yattee/) before you can use Yattee to watch YouTube, due to App Store restrictions. + + [:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary } + [:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/yattee/yattee/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/yattee/yattee/wiki/Donations){ .card-link title=Contribute } + + ??? downloads + + - [:simple-apple: App Store](https://apps.apple.com/us/app/yattee/id1595136629) + - [:simple-github: GitHub](https://github.com/yattee/yattee/releases) + +!!! warning + + When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. + +### LibreTube (Android) + +!!! recommendation + + ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ align=right } + ![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ align=right } + + **LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API. + + LibreTube allows you to store your subscription list and playlists locally on your Android device, or to an account on your Piped instance of choice, which allows you to access them seamlessly on other devices as well. + + [:octicons-home-16: Homepage](https://libre-tube.github.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/libre-tube/LibreTube#privacy-policy-and-disclaimer){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/libre-tube/LibreTube#readme){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases) + +!!! warning + + When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired. + +### NewPipe (Android) + +!!! recommendation annotate + + ![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right } + + **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1). + + Your subscription list and playlists are saved locally on your Android device. + + [:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary } + [:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://teamnewpipe.github.io/documentation/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" } + [:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases) + +1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances** + +!!! Warning + + When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +### Invidious + +!!! recommendation + + ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ align=right } + ![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ align=right } + + **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable. + + There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support. + + [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary } + [:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"} + [:octicons-info-16:](https://docs.invidious.io/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" } + [:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute } + +!!! warning + + Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL. + +!!! tip + + Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts. + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting. + +When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII. + +### Piped + +!!! recommendation + + ![Piped logo](assets/img/frontends/piped.svg){ align=right } + + **Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable. + + Piped requires JavaScript in order to function and there are a number of public instances. + + [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary } + [:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"} + [:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute } + +!!! tip + + Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts. + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting. + +When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +Recommended frontends... + +- Must be open-source software. +- Must be self-hostable. +- Must provide all basic website functionality available to anonymous users. + +We only consider frontends for websites which are... + +- Not normally accessible without JavaScript. diff --git a/i18n/ku/index.md b/i18n/ku/index.md new file mode 100644 index 000000000..e65cc032e --- /dev/null +++ b/i18n/ku/index.md @@ -0,0 +1,42 @@ +--- +template: overrides/home.en.html +hide: + - navigation + - toc + - feedback +--- + + +## Why should I care? + +##### “I have nothing to hide. Why should I care about my privacy?” + +Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination). + +You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human. + +[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary} + +## What should I do? + +##### First, you need to make a plan + +Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them. + +==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan. + +[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary} + +--- + +## We need you! Here's how to get involved: + +[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" } +[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" } +[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" } +[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" } +[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" } +[:material-information-outline:](about/index.md){ title="Learn more about us" } +[:material-hand-coin-outline:](about/donate.md){ title="Support the project" } + +It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. diff --git a/i18n/ku/kb-archive.md b/i18n/ku/kb-archive.md new file mode 100644 index 000000000..92daee33b --- /dev/null +++ b/i18n/ku/kb-archive.md @@ -0,0 +1,17 @@ +--- +title: KB Archive +icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. +--- + +# Pages Moved to Blog + +Some pages that used to be in our knowledge base can now be found on our blog: + +- [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +- [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) +- [Linux - System Hardening](https://blog.privacyguides.org/2022/04/22/linux-system-hardening/) +- [Linux - Application Sandboxing](https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/) +- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) +- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) +- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) diff --git a/i18n/ku/meta/brand.md b/i18n/ku/meta/brand.md new file mode 100644 index 000000000..53cb9ac42 --- /dev/null +++ b/i18n/ku/meta/brand.md @@ -0,0 +1,22 @@ +--- +title: Branding Guidelines +--- + +The name of the website is **Privacy Guides** and should **not** be changed to: + +
+- PrivacyGuides +- Privacy guides +- PG +- PG.org +
+ +The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. + +Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) + +## Trademark + +"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. + +Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. diff --git a/i18n/ku/meta/git-recommendations.md b/i18n/ku/meta/git-recommendations.md new file mode 100644 index 000000000..f59b5f81f --- /dev/null +++ b/i18n/ku/meta/git-recommendations.md @@ -0,0 +1,46 @@ +--- +title: Git Recommendations +--- + +If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. + +## Enable SSH Key Commit Signing + +You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). + +1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo): + ``` + git config --global commit.gpgsign true + git config --global gpg.format ssh + git config --global tag.gpgSign true + ``` +2. Copy your SSH public key to your clipboard, for example: + ``` + pbcopy < ~/.ssh/id_ed25519.pub + # Copies the contents of the id_ed25519.pub file to your clipboard + ``` +3. Set your SSH key for signing in Git with the following command, replacing the last string in quotes with the public key in your clipboard: + ``` + git config --global user.signingkey 'ssh-ed25519 AAAAC3(...) user@example.com' + ``` + +Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key). + +## Rebase on Git pull + +Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo). + +You can set this to be the default behavior: + +``` +git config --global pull.rebase true +``` + +## Rebase from `main` before submitting a PR + +If you are working on your own branch, run these commands before submitting a PR: + +``` +git fetch origin +git rebase origin/main +``` diff --git a/i18n/ku/meta/uploading-images.md b/i18n/ku/meta/uploading-images.md new file mode 100644 index 000000000..55f136f8a --- /dev/null +++ b/i18n/ku/meta/uploading-images.md @@ -0,0 +1,89 @@ +--- +title: Uploading Images +--- + +Here are a couple of general rules for contributing to Privacy Guides: + +## Images + +- We **prefer** SVG images, but if those do not exist we can use PNG images + +Company logos have canvas size of: + +- 128x128px +- 384x128px + +## Optimization + +### PNG + +Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image: + +```bash +optipng -o7 file.png +``` + +### SVG + +#### Inkscape + +[Scour](https://github.com/scour-project/scour) all SVG images. + +In Inkscape: + +1. File Save As.. +2. Set type to Optimized SVG (*.svg) + +In the **Options** tab: + +- **Number of significant digits for coordinates** > **5** +- [x] Turn on **Shorten color values** +- [x] Turn on **Convert CSS attributes to XML attributes** +- [x] Turn on **Collapse groups** +- [x] Turn on **Create groups for similar attributes** +- [ ] Turn off **Keep editor data** +- [ ] Turn off **Keep unreferenced definitions** +- [x] Turn on **Work around renderer bugs** + +In the **SVG Output** tab under **Document options**: + +- [ ] Turn off **Remove the XML declaration** +- [x] Turn on **Remove metadata** +- [x] Turn on **Remove comments** +- [x] Turn on **Embeded raster images** +- [x] Turn on **Enable viewboxing** + +In the **SVG Output** under **Pretty-printing**: + +- [ ] Turn off **Format output with line-breaks and indentation** +- **Indentation characters** > Select **Space** +- **Depth of indentation** > **1** +- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element** + +In the **IDs** tab: + +- [x] Turn on **Remove unused IDs** +- [ ] Turn off **Shorten IDs** +- **Prefix shortened IDs with** > `leave blank` +- [x] Turn on **Preserve manually created IDs not ending with digits** +- **Preserve the following IDs** > `leave blank` +- **Preserve IDs starting with** > `leave blank` + +#### CLI + +The same can be achieved with the [Scour](https://github.com/scour-project/scour) command: + +```bash +scour --set-precision=5 \ + --create-groups \ + --renderer-workaround \ + --remove-descriptive-elements \ + --enable-comment-stripping \ + --enable-viewboxing \ + --indent=space \ + --nindent=1 \ + --no-line-breaks \ + --enable-id-stripping \ + --protect-ids-noninkscape \ + input.svg output.svg +``` diff --git a/i18n/ku/meta/writing-style.md b/i18n/ku/meta/writing-style.md new file mode 100644 index 000000000..b9e47a716 --- /dev/null +++ b/i18n/ku/meta/writing-style.md @@ -0,0 +1,87 @@ +--- +title: Writing Style +--- + +Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt. + +In general the [United States federal plain language guidelines](https://www.plainlanguage.gov/guidelines/) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below. + +## Writing for our audience + +Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. + +### Address only what people want to know + +People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details. + +> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.” + +### Address people directly + +We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly. + +> More than any other single technique, using “you” pulls users into the information and makes it relevant to them. +> +> When you use “you” to address users, they are more likely to understand what their responsibility is. + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) + +### Avoid "users" + +Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for. + +## Organizing content + +Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. + +- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages. +- Mark important ideas with **bold** or *italics*. + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) + +### Begin with a topic sentence + +> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details. +> +> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) + +## Choose your words carefully + +> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. + +We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly. + +> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: +> +> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends. +> +> And the original, using stronger, simpler words: +> +> > More night jobs would keep youths off the streets. + +## Be concise + +> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective. + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) + +## Keep text conversational + +> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting. +> +> Verbs tell your audience what to do. Make sure it’s clear who does what. + +### Use active voice + +> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.” + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) + +### Use "must" for requirements + +> - “must” for an obligation +> - “must not” for a prohibition +> - “may” for a discretionary action +> - “should” for a recommendation diff --git a/i18n/ku/mobile-browsers.md b/i18n/ku/mobile-browsers.md new file mode 100644 index 000000000..d7adee8f3 --- /dev/null +++ b/i18n/ku/mobile-browsers.md @@ -0,0 +1,192 @@ +--- +title: "Mobile Browsers" +icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. +--- + +These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. + +## Android + +On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196). + +### Brave + +!!! recommendation + + ![Brave logo](assets/img/browsers/brave.svg){ align=right } + + **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default. + + Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues. + + [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary } + [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" } + + ??? downloads annotate + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser) + - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) + +#### Recommended Configuration + +Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. + +These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy** + +##### Shields + +Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit. + +##### Brave shields global defaults + +Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: + +
+ +- [x] Select **Aggressive** under Block trackers & ads + + ??? warning "Use default filter lists" + Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. + +- [x] Select **Upgrade connections to HTTPS** +- [x] (Optional) Select **Block Scripts** (1) +- [x] Select **Strict, may break sites** under **Block fingerprinting** + +
+ +1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension. + +##### Clear browsing data + +- [x] Select **Clear data on exit** + +##### Social Media Blocking + +- [ ] Uncheck all social media components + +##### Other privacy settings + +
+ +- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) +- [ ] Uncheck **Allow sites to check if you have payment methods saved** +- [ ] Uncheck **IPFS Gateway** (1) +- [x] Select **Close tabs on exit** +- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** +- [ ] Uncheck **Automatically send diagnostic reports** +- [ ] Uncheck **Automatically send daily usage ping to Brave** + +1. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. + +
+ +#### Brave Sync + +[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. + +## iOS + +On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser. + +### Safari + +!!! recommendation + + ![Safari logo](assets/img/browsers/safari.svg){ align=right } + + **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades. + + [:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation} + +#### Recommended Configuration + +These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**. + +##### Cross-Site Tracking Prevention + +- [x] Enable **Prevent Cross-Site Tracking** + +This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability. + +##### Privacy Report + +Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time. + +Privacy Report is accessible via the Page Settings menu. + +##### Privacy Preserving Ad Measurement + +- [ ] Disable **Privacy Preserving Ad Measurement** + +Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy. + +The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature. + +##### Always-on Private Browsing + +Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list. + +- [x] Select **Private** + +Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature. + +Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience. + +##### iCloud Sync + +Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/). + +You can enable E2EE for you Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/en-us/HT212520). Go to your **Apple ID name → iCloud → Advanced Data Protection**. + +- [x] Turn On **Advanced Data Protection** + +If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**. + +### AdGuard + +!!! recommendation + + ![AdGuard logo](assets/img/browsers/adguard.svg){ align=right } + + **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker). + + AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge. + + [:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary } + [:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1047223162) + +Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Requirements + +- Must support automatic updates. +- Must receive engine updates in 0-1 days from upstream release. +- Any changes required to make the browser more privacy-respecting should not negatively impact user experience. +- Android browsers must use the Chromium engine. + - Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android. + - iOS browsers are limited to WebKit. + +### Extension Criteria + +- Must not replicate built-in browser or OS functionality. +- Must directly impact user privacy, i.e. must not simply provide information. diff --git a/i18n/ku/multi-factor-authentication.md b/i18n/ku/multi-factor-authentication.md new file mode 100644 index 000000000..41030fe3b --- /dev/null +++ b/i18n/ku/multi-factor-authentication.md @@ -0,0 +1,143 @@ +--- +title: "Multi-Factor Authenticators" +icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. +--- + +## Hardware Security Keys + +### YubiKey + +!!! recommendation + + ![YubiKeys](assets/img/multi-factor-authentication/yubikey.png) + + The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP/), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication. + + One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://www.yubico.com/quiz/) before purchasing in order to make sure you make the right choice. + + [:octicons-home-16: Homepage](https://www.yubico.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation} + +The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series. + +YubiKeys can be programmed using the [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) or [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/). For managing TOTP codes, you can use the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/). All of Yubico's clients are open-source. + +For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker. + +!!! warning + The firmware of YubiKey is not open-source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. + +### Nitrokey / Librem Key + +!!! recommendation + + ![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right } + + **Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**. + + [:octicons-home-16: Homepage](https://www.nitrokey.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation} + +The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set. + +Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey.com/download). + +For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface. + +!!! warning + + While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP these secrets, we highly recommend that you use a Yubikey instead. + +!!! warning + + Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset). + + The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes. + +Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable. + +!!! tip + + The Nitrokey app, while compatible with Librem Keys, requires `libnitrokey` version 3.6 or above to recognize them. Currently, the package is outdated on Windows, macOS, and most Linux distributions' repository, so you will likely have to compile the Nitrokey app yourself to get it working with the Librem Key. On Linux, you can obtain an up-to-date version from [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app). + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +#### Minimum Requirements + +- Must use high quality, tamper resistant hardware security modules. +- Must support the latest FIDO2 specification. +- Must not allow private key extraction. +- Devices which cost over $35 must support handling OpenPGP and S/MIME. + +#### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should be available in USB-C form-factor. +- Should be available with NFC. +- Should support TOTP secret storage. +- Should support secure firmware updates. + +## Authenticator Apps + +Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be. + +We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems. + +### Aegis Authenticator (Android) + +!!! recommendation + + ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ align=right } + + **Aegis Authenticator** is a free, secure and open-source app to manage your 2-step verification tokens for your online services. + + [:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary } + [:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis) + - [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases) + +### Raivo OTP (iOS) + +!!! recommendation + + ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ align=right } + + **Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app. + + [:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" } + [:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must be open-source software. +- Must not require internet connectivity. +- Must not sync to a third-party cloud sync/backup service. + - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. diff --git a/i18n/ku/news-aggregators.md b/i18n/ku/news-aggregators.md new file mode 100644 index 000000000..2dad5ac09 --- /dev/null +++ b/i18n/ku/news-aggregators.md @@ -0,0 +1,172 @@ +--- +title: "News Aggregators" +icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. +--- + +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. + +## Aggregator clients + +### Akregator + +!!! recommendation + + ![Akregator logo](assets/img/news-aggregators/akregator.svg){ align=right } + + **Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading. + + [:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary } + [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation} + [:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" } + [:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.akregator) + +### Feeder + +!!! recommendation + + ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right } + + **Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). + + [:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" } + [:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play) + +### Fluent Reader + +!!! recommendation + + ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right } + + **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md). + + [:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://hyliu.me/fluent-reader) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427) + +### GNOME Feeds + +!!! recommendation + + ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ align=right } + + **GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast. + + [:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" } + [:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-linux: Linux](https://gfeeds.gabmus.org/#install) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gabmus.gfeeds) + +### Miniflux + +!!! recommendation + + ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right } + ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right } + + **Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). + + [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary } + [:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" } + [:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute } + +### NetNewsWire + +!!! recommendation + + ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ align=right } + + **NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Twitter and Reddit feeds. + + [:octicons-home-16: Homepage](https://netnewswire.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210) + - [:simple-apple: macOS](https://netnewswire.com) + +### Newsboat + +!!! recommendation + + ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ align=right } + + **Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell). + + [:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" } + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must be open-source software. +- Must operate locally, i.e. must not be a cloud service. + +## Social Media RSS Support + +Some social media services also support RSS although it's not often advertised. + +### Reddit + +Reddit allows you to subscribe to subreddits via RSS. + +!!! example + Replace `subreddit_name` with the subreddit you wish to subscribe to. + + ```text + https://www.reddit.com/r/{{ subreddit_name }}/new/.rss + ``` + +### Twitter + +Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instances) you can easily subscribe using RSS. + +!!! example + 1. Pick an instance and set `nitter_instance`. + 2. Replace `twitter_account` with the account name. + + ```text + https://{{ nitter_instance }}/{{ twitter_account }}/rss + ``` + +### YouTube + +You can subscribe YouTube channels without logging in and associating usage information with your Google Account. + +!!! example + + To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `[CHANNEL ID]` below: + ```text + https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] + ``` diff --git a/i18n/ku/notebooks.md b/i18n/ku/notebooks.md new file mode 100644 index 000000000..0739f6680 --- /dev/null +++ b/i18n/ku/notebooks.md @@ -0,0 +1,114 @@ +--- +title: "Notebooks" +icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. +--- + +Keep track of your notes and journalings without giving them to a third-party. + +If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE. + +## Cloud-based + +### Joplin + +!!! recommendation + + ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right } + + **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes. + + [:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" } + [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/joplin/id1315599797) + - [:simple-github: GitHub](https://github.com/laurent22/joplin-android/releases) + - [:simple-windows11: Windows](https://joplinapp.org/#desktop-applications) + - [:simple-apple: macOS](https://joplinapp.org/#desktop-applications) + - [:simple-linux: Linux](https://joplinapp.org/#desktop-applications) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek) + +Joplin does not support password/PIN protection for the [application itself or individual notes and notebooks](https://github.com/laurent22/joplin/issues/289). However, your data is still encrypted in transit and at the sync location using your master key. Since January 2023, Joplin supports biometrics app lock for [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) and [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). + +### Standard Notes + +!!! recommendation + + ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } + + **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). + + [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" } + [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1285392450) + - [:simple-github: GitHub](https://github.com/standardnotes/app/releases) + - [:simple-windows11: Windows](https://standardnotes.com) + - [:simple-apple: macOS](https://standardnotes.com) + - [:simple-linux: Linux](https://standardnotes.com) + - [:octicons-globe-16: Web](https://app.standardnotes.com/) + +### Cryptee + +!!! recommendation + + ![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right } + ![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right } + + **Cryptee** is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform. + + [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary } + [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" } + + ??? downloads + + - [:octicons-globe-16: PWA](https://crypt.ee/download) + +Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information. + +## Local notebooks + +### Org-mode + +!!! recommendation + + ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right } + + **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools. + + [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation} + [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" } + [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute } + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Clients must be open-source. +- Any cloud sync functionality must be E2EE. +- Must support exporting documents into a standard format. + +### Best Case + +- Local backup/sync functionality should support encryption. +- Cloud-based platforms should support document sharing. diff --git a/i18n/ku/os/android-overview.md b/i18n/ku/os/android-overview.md new file mode 100644 index 000000000..a78631a2a --- /dev/null +++ b/i18n/ku/os/android-overview.md @@ -0,0 +1,169 @@ +--- +title: Android Overview +icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. +--- + +Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. + +## Choosing an Android Distribution + +When you buy an Android phone, the device's default operating system often comes with invasive integration with apps and services that are not part of the [Android Open-Source Project](https://source.android.com/). An example of such is Google Play Services, which has irrevocable privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, hardware identifiers, and so on. These apps and services increase the attack surface of your device and are the source of various privacy concerns with Android. + +This problem could be solved by using a custom Android distribution that does not come with such invasive integration. Unfortunately, many custom Android distributions often violate the Android security model by not supporting critical security features such as AVB, rollback protection, firmware updates, and so on. Some distributions also ship [`userdebug`](https://source.android.com/setup/build/building#choose-a-target) builds which expose root via [ADB](https://developer.android.com/studio/command-line/adb) and require [more permissive](https://github.com/LineageOS/android_system_sepolicy/search?q=userdebug&type=code) SELinux policies to accommodate debugging features, resulting in a further increased attack surface and weakened security model. + +Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria. + +[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button} + +## Avoid Rooting + +[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses. + +Adblockers, which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted [DNS](../dns.md) or [VPN](../vpn.md) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server. + +AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations. + +We do not believe that the security sacrifices made by rooting a phone are worth the questionable privacy benefits of those apps. + +## Verified Boot + +[Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. It provides protection against [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, malware persistence, and ensures security updates cannot be downgraded with [rollback protection](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection). + +Android 10 and above has moved away from full-disk encryption to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based). Your data is encrypted using unique encryption keys, and the operating system files are left unencrypted. + +Verified Boot ensures the integrity of the operating system files, thereby preventing an adversary with physical access from tampering or installing malware on the device. In the unlikely case that malware is able to exploit other parts of the system and gain higher privileged access, Verified Boot will prevent and revert changes to the system partition upon rebooting the device. + +Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended. + +Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage. + +## Firmware Updates + +Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin). + +As the components of the phone, such as the processor and radio technologies rely on closed-source components, the updates must be provided by the respective manufacturers. Therefore, it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC and they will provide a minimum of 5 years of support. + +EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed. + +Fairphone, for example, markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates. + +## Android Versions + +It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution. + +## Android Permissions + +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. + +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. + +## Media Access + +Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter. + +## User Profiles + +Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android. + +With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation. + +## Work Profile + +[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles. + +A **device controller** app such as [Shelter](#recommended-apps) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one. + +The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside of the work profile. + +This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously. + +## VPN Killswitch + +Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**. + +## Global Toggles + +Modern Android devices have global toggles for disabling Bluetooth and location services. Android 12 introduced toggles for the camera and microphone. When not in use, we recommend disabling these features. Apps cannot use disabled features (even if granted individual permission) until re-enabled. + +## Google + +If you are using a device with Google services, either your stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS, there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play. + +### Advanced Protection Program + +If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) support. + +The Advanced Protection Program provides enhanced threat monitoring and enables: + +- Stricter two factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](https://en.wikipedia.org/wiki/OAuth) +- Only Google and verified third-party apps can access account data +- Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts +- Stricter [safe browser scanning](https://www.google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome +- Stricter recovery process for accounts with lost credentials + + If you use non-sandboxed Google Play Services (common on stock operating systems), the Advanced Protection Program also comes with [additional benefits](https://support.google.com/accounts/answer/9764949?hl=en) such as: + +- Not allowing app installation outside of the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) +- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) +- Warning you about unverified applications + +### Google Play System Updates + +In the past, Android security updates had to be shipped by the operating system vendor. Android has become more modular beginning with Android 10, and Google can push security updates for **some** system components via the privileged Play Services. + +If you have an EOL device shipped with Android 10 or above and are unable to run any of our recommended operating systems on your device, you are likely going to be better off sticking with your OEM Android installation (as opposed to an operating system not listed here such as LineageOS or /e/ OS). This will allow you to receive **some** security fixes from Google, while not violating the Android security model by using an insecure Android derivative and increasing your attack surface. We would still recommend upgrading to a supported device as soon as possible. + +### Advertising ID + +All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) used for targeted advertising. Disable this feature to limit the data collected about you. + +On Android distributions with [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to :gear: **Settings** → **Apps** → **Sandboxed Google Play** → **Google Settings** → **Ads**, and select *Delete advertising ID*. + +On Android distributions with privileged Google Play Services (such as stock OSes), the setting may be in one of several locations. Check + +- :gear: **Settings** → **Google** → **Ads** +- :gear: **Settings** → **Privacy** → **Ads** + +You will either be given the option to delete your advertising ID or to *Opt out of interest-based ads*, this varies between OEM distributions of Android. If presented with the option to delete the advertising ID that is preferred. If not, then make sure to opt out and reset your advertising ID. + +### SafetyNet and Play Integrity API + +[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. + +As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. diff --git a/i18n/ku/os/linux-overview.md b/i18n/ku/os/linux-overview.md new file mode 100644 index 000000000..8ec2c9e78 --- /dev/null +++ b/i18n/ku/os/linux-overview.md @@ -0,0 +1,142 @@ +--- +title: Linux Overview +icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. +--- + +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. + +At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: + +- A verified boot chain, like Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS' [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack) +- A strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go +- Strong [exploit mitigations](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations) + +Despite these drawbacks, desktop Linux distributions are great if you want to: + +- Avoid telemetry that often comes with proprietary operating systems +- Maintain [software freedom](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms) +- Have privacy focused systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/) + +Our website generally uses the term “Linux” to describe desktop Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed here. + +[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button} + +## Choosing your distribution + +Not all Linux distributions are created equal. While our Linux recommendation page is not meant to be an authoritative source on which distribution you should use, there are a few things you should keep in mind when choosing which distribution to use. + +### Release cycle + +We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates. + +For frozen distributions such as [Debian](https://www.debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release. + +We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this: + +
+ +
+ +### Traditional vs Atomic updates + +Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating. + +Atomic updating distributions apply updates in full or not at all. Typically, transactional update systems are also atomic. + +A transactional update system creates a snapshot that is made before and after an update is applied. If an update fails at any time (perhaps due to a power failure), the update can be easily rolled back to a “last known good state." + +The Atomic update method is used for immutable distributions like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue: + +
+ +
+ +### “Security-focused” distributions + +There is often some confusion between “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use. + +### Arch-based distributions + +Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own. + +For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). + +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to use third-party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora. + +If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend mainline Arch Linux, not any of its derivatives. We recommend against these two Arch derivatives specifically: + +- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories. +- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks. + +### Kicksecure + +While we strongly recommend against using outdated distributions like Debian, there is a Debian based operating system that has been hardened to be much more secure than typical Linux distributions: [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. + +### Linux-libre kernel and “Libre” distributions + +We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons. + +## General Recommendations + +### Drive Encryption + +Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device: + +- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) + +### Swap + +Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM). + +### Wayland + +We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it was developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland. + +Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)). + +We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3. + +### Proprietary Firmware (Microcode Updates) + +Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) don’t come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates that often patch vulnerabilities. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html). + +We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default. + +### Updates + +Most Linux distributions will automatically install updates or remind you to do so. It is important to keep your OS up to date so that your software is patched when a vulnerability is found. + +Some distributions (particularly those aimed at advanced users) are more barebones and expect you to do things yourself (e.g. Arch or Debian). These will require running the "package manager" (`apt`, `pacman`, `dnf`, etc.) manually in order to receive important security updates. + +Additionally, some distributions will not download firmware updates automatically. For that you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd). + +## Privacy Tweaks + +### MAC Address Randomization + +Many desktop Linux distributions (Fedora, openSUSE, etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings. + +It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous. + +We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/). + +If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=). + +There isn’t many points in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fi’s firmware. + +### Other Identifiers + +There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../basics/threat-modeling.md): + +- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings. +- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name. +- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id). + +### System Counting + +The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary. + +This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. + +openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. diff --git a/i18n/ku/os/qubes-overview.md b/i18n/ku/os/qubes-overview.md new file mode 100644 index 000000000..17b286b9f --- /dev/null +++ b/i18n/ku/os/qubes-overview.md @@ -0,0 +1,55 @@ +--- +title: "Qubes Overview" +icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. +--- + +[**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). + +## How does Qubes OS work? + +Qubes uses [compartmentalization](https://www.qubes-os.org/intro/) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) virtual machines. + +![Qubes architecture](../assets/img/qubes/qubes-trust-level-architecture.png) +
Qubes Architecture, Credit: What is Qubes OS Intro
+ +Each Qubes application has a [colored border](https://www.qubes-os.org/screenshots/) that can help you keep track of the virtual machine it is running in. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser. + +![Colored border](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png) +
Qubes window borders, Credit: Qubes Screenshots
+ +## Why Should I use Qubes? + +Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong compartmentalization and security, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources. + +Qubes OS utilizes [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM (i.e., an "AdminVM") for controlling other guest VMs or Qubes on the host OS. Other VMs display individual application windows within Dom0's desktop environment. It allows you to color code windows based on trust levels and run apps that can interact with each other with very granular control. + +### Copying and Pasting Text + +You can [copy and paste text](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/) using `qvm-copy-to-vm` or the below instructions: + +1. Press **Ctrl+C** to tell the VM you're in that you want to copy something. +2. Press **Ctrl+Shift+C** to tell the VM to make this buffer available to the global clipboard. +3. Press **Ctrl+Shift+V** in the destination VM to make the global clipboard available. +4. Press **Ctrl+V** in the destination VM to paste the contents in the buffer. + +### File Exchange + +To copy and paste files and directories (folders) from one VM to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. The difference is that the **Move** option will delete the original file. Either option will protect your clipboard from being leaked to any other Qubes. This is more secure than air-gapped file transfer because an air-gapped computer will still be forced to parse partitions or file systems. That is not required with the inter-qube copy system. + +??? info "AppVMs or qubes do not have their own file systems" + + You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between Qubes. When doing so the changes aren't immediately made and can be easily undone in case of an accident. + +### Inter-VM Interactions + +The [qrexec framework](https://www.qubes-os.org/doc/qrexec/) is a core part of Qubes which allows virtual machine communication between domains. It is built on top of the Xen library *vchan*, which facilitates [isolation through policies](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/). + +## Additional Resources + +For additional information we encourage you to consult the extensive Qubes OS documentation pages located on the [Qubes OS Website](https://www.qubes-os.org/doc/). Offline copies can be downloaded from the Qubes OS [documentation repository](https://github.com/QubesOS/qubes-doc). + +- Open Technology Fund: [*Arguably the world's most secure operating system*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/) +- J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) +- J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) +- Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) diff --git a/i18n/ku/passwords.md b/i18n/ku/passwords.md new file mode 100644 index 000000000..e81f1186e --- /dev/null +++ b/i18n/ku/passwords.md @@ -0,0 +1,229 @@ +--- +title: "Password Managers" +icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. +--- + +Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. + +[Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md) + +!!! info + + Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features standalone offerings have. + + For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/en-us/HT202303) offers E2EE by default. + +## Cloud-based + +These password managers sync your passwords to a cloud server for easy accessibility from all your devices and safety against device loss. + +### Bitwarden + +!!! recommendation + + ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right } + + **Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. + + [:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden) + - [:simple-appstore: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744) + - [:simple-github: GitHub](https://github.com/bitwarden/mobile/releases) + - [:simple-windows11: Windows](https://bitwarden.com/download) + - [:simple-linux: Linux](https://bitwarden.com/download) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb) + - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh) + +Bitwarden also features [Bitwarden Send](https://bitwarden.com/products/send/), which allows you to share text and files securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan). + +You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) to be able to share files. The free plan only allows text sharing. + +Bitwarden's server-side code is [open-source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server. + +**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code. + +[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden ""){.md-button} [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation} +[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } +[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute } + +### 1Password + +!!! recommendation + + ![1Password logo](assets/img/password-management/1password.svg){ align=right } + + **1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up/). 1Password is [audited](https://support.1password.com/security-assessments/) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf). + + [:octicons-home-16: Homepage](https://1password.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://support.1password.com/1password-privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.1password.com/){ .card-link title=Documentation} + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1511601750?mt=8) + - [:simple-windows11: Windows](https://1password.com/downloads/windows/) + - [:simple-apple: macOS](https://1password.com/downloads/mac/) + - [:simple-linux: Linux](https://1password.com/downloads/linux/) + +Traditionally, **1Password** has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. It boasts many features geared towards families and less technical people, as well as advanced functionality. + +Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data. + +One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password's clients also have a more intuitive UI, which makes them easier to use and navigate. + +### Psono + +!!! recommendation + + ![Psono logo](assets/img/password-management/psono.svg){ align=right } + + **Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password. + + [:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://doc.psono.com){ .card-link title=Documentation} + [:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo) + - [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client) + +Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features. + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +#### Minimum Requirements + +- Must utilize strong, standards-based/modern E2EE. +- Must have thoroughly documented encryption and security practices. +- Must have a published audit from a reputable, independent third-party. +- All non-essential telemetry must be optional. +- Must not collect more PII than is necessary for billing purposes. + +#### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Telemetry should be opt-in (disabled by default) or not collected at all. +- Should be open-source and reasonably self-hostable. + +## Local Storage + +These options allow you to manage an encrypted password database locally. + +### KeePassXC + +!!! recommendation + + ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ align=right } + + **KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, cross-platform and modern open-source password manager. + + [:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" } + [:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) + - [:simple-apple: macOS](https://keepassxc.org/download/#mac) + - [:simple-linux: Linux](https://keepassxc.org/download/#linux) + - [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) + +KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually. + +### KeePassDX (Android) + +!!! recommendation + + ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right } + + **KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development. + + [:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) + - [:simple-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases) + +### Strongbox (iOS & macOS) + +!!! recommendation + + ![Strongbox logo](assets/img/password-management/strongbox.svg){ align=right } + + **Strongbox** is a native, open-source password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a [freemium model](https://strongboxsafe.com/pricing/), Strongbox offers most features under its free tier with more convenience-oriented [features](https://strongboxsafe.com/comparison/)—such as biometric authentication—locked behind a subscription or perpetual license. + + [:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://strongboxsafe.com/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://strongboxsafe.com/getting-started/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/strongbox-password-safe/Strongbox){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title=Contribute } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/app/strongbox-keepass-pwsafe/id897283731) + +Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). This version is stripped down in an attempt to reduce attack surface. + +### Command-line + +These products are minimal password managers that can be used within scripting applications. + +#### gopass + +!!! recommendation + + ![gopass logo](assets/img/password-management/gopass.svg){ align=right } + + **gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows). + + [:octicons-home-16: Homepage](https://www.gopass.pw){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://www.gopass.pw/#install-windows) + - [:simple-apple: macOS](https://www.gopass.pw/#install-macos) + - [:simple-linux: Linux](https://www.gopass.pw/#install-linux) + - [:simple-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must be cross-platform. diff --git a/i18n/ku/productivity.md b/i18n/ku/productivity.md new file mode 100644 index 000000000..4490325da --- /dev/null +++ b/i18n/ku/productivity.md @@ -0,0 +1,155 @@ +--- +title: "Productivity Tools" +icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. +--- + +Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. + +## Collaboration Platforms + +### Nextcloud + +!!! recommendation + + ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } + + **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + + [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } + [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) + - [:simple-github: GitHub](https://github.com/nextcloud/android/releases) + - [:simple-windows11: Windows](https://nextcloud.com/install/#install-clients) + - [:simple-apple: macOS](https://nextcloud.com/install/#install-clients) + - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud) + +!!! danger + + We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers. + +### CryptPad + +!!! recommendation + + ![CryptPad logo](assets/img/productivity/cryptpad.svg){ align=right } + + **CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. + + [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.cryptpad.fr/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" } + [:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute } + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to collaboration platforms like Google Drive. + +- Open-source. +- Makes files accessible via WebDAV unless it is impossible due to E2EE. +- Has sync clients for Linux, macOS, and Windows. +- Supports document and spreadsheet editing. +- Supports real-time document collaboration. +- Supports exporting documents to standard document formats (e.g. ODF). + +#### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should store files in a conventional filesystem. +- Should support TOTP or FIDO2 multi-factor authentication support, or Passkey logins. + +## Office Suites + +### LibreOffice + +!!! recommendation + + ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ align=right } + + **LibreOffice** is a free and open-source office suite with extensive functionality. + + [:octicons-home-16: Homepage](https://www.libreoffice.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://documentation.libreoffice.org/en/english-documentation/){ .card-link title=Documentation} + [:octicons-code-16:](https://www.libreoffice.org/about-us/source-code){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.libreoffice.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://www.libreoffice.org/download/android-and-ios/) + - [:simple-appstore: App Store](https://www.libreoffice.org/download/android-and-ios/) + - [:simple-windows11: Windows](https://www.libreoffice.org/download/download/) + - [:simple-apple: macOS](https://www.libreoffice.org/download/download/) + - [:simple-linux: Linux](https://www.libreoffice.org/download/download/) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.libreoffice.LibreOffice) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/editors/libreoffice/) + +### OnlyOffice + +!!! recommendation + + ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ align=right } + + **OnlyOffice** is a cloud-based free and open-source office suite with extensive functionality, including integration with Nextcloud. + + [:octicons-home-16: Homepage](https://www.onlyoffice.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://helpcenter.onlyoffice.com/userguides.aspx){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ONLYOFFICE){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onlyoffice.documents) + - [:simple-appstore: App Store](https://apps.apple.com/app/id944896972) + - [:simple-windows11: Windows](https://www.onlyoffice.com/download-desktop.aspx) + - [:simple-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx) + - [:simple-linux: Linux](https://www.onlyoffice.com/download-desktop.aspx) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.onlyoffice.desktopeditors) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +In general, we define office suites as applications which could reasonably act as a replacement for Microsoft Word for most needs. + +- Must be cross-platform. +- Must be open-source software. +- Must function offline. +- Must support editing documents, spreadsheets, and slideshows. +- Must export files to standard document formats. + +## Paste services + +### PrivateBin + +!!! recommendation + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin. There is a [list of instances](https://privatebin.info/directory/). + + [:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary } + [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} + [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } diff --git a/i18n/ku/real-time-communication.md b/i18n/ku/real-time-communication.md new file mode 100644 index 000000000..68f9d767b --- /dev/null +++ b/i18n/ku/real-time-communication.md @@ -0,0 +1,194 @@ +--- +title: "Real-Time Communication" +icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. +--- + +These are our recommendations for encrypted real-time communication. + +[Types of Communication Networks :material-arrow-right-drop-circle:](./advanced/communication-network-types.md) + +## Encrypted Messengers + +These messengers are great for securing your sensitive communications. + +### Signal + +!!! recommendation + + ![Signal logo](assets/img/messengers/signal.svg){ align=right } + + **Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. + + All communications are E2EE. Contact lists are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with. + + [:octicons-home-16: Homepage](https://signal.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.signal.org/hc/en-us){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/signalapp){ .card-link title="Source Code" } + [:octicons-heart-16:](https://signal.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms) + - [:simple-appstore: App Store](https://apps.apple.com/app/id874139669) + - [:simple-android: Android](https://signal.org/android/apk/) + - [:simple-windows11: Windows](https://signal.org/download/windows) + - [:simple-apple: macOS](https://signal.org/download/macos) + - [:simple-linux: Linux](https://signal.org/download/linux) + +Signal supports [private groups](https://signal.org/blog/signal-private-group-system/). The server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam. Signal requires your phone number as a personal identifier. + +The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/). + +We have some additional tips on configuring and hardening your Signal installation: + +[Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) + +### SimpleX Chat + +!!! recommendation + + ![Simplex logo](assets/img/messengers/simplex.svg){ align=right } + + **SimpleX** Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations. + + [:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/simplex-chat/simplex-chat/tree/stable/docs){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/simplex-chat){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=chat.simplex.app) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/simplex-chat/id1605771084) + - [:simple-github: GitHub](https://github.com/simplex-chat/simplex-chat/releases) + +SimpleX Chat [was audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) by Trail of Bits in October 2022. + +Currently SimpleX Chat only provides a client for Android and iOS. Basic group chatting functionality, direct messaging, editing of messages and markdown are supported. E2EE Audio and Video calls are also supported. + +Your data can be exported, and imported onto another device, as there are no central servers where this is backed up. + +### Briar + +!!! recommendation + + ![Briar logo](assets/img/messengers/briar.svg){ align=right } + + **Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works/) to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem. + + [:octicons-home-16: Homepage](https://briarproject.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://briarproject.org/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://code.briarproject.org/briar/briar/-/wikis/home){ .card-link title=Documentation} + [:octicons-code-16:](https://code.briarproject.org/briar/briar){ .card-link title="Source Code" } + [:octicons-heart-16:](https://briarproject.org/){ .card-link title="Donation options are listed on the bottom of the homepage" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.briarproject.briar.android) + - [:simple-windows11: Windows](https://briarproject.org/download-briar-desktop/) + - [:simple-linux: Linux](https://briarproject.org/download-briar-desktop/) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.briarproject.Briar) + +To add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby. + +The client software was independently [audited](https://briarproject.org/news/2017-beta-released-security-audit/), and the anonymous routing protocol uses the Tor network which has also been audited. + +Briar has a fully [published specification](https://code.briarproject.org/briar/briar-spec). + +Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol. + +## Additional Options + +!!! warning + + These messengers do not have Perfect [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) (PFS), and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications. + +### Element + +!!! recommendation + + ![Element logo](assets/img/messengers/element.svg){ align=right } + + **Element** is the reference client for the [Matrix](https://matrix.org/docs/guides/introduction) protocol, an [open standard](https://matrix.org/docs/spec) for secure decentralized real-time communication. + + Messages and files shared in private rooms (those which require an invite) are by default E2EE as are one to one voice and video calls. + + [:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://element.io/help){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app) + - [:simple-appstore: App Store](https://apps.apple.com/app/vector/id1083446067) + - [:simple-github: GitHub](https://github.com/vector-im/element-android/releases) + - [:simple-windows11: Windows](https://element.io/get-started) + - [:simple-apple: macOS](https://element.io/get-started) + - [:simple-linux: Linux](https://element.io/get-started) + - [:octicons-globe-16: Web](https://app.element.io) + +Profile pictures, reactions, and nicknames are not encrypted. + +Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings. + +The Matrix protocol itself [theoretically supports PFS](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history. + +The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/). + +### Session + +!!! recommendation + + ![Session logo](assets/img/messengers/session.svg){ align=right } + + **Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls. + + Session uses the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network. + + [:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1470168868) + - [:simple-github: GitHub](https://github.com/oxen-io/session-android/releases) + - [:simple-windows11: Windows](https://getsession.org/download) + - [:simple-apple: macOS](https://getsession.org/download) + - [:simple-linux: Linux](https://getsession.org/download) + +Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design. + +Session does [not](https://getsession.org/blog/session-protocol-technical-information) support PFS, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information. + +Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.” + +Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must have open-source clients. +- Must use E2EE for private messages by default. +- Must support E2EE for all messages. +- Must have been independently audited. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should have Perfect Forward Secrecy. +- Should have open-source servers. +- Should be decentralized, i.e. federated or P2P. +- Should use E2EE for all messages by default. +- Should support Linux, macOS, Windows, Android, and iOS. diff --git a/i18n/ku/router.md b/i18n/ku/router.md new file mode 100644 index 000000000..a494c017d --- /dev/null +++ b/i18n/ku/router.md @@ -0,0 +1,50 @@ +--- +title: "Router Firmware" +icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. +--- + +Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. + +## OpenWrt + +!!! recommendation + + ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ align=right } + ![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ align=right } + + **OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers. + + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/openwrt/openwrt){ .card-link title="Source Code" } + [:octicons-heart-16:](https://openwrt.org/donate){ .card-link title=Contribute } + +You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported. + +## OPNsense + +!!! recommendation + + ![OPNsense logo](assets/img/router/opnsense.svg){ align=right } + + **OPNsense** is an open source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint. + + [:octicons-home-16: Homepage](https://opnsense.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://docs.opnsense.org/index.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/opnsense){ .card-link title="Source Code" } + [:octicons-heart-16:](https://opnsense.org/donate/){ .card-link title=Contribute } + +OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.org/wiki/PfSense), and both projects are noted for being free and reliable firewall distributions which offer features often only found in expensive commercial firewalls. Launched in 2015, the developers of OPNsense [cited](https://docs.opnsense.org/history/thefork.html) a number of security and code-quality issues with pfSense which they felt necessitated a fork of the project, as well as concerns about Netgate's majority acquisition of pfSense and the future direction of the pfSense project. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must be open source. +- Must receive regular updates. +- Must support a wide variety of hardware. diff --git a/i18n/ku/search-engines.md b/i18n/ku/search-engines.md new file mode 100644 index 000000000..911525d7d --- /dev/null +++ b/i18n/ku/search-engines.md @@ -0,0 +1,108 @@ +--- +title: "Search Engines" +icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. +--- + +Use a search engine that doesn't build an advertising profile based on your searches. + +The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored. + +Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider. + +## Brave Search + +!!! recommendation + + ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right } + + **Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives. + + Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts. + + We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings. + + [:octicons-home-16: Homepage](https://search.brave.com/){ .md-button .md-button--primary } + [:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation} + +Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained. + +## DuckDuckGo + +!!! recommendation + + ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ align=right } + + **DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features/). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources/) for instant answers and other non-primary results. + + DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser. + + [:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary } + [:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://help.duckduckgo.com/){ .card-link title=Documentation} + +DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information. + +DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version. + +## SearXNG + +!!! recommendation + + ![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right } + + **SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx). + + [:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary } + [:octicons-server-16:](https://searx.space/){ .card-link title="Public Instances"} + [:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" } + +SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from. + +When self-hosting, it is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as people looking up illegal content on your instance could draw unwanted attention from authorities. + +When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII. + +## Startpage + +!!! recommendation + + ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right } + ![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right } + + **Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead. + + [:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.startpage.com/hc/en-us/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation} + +!!! warning + + Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider. + +Startpage is based in the Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information. + +Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Requirements + +- Must not collect personally identifiable information per their privacy policy. +- Must not allow users to create an account with them. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should be based on open-source software. +- Should not block Tor exit node IP addresses. diff --git a/i18n/ku/tools.md b/i18n/ku/tools.md new file mode 100644 index 000000000..ef945a945 --- /dev/null +++ b/i18n/ku/tools.md @@ -0,0 +1,475 @@ +--- +title: "Privacy Tools" +icon: material/tools +hide: + - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. +--- + +If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. + +If you want assistance figuring out the best privacy tools and alternative programs for your needs, start a discussion on our [forum](https://discuss.privacyguides.net/) or our [Matrix](https://matrix.to/#/#privacyguides:matrix.org) community! + +For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page. + +## Tor Network + +
+ +- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](tor.md#tor-browser) +- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot) +- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](tor.md#snowflake) (1) + +
+ +1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy. + +[Learn more :material-arrow-right-drop-circle:](tor.md) + +## Desktop Web Browsers + +
+ +- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox) +- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave) + +
+ +[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md) + +### Additional Resources + +
+ +- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin) + +
+ +[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources) + +## Mobile Web Browsers + +
+ +- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Android)](mobile-browsers.md#brave) +- ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](mobile-browsers.md#safari) + +
+ +[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md) + +### Additional Resources + +
+ +- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard) + +
+ +[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md#adguard) + +## Operating Systems + +### Mobile + +
+ +- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji } [GrapheneOS](android.md#grapheneos) +- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji } [DivestOS](android.md#divestos) + +
+ +[Learn more :material-arrow-right-drop-circle:](android.md) + +#### Android Apps + +
+ +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer) + +
+ +[Learn more :material-arrow-right-drop-circle:](android.md#general-apps) + +### Desktop/PC + +
+ +- ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ .twemoji } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os) +- ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ .twemoji } [Fedora Workstation](desktop.md#fedora-workstation) +- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed) +- ![Arch logo](assets/img/linux-desktop/archlinux.svg){ .twemoji } [Arch Linux](desktop.md#arch-linux) +- ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ .twemoji } [Fedora Silverblue & Kinoite](desktop.md#fedora-silverblue) +- ![nixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji } [NixOS](desktop.md#nixos) +- ![Whonix logo](assets/img/linux-desktop/whonix.svg){ .twemoji } [Whonix (Tor)](desktop.md#whonix) +- ![Tails logo](assets/img/linux-desktop/tails.svg){ .twemoji } [Tails (Live Boot)](desktop.md#tails) + +
+ +[Learn more :material-arrow-right-drop-circle:](desktop.md) + +### Router Firmware + +
+ +- ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt) +- ![OPNsense logo](assets/img/router/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense) + +
+ +[Learn more :material-arrow-right-drop-circle:](router.md) + +## Service Providers + +### Cloud Storage + +
+ +- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive) + +
+ +[Learn more :material-arrow-right-drop-circle:](cloud.md) + +### DNS + +#### DNS Providers + +We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended. + +[Learn more :material-arrow-right-drop-circle:](dns.md) + +#### Encrypted DNS Proxies + +
+ +- ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ .twemoji }![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ .twemoji } [RethinkDNS](dns.md#rethinkdns) +- ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy) + +
+ +[Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies) + +#### Self-hosted Solutions + +
+ +- ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ .twemoji } [AdGuard Home](dns.md#adguard-home) +- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji } [Pi-hole](dns.md#pi-hole) + +
+ +[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions) + +### Email + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
+ +[Learn more :material-arrow-right-drop-circle:](email.md) + +#### Email Aliasing Services + +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ +[Learn more :material-arrow-right-drop-circle:](email.md#email-aliasing-services) + +#### Self-Hosting Email + +
+ +- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email) +- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email) + +
+ +[Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) + +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + +### Search Engines + +
+ +- ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji } [Brave Search](search-engines.md#brave-search) +- ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji } [DuckDuckGo](search-engines.md#duckduckgo) +- ![SearXNG logo](assets/img/search-engines/searxng.svg){ .twemoji } [SearXNG](search-engines.md#searxng) +- ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ .twemoji } [Startpage](search-engines.md#startpage) + +
+ +[Learn more :material-arrow-right-drop-circle:](search-engines.md) + +### VPN Providers + +??? danger "VPNs do not provide anonymity" + + Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. + + If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + + If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + + [Learn more :material-arrow-right-drop-circle:](vpn.md) + +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) + +
+ +[Learn more :material-arrow-right-drop-circle:](vpn.md) + +## Software + +### Calendar Sync + +
+ +- ![Tutanota logo](assets/img/calendar/tutanota.svg){ .twemoji } [Tutanota](calendar.md#tutanota) +- ![Proton Calendar logo](assets/img/calendar/proton-calendar.svg){ .twemoji } [Proton Calendar](calendar.md#proton-calendar) + +
+ +[Learn more :material-arrow-right-drop-circle:](calendar.md) + +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + +### Data and Metadata Redaction + +
+ +- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2) +- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android) +- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios) +- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur) +- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool) + +
+ +[Learn more :material-arrow-right-drop-circle:](data-redaction.md) + +### Email Clients + +
+ +- ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ .twemoji } [Thunderbird](email-clients.md#thunderbird) +- ![Apple Mail logo](assets/img/email-clients/applemail.png){ .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail-macos) +- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail-ios) +- ![FairEmail logo](assets/img/email-clients/fairemail.svg){ .twemoji } [FairEmail (Android)](email-clients.md#fairemail-android) +- ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome) +- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android) +- ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde) +- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser) +- ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli) + +
+ +[Learn more :material-arrow-right-drop-circle:](email-clients.md) + +### Encryption Software + +??? info "Operating System Disk Encryption" + + For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems. + + [Learn more :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde) + +
+ +- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji } [Cryptomator](encryption.md#cryptomator-cloud) +- ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](encryption.md#picocrypt-file) +- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt-disk) +- ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh) +- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor) +- ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb) + +
+ +[Learn more :material-arrow-right-drop-circle:](encryption.md) + +#### OpenPGP Clients + +
+ +- ![GnuPG logo](assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](encryption.md#gnu-privacy-guard) +- ![GPG4Win logo](assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](encryption.md#gpg4win) +- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite) +- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain) + +
+ +[Learn more :material-arrow-right-drop-circle:](encryption.md#openpgp) + +### File Sharing and Sync + +
+ +- ![Send logo](assets/img/file-sharing-sync/send.svg){ .twemoji } [Send](file-sharing.md#send) +- ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](file-sharing.md#onionshare) +- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji } [FreedomBox](file-sharing.md#freedombox) +- ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](productivity.md#nextcloud) +- ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](file-sharing.md#syncthing) + +
+ +[Learn more :material-arrow-right-drop-circle:](file-sharing.md) + +### Frontends + +
+ +- ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](frontends.md#librarian) +- ![Nitter logo](assets/img/frontends/nitter.svg){ .twemoji } [Nitter (Twitter, Web)](frontends.md#nitter) +- ![FreeTube logo](assets/img/frontends/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](frontends.md#freetube) +- ![Yattee logo](assets/img/frontends/yattee.svg){ .twemoji } [Yattee (YouTube; iOS, tvOS, macOS)](frontends.md#yattee) +- ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ .twemoji }![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ .twemoji } [LibreTube (YouTube, Android)](frontends.md#libretube-android) +- ![NewPipe logo](assets/img/frontends/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](frontends.md#newpipe-android) +- ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](frontends.md#invidious) +- ![Piped logo](assets/img/frontends/piped.svg){ .twemoji } [Piped (YouTube, Web)](frontends.md#piped) + +
+ +[Learn more :material-arrow-right-drop-circle:](frontends.md) + +### Multi-Factor Authentication Tools + +
+ +- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey) +- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key) +- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator) +- ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp) + +
+ +[Learn more :material-arrow-right-drop-circle:](multi-factor-authentication.md) + +### News Aggregators + +
+ +- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator) +- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder) +- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader) +- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds) +- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux) +- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire) +- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat) + +
+ +[Learn more :material-arrow-right-drop-circle:](news-aggregators.md) + +### Notebooks + +
+ +- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin) +- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes) +- ![Cryptee logo](assets/img/notebooks/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/notebooks/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](notebooks.md#cryptee) +- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode) + +
+ +[Learn more :material-arrow-right-drop-circle:](notebooks.md) + +### Password Managers + +
+ +- ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](passwords.md#bitwarden) +- ![1Password logo](assets/img/password-management/1password.svg){ .twemoji } [1Password](passwords.md#1password) +- ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono) +- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc) +- ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx-android) +- ![Strongbox logo](assets/img/password-management/strongbox.svg){ .twemoji } [Strongbox (iOS & macOS)](passwords.md#strongbox-ios-macos) +- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass) + +
+ +[Learn more :material-arrow-right-drop-circle:](passwords.md) + +### Productivity Tools + +
+ +- ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](productivity.md#nextcloud) +- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji } [LibreOffice](productivity.md#libreoffice) +- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji } [OnlyOffice](productivity.md#onlyoffice) +- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji } [CryptPad](productivity.md#cryptpad) +- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji } [PrivateBin (Pastebin)](productivity.md#privatebin) + +
+ +[Learn more :material-arrow-right-drop-circle:](productivity.md) + +### Real-Time Communication + +
+ +- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal) +- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar](real-time-communication.md#briar) +- ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji } [SimpleX Chat](real-time-communication.md#simplex-chat) +- ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element) +- ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session) + +
+ +[Learn more :material-arrow-right-drop-circle:](real-time-communication.md) + +### Video Streaming Clients + +
+ +- ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry) + +
+ +[Learn more :material-arrow-right-drop-circle:](video-streaming.md) diff --git a/i18n/ku/tor.md b/i18n/ku/tor.md new file mode 100644 index 000000000..ce93c961d --- /dev/null +++ b/i18n/ku/tor.md @@ -0,0 +1,117 @@ +--- +title: "Tor Network" +icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. +--- + +![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } + +The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. + +[:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage } +[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } +[:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation} +[:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" } +[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } + +Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. + +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} + +## Connecting to Tor + +There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser. + +### Tor Browser + +!!! recommendation + + ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right } + + **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*. + + [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary } + [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } + [:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation } + [:octicons-code-16:](https://gitweb.torproject.org/tor-browser.git/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser) + - [:simple-android: Android](https://www.torproject.org/download/#android) + - [:simple-windows11: Windows](https://www.torproject.org/download/) + - [:simple-apple: macOS](https://www.torproject.org/download/) + - [:simple-linux: Linux](https://www.torproject.org/download/) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/security/tor) + +!!! danger + + You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting). + +The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/). + +### Orbot + +!!! recommendation + + ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right } + + **Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network. + + [:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation} + [:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" } + [:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599) + - [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases) + +For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings** → **Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to. + +!!! tip "Tips for Android" + + Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**. + + Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead. + + All versions are signed using the same signature so they should be compatible with each other. + +## Relays and Bridges + +### Snowflake + +!!! recommendation + + ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right } + ![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right } + + **Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser. + + People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge. + + [:octicons-home-16: Homepage](https://snowflake.torproject.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation} + [:octicons-code-16:](https://gitweb.torproject.org/pluggable-transports/snowflake.git/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie) + - [:octicons-browser-16: Web](https://snowflake.torproject.org/embed "Leave this page open to be a Snowflake proxy") + +??? tip "Embedded Snowflake" + + You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface. + +
+ If the embed does not appear for you, ensure you are not blocking the third-party frame from `torproject.org`. Alternatively, visit [this page](https://snowflake.torproject.org/embed.html). + +Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. + +Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. diff --git a/i18n/ku/video-streaming.md b/i18n/ku/video-streaming.md new file mode 100644 index 000000000..8f8ebd0b8 --- /dev/null +++ b/i18n/ku/video-streaming.md @@ -0,0 +1,51 @@ +--- +title: "Video Streaming" +icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. +--- + +The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. + +## LBRY + +!!! recommendation + + ![LBRY logo](assets/img/video-streaming/lbry.svg){ align=right } + + **The LBRY network** is a decentralized video sharing network. It uses a [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-like network to store the video content, and a [blockchain](https://wikipedia.org/wiki/Blockchain) to store the indexes for those videos. The main benefit of this design is censorship resistance. + + **The LBRY desktop client** helps you stream videos from the LBRY network and stores your subscription list in your own LBRY wallet. + + [:octicons-home-16: Homepage](https://lbry.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://lbry.com/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-windows11: Windows](https://lbry.com/windows) + - [:simple-apple: macOS](https://lbry.com/osx) + - [:simple-linux: Linux](https://lbry.com/linux) + +!!! note + + Only the **LBRY desktop client** is recommended, as the [Odysee](https://odysee.com) website and the LBRY clients in F-Droid, Play Store, and the App Store have mandatory synchronization and telemetry. + +!!! warning + + While watching and hosting videos, your IP address is visible to the LBRY network. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel. + +You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must not require a centralized account to view videos. + - Decentralized authentication, such as via a mobile wallet's private key is acceptable. diff --git a/i18n/ku/vpn.md b/i18n/ku/vpn.md new file mode 100644 index 000000000..a88393635 --- /dev/null +++ b/i18n/ku/vpn.md @@ -0,0 +1,327 @@ +--- +title: "VPN Services" +icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. +--- + +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: + +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" + + Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. + + If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + + If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + + [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } + +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} + +## دابینکەرانی پێشنیارکراو + +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. + +### IVPN + +!!! recommendation + + ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } + + **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar. + + [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-android: Android](https://www.ivpn.net/apps-android/) + - [:simple-appstore: App Store](https://apps.apple.com/app/ivpn-serious-privacy-protection/id1193122683) + - [:simple-windows11: Windows](https://www.ivpn.net/apps-windows/) + - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) + - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) + +#### :material-check:{ .pg-green } 35 Countries + +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } + +1. Last checked: 2022-09-16 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. + +#### :material-check:{ .pg-green } WireGuard Support + +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. + +### Mullvad + +!!! recommendation + + ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } + + **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial. + + [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) + - [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) + - [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases) + - [:simple-windows11: Windows](https://mullvad.net/en/download/windows/) + - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) + - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) + +#### :material-check:{ .pg-green } 41 Countries + +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } + +1. Last checked: 2023-01-19 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } + + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. + + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) + +#### :material-check:{ .pg-green } 67 Countries + +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } + +1. Last checked: 2022-09-16 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). + +#### :material-check:{ .pg-green } Open-Source Clients + +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). + +#### :material-check:{ .pg-green } Accepts Cash + +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. + +#### :material-check:{ .pg-green } WireGuard Support + +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. + +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. + +## Criteria + +!!! danger + + It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. + +**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. + +### Technology + +We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected. + +**Minimum to Qualify:** + +- Support for strong protocols such as WireGuard & OpenVPN. +- Killswitch built in to clients. +- Multihop support. Multihopping is important to keep data private in case of a single node compromise. +- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. + +**Best Case:** + +- WireGuard and OpenVPN support. +- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) +- Easy-to-use VPN clients +- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. +- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). + +### Privacy + +We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required. + +**Minimum to Qualify:** + +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. +- No personal information required to register: Only username, password, and email at most. + +**Best Case:** + +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). + +### Security + +A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis. + +**Minimum to Qualify:** + +- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. +- Perfect Forward Secrecy (PFS). +- Published security audits from a reputable third-party firm. + +**Best Case:** + +- Strongest Encryption: RSA-4096. +- Perfect Forward Secrecy (PFS). +- Comprehensive published security audits from a reputable third-party firm. +- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. + +### Trust + +You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. + +**Minimum to Qualify:** + +- Public-facing leadership or ownership. + +**Best Case:** + +- Public-facing leadership. +- Frequent transparency reports. + +### Marketing + +With the VPN providers we recommend we like to see responsible marketing. + +**Minimum to Qualify:** + +- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out. + +Must not have any marketing which is irresponsible: + +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: + - Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.) + - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of three or more hops that regularly changes. +- Use responsible language: i.e., it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor. + +**Best Case:** + +Responsible marketing that is both educational and useful to the consumer could include: + +- An accurate comparison to when [Tor](tor.md) should be used instead. +- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion) + +### Additional Functionality + +While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. diff --git a/i18n/nl/404.md b/i18n/nl/404.md index be1bb6435..fc9b878f6 100644 --- a/i18n/nl/404.md +++ b/i18n/nl/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Niet gevonden @@ -13,5 +17,3 @@ We konden de pagina die je zoekt niet vinden! Misschien was je op zoek naar een - [Beste VPN-providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Onze Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/criteria.md b/i18n/nl/about/criteria.md index 9913777a0..a35f5f329 100644 --- a/i18n/nl/about/criteria.md +++ b/i18n/nl/about/criteria.md @@ -38,5 +38,3 @@ Wij stellen deze eisen aan ontwikkelaars die hun project of software in overwegi - Moeten aangeven wat het exacte dreigingsmodel is van hun project. - Het moet voor potentiële gebruikers duidelijk zijn wat het project kan bieden, en wat niet. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/donate.md b/i18n/nl/about/donate.md index 007d3a728..a61bbbdb8 100644 --- a/i18n/nl/about/donate.md +++ b/i18n/nl/about/donate.md @@ -48,5 +48,3 @@ Wij hosten [internetdiensten](https://privacyguides.net) voor het testen en tone Wij kopen af en toe producten en diensten aan om onze [aanbevolen instrumenten te testen](../tools.md). We werken nog steeds samen met onze fiscale host (de Open Collective Foundation) om donaties in cryptogeld te ontvangen, op dit moment is de boekhouding onhaalbaar voor veel kleinere transacties, maar dit zou in de toekomst moeten veranderen. In de tussentijd, als je een aanzienlijke (> $100) crypto donatie wilt doen, neem dan contact op met [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/index.md b/i18n/nl/about/index.md index a2c4584b5..861f5928a 100644 --- a/i18n/nl/about/index.md +++ b/i18n/nl/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "Over Privacy Guides" +description: Privacy Guides is een sociaal gemotiveerde website die informatie biedt voor de bescherming van jouw gegevens en privacy. --- -**Privacy Guides** is een sociaal gemotiveerde website die informatie verstrekt voor de bescherming van jouw gegevensbeveiliging en privacy. Wij zijn een non-profit collectief dat volledig wordt beheerd door vrijwillige [teamleden](https://discuss.privacyguides.net/g/team) en bijdragers. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Steun het project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is een sociaal gemotiveerde website die [informatie biedt](/kb) voor de bescherming van jouw gegevens en privacy. Wij zijn een non-profit collectief dat volledig wordt beheerd door vrijwillige [teamleden](https://discuss.privacyguides.net/g/team) en bijdragers. Onze website is vrij van advertenties en niet geaffilieerd met andere aanbieders in de lijst. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Broncide" } +[:octicons-heart-16:](donate.md){ .card-link title=Bijdrage leveren } + +Het doel van Privacy Guides is om onze community te informeren over het belang van online privacy en overheidsprogramma 's die zijn ontworpen om al jouw online activiteiten te controleren. + +> Om [privacygerichte alternatieve] apps te vinden, kunt je kijken op sites als Good Reports en **Privacy Guides**, waar privacygerichte apps in verschillende categorieën worden genoemd, waaronder e-mailproviders (meestal tegen betaling) die niet worden beheerd door de grote techbedrijven. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) [Vertaald uit het Engels] + +> Als je op zoek bent naar een nieuwe vpn, kun je terecht bij de kortingscode van zowat iedere willekeurige podcast. Als je op zoek bent naar een **goéde** vpn, heb je professionele hulp nodig. Hetzelfde geldt voor e-mailclients, browsers, besturingssystemen en wachtwoordmanagers. Hoe weet je welke daarvan de beste, privacyvriendelijkste optie is? Daarvoor is er **Privacy Guides**, een platform waarop een aantal vrijwilligers dag in, dag uit zoekt naar de beste privacyvriendelijke tools om internet mee op te gaan. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) + +Ook uitgelicht op: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], en [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## Geschiedenis + +Privacy Guides werd gelanceerd in september 2021 als voortzetting van het [verouderde](privacytools.md) "PrivacyTools" open-source onderwijsproject. We erkenden het belang van onafhankelijke, criteriagerichte productaanbevelingen en algemene kennis op het gebied van privacy, en daarom moesten we het werk dat sinds 2015 door zo veel medewerkers was gecreëerd bewaren en ervoor zorgen dat die informatie voor onbepaalde tijd een stabiel thuis op het web had. + +In 2022 hebben we de overgang van ons belangrijkste websiteframework van Jekyll naar MkDocs voltooid, met behulp van de `mkdocs-material` documentatiesoftware. Deze wijziging maakte open-sourcebijdragen aan onze site aanzienlijk eenvoudiger voor buitenstaanders, omdat in plaats van ingewikkelde syntaxis te moeten kennen om berichten effectief te kunnen schrijven, bijdragen nu net zo eenvoudig is als het schrijven van een standaard Markdown-document. + +Daarnaast lanceerden we ons nieuwe discussieforum op [discuss.privacyguides.net](https://discuss.privacyguides.net/) als een gemeenschapsplatform om ideeën te delen en vragen te stellen over onze missie. Dit vergroot onze bestaande community op Matrix, en vervangt ons vorige GitHub Discussieplatform, waardoor we minder afhankelijk worden van discussieplatformen van derden. + +Tot nu toe hebben we in 2023 internationale vertalingen van onze website gelanceerd in [Frans](/fr/), [Hebreeuws](/he/), en [Nederlands](/nl/), met meer talen op komst, mogelijk gemaakt door ons uitstekende vertaalteam op [Crowdin](https://crowdin.com/project/privacyguides). We zijn van plan onze missie van voorlichting en educatie voort te zetten en manieren te vinden om de gevaren van een gebrek aan privacybewustzijn in het moderne digitale tijdperk en de prevalentie en schade van beveiligingsinbreuken in de technologie-industrie duidelijker te benadrukken. ## Ons Team @@ -48,7 +76,7 @@ title: "Over Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Bovendien hebben [veel mensen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) bijgedragen aan het project. Jij kunt het ook, we zijn open source op GitHub! +Bovendien hebben [veel mensen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) bijgedragen aan het project. Jij kunt dat ook, we zijn open source op GitHub, en accepteren vertaalsuggesties op [Crowdin](https://crowdin.com/project/privacyguides). Onze teamleden bekijken alle wijzigingen aan de website en nemen administratieve taken op zich zoals webhosting en financiën, maar zij profiteren niet persoonlijk van bijdragen aan deze site. Onze financiën worden transparant gehost door de Open Collective Foundation 501(c)(3) op [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Giften aan Privacy Guides zijn in het algemeen aftrekbaar van de belasting in de Verenigde Staten. @@ -59,5 +87,3 @@ Onze teamleden bekijken alle wijzigingen aan de website en nemen administratieve :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Tenzij anders vermeld, wordt de oorspronkelijke inhoud van deze website beschikbaar gesteld onder de [Creative Commons Naamsvermelding-Niet-afgeleide producten 4.0 Internationale Openbare Licentie](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). Dit betekent dat u vrij bent om het materiaal te kopiëren en opnieuw te verspreiden in elk medium of formaat voor elk doel, zelfs commercieel; zolang u gepaste eer geeft aan `Privacy Guides (www.privacyguides.org)` en een link geeft naar de licentie. U **mag de Privacy Guides branding niet** gebruiken in uw eigen project zonder uitdrukkelijke toestemming van dit project. Als u de inhoud van deze website remixt, transformeert of erop voortbouwt, mag u het gewijzigde materiaal niet verspreiden. Deze licentie is er om te voorkomen dat mensen ons werk delen zonder de juiste credits te geven, en om te voorkomen dat mensen ons werk aanpassen op een manier die gebruikt kan worden om mensen te misleiden. Als u de voorwaarden van deze licentie te beperkend vindt voor het project waaraan u werkt, neem dan contact met ons op via `jonah@privacyguides.org`. Wij bieden graag alternatieve licentiemogelijkheden voor goedbedoelde projecten op het gebied van privacy! - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/notices.md b/i18n/nl/about/notices.md index 971ba2b50..b18c0287a 100644 --- a/i18n/nl/about/notices.md +++ b/i18n/nl/about/notices.md @@ -41,5 +41,3 @@ Je mag geen systematische of geautomatiseerde gegevensverzamelingsactiviteiten u * Schrapen * Datamining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/privacy-policy.md b/i18n/nl/about/privacy-policy.md index bbf61460e..00321048f 100644 --- a/i18n/nl/about/privacy-policy.md +++ b/i18n/nl/about/privacy-policy.md @@ -59,5 +59,3 @@ Voor meer algemene klachten in het kader van de GDPR kun je terecht bij jouw lok Eventuele nieuwe versies van deze verklaring [zullen wij hier](privacy-policy.md)plaatsen. Wij kunnen de wijze waarop wij wijzigingen aankondigen in toekomstige versies van dit document wijzigen. In de tussentijd kunnen wij onze contactgegevens te allen tijde bijwerken zonder een wijziging aan te kondigen. Raadpleeg het [Privacybeleid](privacy-policy.md) voor de meest recente contactinformatie op elk moment. Een volledige revisie [geschiedenis](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) van deze pagina is te vinden op GitHub. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/privacytools.md b/i18n/nl/about/privacytools.md index 9e4cf32db..0dea09d77 100644 --- a/i18n/nl/about/privacytools.md +++ b/i18n/nl/about/privacytools.md @@ -35,7 +35,6 @@ Medio 2021 nam het PrivacyTools team contact op met Jonah, die ermee instemde zi ## Gemeenschaps oproep tot actie Eind juli 2021 hebben we - de PrivacyTools gemeenschap op de hoogte gebracht van ons voornemen om een nieuwe naam te kiezen en het project voort te zetten op een nieuw domein, dat [gekozen zal worden](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) op 2 augustus 2022. Uiteindelijk werd "Privacy Guides" gekozen, met het domein `privacyguides.org` dat Jonah al bezat voor een zijproject uit 2020 dat onontwikkeld bleef.

@@ -142,5 +141,3 @@ Dit onderwerp is uitgebreid besproken binnen onze gemeenschappen op verschillend - [2 apr 2022 reactie van u/dng99 op beschuldigende blogpost van PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [16 mei 2022 reactie door @TommyTran732 op Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post op Techlore's forum door @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/services.md b/i18n/nl/about/services.md index 38234548e..d542b52ad 100644 --- a/i18n/nl/about/services.md +++ b/i18n/nl/about/services.md @@ -36,5 +36,3 @@ We draaien een aantal webdiensten om functies te testen en coole gedecentralisee - Beschikbaarheid: Semi-Openbaar Wij hosten Invidious voornamelijk om ingesloten YouTube-video's op onze website weer te geven, deze instantie is niet bedoeld voor algemeen gebruik en kan op elk moment worden beperkt. - Bron: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/statistics.md b/i18n/nl/about/statistics.md index bc71e4e08..8973be931 100644 --- a/i18n/nl/about/statistics.md +++ b/i18n/nl/about/statistics.md @@ -59,5 +59,3 @@ title: Verkeersstatistieken }) }) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/advanced/communication-network-types.md b/i18n/nl/advanced/communication-network-types.md index c230fb05d..7f0ee06f9 100644 --- a/i18n/nl/advanced/communication-network-types.md +++ b/i18n/nl/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Soorten communicatienetwerken" icon: 'material/transit-connection-variant' +description: Een overzicht van verschillende netwerkarchitecturen die vaak door instant messaging toepassingen worden gebruikt. --- Er zijn verschillende netwerkarchitecturen die gewoonlijk worden gebruikt om berichten tussen mensen door te geven. Deze netwerken kunnen verschillende privacygaranties bieden, en daarom is het de moeite waard jouw [bedreigingsmodel](../basics/threat-modeling.md) in overweging te nemen bij de beslissing welke app je gaat gebruiken. @@ -100,5 +101,3 @@ Het zelf hosten van een knooppunt in een anoniem routenetwerk biedt de hoster ge - Minder betrouwbaar als de knooppunten worden geselecteerd door gerandomiseerde routering, kunnen sommige knooppunten zeer ver van de verzender en de ontvanger verwijderd zijn, waardoor vertraging optreedt of zelfs berichten niet worden verzonden als een van de knooppunten offline gaat. - Ingewikkelder om mee te beginnen omdat de creatie en beveiligde backup van een cryptografische private sleutel vereist is. - Net als bij andere gedecentraliseerde platforms is het toevoegen van functies ingewikkelder voor ontwikkelaars dan op een gecentraliseerd platform. Daarom kunnen functies ontbreken of onvolledig zijn geïmplementeerd, zoals het offline doorgeven van berichten of het verwijderen van berichten. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/advanced/dns-overview.md b/i18n/nl/advanced/dns-overview.md index a32e26bbf..4ec883a72 100644 --- a/i18n/nl/advanced/dns-overview.md +++ b/i18n/nl/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Inleiding tot DNS" icon: material/dns +description: Het Domain Name System is het "telefoonboek van het internet", dat jouw browser helpt de website te vinden die hij zoekt. --- Het [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is het "telefoonboek van het internet". DNS vertaalt domeinnamen naar IP-adressen zodat browsers en andere diensten internetbronnen kunnen laden, via een gedecentraliseerd netwerk van servers. @@ -303,5 +304,3 @@ Het [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is ee Het is bedoeld om de levering van gegevens te "versnellen" door de client een antwoord te geven dat toebehoort aan een server die zich dicht bij hem bevindt, zoals een [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), die vaak worden gebruikt bij videostreaming en het serveren van JavaScript-webapps. Deze functie gaat wel ten koste van de privacy, aangezien de DNS-server informatie krijgt over de locatie van de client. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/advanced/payments.md b/i18n/nl/advanced/payments.md new file mode 100644 index 000000000..1a593c4d0 --- /dev/null +++ b/i18n/nl/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Privé betalingen +icon: material/hand-coin +--- + +Er is een reden waarom gegevens over jouw koopgedrag word beschouwd als de heilige graal van gerichte advertenties: jouw aankopen kunnen een ware schat aan gegevens over je lekken. Helaas is het huidige financiële systeem anti-privacy by design, waardoor banken, andere bedrijven en overheden transacties gemakkelijk kunnen traceren. Toch heb je tal van opties als het gaat om het maken van betalingen privé. + +## Contant + +Eeuwenlang was **contant geld** de belangrijkste vorm van particuliere betaling. Cash heeft in de meeste gevallen uitstekende privacy-eigenschappen, wordt in de meeste landen algemeen geaccepteerd en is **vervangbaar**, wat betekent dat het niet uniek en volledig verwisselbaar is. + +De wetgeving inzake contante betaling verschilt per land. In de Verenigde Staten is voor contante betalingen van meer dan 10.000 dollar een speciale melding aan de IRS vereist op [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). Het ontvangende bedrijf moet de naam, het adres, het beroep, de geboortedatum en het burgerservicenummer of een ander TIN van de begunstigde verifiëren (met enkele uitzonderingen). Lagere limieten zonder ID zoals $ 3.000 of minder bestaan voor uitwisselingen en geldoverdracht. Contant geld bevat ook serienummers. Deze worden bijna nooit door handelaren getraceerd, maar kunnen door rechtshandhavingsinstanties worden gebruikt bij gerichte onderzoeken. + +Toch is het meestal de beste optie. + +## Prepaidkaarten & Cadeaubonnen + +Het is relatief eenvoudig om cadeaubonnen en prepaidkaarten te kopen bij de meeste supermarkten en gemakswinkels met contant geld. Cadeaukaarten hebben meestal geen geen kosten, maar prepaidkaarten vaak wel, dus let goed op deze kosten en vervaldata. Sommige winkels kunnen vragen om je legitimatiebewijs te zien bij het afrekenen om fraude te verminderen. + +Cadeaubonnen hebben meestal limieten tot $ 200 per kaart, maar sommige bieden limieten tot $ 2.000 per kaart. Prepaidkaarten (bijv. van Visa of Mastercard) hebben meestal limieten tot $ 1.000 per kaart. + +Cadeaubonnen hebben het nadeel dat ze onderworpen zijn aan het winkelbeleid, dat vreselijke voorwaarden en beperkingen kan hebben. Sommige verkopers accepteren bijvoorbeeld niet uitsluitend betaling met cadeaubonnen, of ze kunnen de waarde van de kaart annuleren als ze je als een gebruiker met een hoog risico beschouwen. Zodra je een cadeaubon hebt, heeft de winkel een sterke mate van controle over dit krediet. + +Prepaidkaarten staan geen geldopnames van geldautomaten of "peer-to-peer" -betalingen in Venmo en soortgelijke apps toe. + +Cash blijft de beste optie voor persoonlijke aankopen voor de meeste mensen. Cadeaubonnen kunnen nuttig zijn voor de besparingen die ze opleveren. Prepaidkaarten kunnen handig zijn voor plaatsen die geen contant geld accepteren. Cadeaubonnen en prepaidkaarten zijn gemakkelijker online te gebruiken dan contant geld en ze zijn gemakkelijker te verkrijgen met cryptocurrencies dan contant geld. + +### Online marktplaatsen + +Als je [cryptocurrency](../cryptocurrency.md) hebt, kun je cadeaubonnen kopen bij een online cadeaubon marktplaats. Sommige van deze services bieden opties voor ID-verificatie voor hogere limieten, maar ze staan ook accounts toe met alleen een e-mailadres. Basislimieten beginnen bij $ 5.000-10.000 per dag voor basisaccounts en aanzienlijk hogere limieten voor ID geverifieerde accounts (indien aangeboden). + +Bij het online kopen van cadeaukaarten is er meestal een kleine korting. Prepaidkaarten worden meestal online verkocht tegen nominale waarde of tegen een vergoeding. Als je prepaidkaarten en cadeaubonnen met cryptocurrencies koopt, moet je sterk de voorkeur geven aan betalen met Monero, wat een sterke privacy biedt, meer hierover hieronder. Het betalen voor een cadeaukaart met een traceerbare betaalmethode doet de voordelen teniet die een cadeaukaart kan bieden wanneer deze met contant geld of Monero wordt gekocht. + +- [Online marktplaatsen voor cadeaubonnen :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtuele kaarten + +Een andere manier om jouw informatie te beschermen tegen online handelaars is het gebruik van virtuele kaarten voor eenmalig gebruik die jouw werkelijke bank- of factureringsgegevens maskeren. Dit is vooral handig om je te beschermen tegen inbreuken op de gegevens van verkopers, minder geavanceerde tracking of aankoopcorrelatie door marketingbureaus en online gegevensdiefstal. Ze helpen je **niet** om een aankoop volledig anoniem te doen, noch verbergen ze informatie voor de bankinstelling zelf. Reguliere financiële instellingen die virtuele kaarten aanbieden zijn onderworpen aan "Know Your Customer" (KYC) wetten, wat betekent dat zij jouw ID of andere identificerende informatie kunnen verlangen. + +- [Aanbevolen betalingsmaskeringsdiensten :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +Dit zijn meestal goede opties voor online terugkerende betalingen/abonnementen, terwijl de voorkeur wordt gegeven aan vooraf betaalde cadeaubonnen voor eenmalige transacties. + +## Cryptocurrency + +Cryptocurrencies zijn een digitale vorm van valuta die is ontworpen om te werken zonder centrale autoriteiten zoals een overheid of bank. Hoewel *sommige* cryptocurrency-projecten je in staat stellen online privétransacties te verrichten, gebruiken vele een openbare blockchain die geen enkele transactieprivacy biedt. Cryptovaluta's zijn ook zeer volatiele assets, wat betekent dat hun waarde op elk moment snel en aanzienlijk kan veranderen. Als zodanig raden we over het algemeen niet aan om cryptocurrency te gebruiken als een lange termijn opslag van waarde. Als je besluit cryptocurrency online te gebruiken, zorg er dan voor dat je vooraf volledig op de hoogte bent van de privacy-aspecten ervan, en investeer alleen bedragen die niet rampzalig zijn om te verliezen. + +!!! danger "Gevaar" + + De overgrote meerderheid van de cryptocurrencies werkt op een **publieke** blockchain, wat betekent dat elke transactie publiekelijk bekend is. Dit omvat zelfs de meeste bekende cryptocurrencies zoals Bitcoin en Ethereum. Transacties met deze cryptocurrencies mogen niet als privé worden beschouwd en zullen jouw anonimiteit niet beschermen. + + Daarnaast zijn veel of misschien niet de meeste cryptovaluta's oplichters. Voer transacties zorgvuldig uit met alleen projecten die je vertrouwt. + +### Privacy Coins + +Er zijn een aantal cryptocurrency-projecten die beweren privacy te bieden door transacties anoniem te maken. Wij raden aan er een te gebruiken die standaard transactie anonimiteit **biedt** om menselijke fouten te voorkomen. + +- [Aanbevolen cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacymunten worden steeds kritischer bekeken door overheidsinstanties. In 2020 publiceerde [de IRS een bounty van $625.000](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) voor tools die het Bitcoin Lightning Network en/of de transactieprivacy van Monero kunnen doorbreken. Ze hebben uiteindelijk [twee bedrijven](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis en Integra Fec) samen 1,25 miljoen dollar betaald voor tools die dit pretenderen te doen (het is onbekend op welk cryptocurrency netwerk deze tools zich richten). Vanwege de geheimhouding rond tools zoals deze, is geen van deze methoden voor het traceren van cryptocurrencies onafhankelijk bevestigd.== Het is vrij waarschijnlijk dat er instrumenten bestaan die gericht onderzoek naar particuliere munttransacties ondersteunen, en dat privacymunten er alleen in slagen massasurveillance te dwarsbomen. + +### Andere munten (Bitcoin, Ethereum, enz.) + +De overgrote meerderheid van cryptocurrency-projecten maakt gebruik van een openbare blockchain, wat betekent dat alle transacties zowel gemakkelijk traceerbaar als permanent zijn. Als zodanig raden we het gebruik van de meeste cryptocurrency om privacygerelateerde redenen ten zeerste af. + +Anonieme transacties op een openbare blockchain zijn *theoretisch* mogelijk en de Bitcoin wiki [geeft een voorbeeld van een "volledig anonieme" transactie](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). Hiervoor is echter een ingewikkelde configuratie nodig waarbij Tor en "solo-mining" een blok nodig is om volledig onafhankelijke cryptovaluta te genereren een praktijk die al jaren voor bijna geen enkele enthousiasteling praktisch is. + +==Jouw beste optie is om deze cryptocurrencies volledig te vermijden en vast te houden aan een die standaard privacy biedt.== Pogingen om andere cryptocurrency te gebruiken vallen buiten het bereik van deze site en worden sterk afgeraden. + +### Wallet Bewaring + +Bij cryptocurrency zijn er twee vormen van wallets: custodial wallets en noncustodial wallets. Custodial wallets worden beheerd door gecentraliseerde bedrijven/beurzen, waar de privésleutel voor jouw wallet in handen is van dat bedrijf, en je kunt er overal bij met een gewone gebruikersnaam en wachtwoord. Niet-custodiale portemonnees zijn portemonnees waarbij jij de privé-sleutels om toegang te krijgen controleert en beheert. Ervan uitgaande dat je de privésleutels van jouw portemonnee veilig bewaart en er een back-up van maakt, bieden niet-custodial wallets meer veiligheid en weerstand tegen censuur dan custodial wallets, omdat jouw cryptocurrency niet kan worden gestolen of bevroren door een bedrijf dat jouw privésleutels bewaart. Sleutelbewaring is vooral belangrijk als het gaat om privacy-munten: Custodial wallets geven de exploitatiemaatschappij de mogelijkheid om jouw transacties te bekijken, waardoor de privacyvoordelen van die cryptocurrencies teniet worden gedaan. + +### Aankoop + +Het particulier verwerven van [cryptocurrencies](../cryptocurrency.md) zoals Monero kan moeilijk zijn. P2P-marktplaatsen zoals [LocalMonero](https://localmonero.co/), een platform dat handel tussen mensen vergemakkelijkt, zijn een optie die kan worden gebruikt. Als het gebruik van een exchange die KYC vereist een aanvaardbaar risico voor je is zolang latere transacties niet kunnen worden getraceerd, is een veel eenvoudigere optie om Monero te kopen op een exchange zoals [Kraken](https://kraken.com/), of Bitcoin/Litecoin te kopen van een KYC exchange die dan kan worden omgewisseld voor Monero. Vervolgens kun je de aangekochte Monero opnemen in jouw eigen, niet-vrijwillige portemonnee om vanaf dat moment privé te gebruiken. + +Als je voor deze route kiest, zorg er dan voor dat je Monero koopt op andere tijdstippen en in andere hoeveelheden dan waar je het zult uitgeven. Als je $5000 aan Monero koopt op een beurs en een uur later een aankoop van $5000 in Monero doet, kunnen die acties mogelijk gecorreleerd worden door een buitenstaander, ongeacht welke weg de Monero aflegde. Door aankopen te spreiden en vooraf grotere hoeveelheden Monero te kopen om later uit te geven aan meerdere kleinere transacties, kan deze valkuil worden vermeden. + +## Aanvullende overwegingen + +Zorg ervoor dat je privacy in gedachten houdt wanneer je een betaling in persoon doet met contanten. Beveiligingscamera 's zijn alomtegenwoordig. Overweeg het dragen van onopvallende kleding en een gezichtsmasker (zoals een chirurgisch masker of N95). Meld je niet aan voor beloningsprogramma's en geef geen andere informatie over jezelf. + +Bij online aankopem, gebruik dan bij voorkeur [Tor](tor-overview.md). Veel handelaren staan echter geen aankopen bij Tor toe. U kunt overwegen een [aanbevolen VPN](../vpn.md) te gebruiken (betaald met contant geld, cadeaubond, of Monero), of het doen in een koffiewinkel of bibliotheek met gratis wifi. Als je een fysiek voorwerp bestelt dat geleverd moet worden, moet je een afleveradres opgeven. Overweeg een postvak, privépostvak of werkadres te gebruiken. diff --git a/i18n/nl/advanced/tor-overview.md b/i18n/nl/advanced/tor-overview.md index 1b1d36122..ea1d91b86 100644 --- a/i18n/nl/advanced/tor-overview.md +++ b/i18n/nl/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overzicht" icon: 'simple/torproject' +description: Tor is een gratis te gebruiken, gedecentraliseerd netwerk dat is ontworpen om het internet met zoveel mogelijk privacy te gebruiken. --- Tor is een gratis te gebruiken, gedecentraliseerd netwerk dat is ontworpen om het internet met zoveel mogelijk privacy te gebruiken. Bij correct gebruik maakt het netwerk privé en anoniem browsen en communicatie mogelijk. @@ -74,8 +75,6 @@ Als je Tor wilt gebruiken om op het web te surfen, raden we alleen de **officië - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.nl.txt" - [^1]: De entry node in jouw circuit wordt een "bewaker" of "Guard" genoemd. Het is een snel en stabiel node dat gedurende 2-3 maanden de eerste blijft in jouw circuit, ter bescherming tegen een bekende anonimiteitsdoorbrekende aanval. De rest van je circuit verandert bij elke nieuwe website die je bezoekt, en alles bij elkaar bieden deze relays de volledige privacybescherming van Tor. Voor meer informatie over de werking van guard nodes, zie deze [blogpost](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) en [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) over inloopbeveiliging. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relaysvlag: een speciale (dis-)kwalificatie van relais voor circuitposities (bijvoorbeeld "Guard", "Exit", "BadExit"), circuiteigenschappen (bijvoorbeeld "Fast", "Stable"), of rollen (bijvoorbeeld "Authority", "HSDir"), zoals toegewezen door de directory-autoriteiten en nader gedefinieerd in de specificatie van het directory-protocol. ([https://metrics.torproject.org/glossary.html/](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/nl/android.md b/i18n/nl/android.md index f4d7140c2..87d572386 100644 --- a/i18n/nl/android.md +++ b/i18n/nl/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: Je kunt het besturingssysteem op jouw Android-telefoon vervangen door deze veilige en privacy respecterende alternatieven. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ Het **Android Open Source Project** is een open-source mobiel besturingssysteem Dit zijn de Android-besturingssystemen, apparaten en apps die wij aanbevelen om de beveiliging en privacy van jouw mobiele apparaat te maximaliseren. aanbeveling -- [Algemeen Android-overzicht en -aanbevelingen :material-arrow-right-drop-circle:](os/android-overview.md) -- [Waarom we GrapheneOS aanbevelen boven CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[Algemeen Android-overzicht en -aanbevelingen :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Waarom we GrapheneOS aanbevelen boven CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP-derivaten @@ -41,7 +43,7 @@ Wij raden je aan een van deze aangepaste Android-besturingssystemen op jouw toes [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Broncode" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Bijdragen } -DivestOS heeft geautomatiseerde kernel kwetsbaarheden ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), minder eigen blobs, een aangepaste [hosts](https://divested.dev/index.php?page=dnsbl) bestand, en [F-Droid](https://www.f-droid.org) als de app store. Zijn geharde WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), maakt [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) mogelijk voor alle architecturen en [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), en ontvangt out-of-band updates. +GrapheneOS ondersteunt [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), die draait [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) volledig sandboxed als elke andere gewone app. Dit betekent dat je kunt profiteren van de meeste Google Play-services, zoals [pushmeldingen](https://firebase.google.com/docs/cloud-messaging/), terwijl je volledige controle hebt over hun machtigingen en toegang, en terwijl je ze bevat in een specifiek [werkprofiel](os/android-overview.md#work-profile) of [gebruikersprofiel](os/android-overview.md#user-profiles) van jouw keuze. Google Pixel-telefoons zijn de enige apparaten die momenteel voldoen aan GrapheneOS's [hardware beveiligingseisen](https://grapheneos.org/faq#device-support). @@ -61,11 +63,11 @@ Google Pixel-telefoons zijn de enige apparaten die momenteel voldoen aan Graphen [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Broncode" } [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Bijdragen } -DivestOS heeft geautomatiseerde kernel kwetsbaarheden ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), minder propriëtaire blobs, en een aangepaste [hosts](https://divested.dev/index.php?page=dnsbl) bestand. waarschuwing DivestOS bevat ook kernelpatches van GrapheneOS en schakelt alle beschikbare kernelbeveiligingsfuncties in via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Alle kernels nieuwer dan versie 3.4 bevatten volledige pagina [sanitization](https://lwn.net/Articles/334747/) en alle ~22 Clang-gecompileerde kernels hebben [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) ingeschakeld. +DivestOS heeft geautomatiseerde kernel kwetsbaarheden ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), minder propriëtaire blobs, en een aangepaste [hosts](https://divested.dev/index.php?page=dnsbl) bestand. Zijn geharde WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), maakt [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) mogelijk voor alle architecturen en [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), en ontvangt out-of-band updates. DivestOS bevat ook kernelpatches van GrapheneOS en schakelt alle beschikbare kernelbeveiligingsfuncties in via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Alle kernels nieuwer dan versie 3.4 bevatten volledige pagina [sanitization](https://lwn.net/Articles/334747/) en alle ~22 Clang-gecompileerde kernels hebben [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) ingeschakeld. -DivestOS implementeert enkele systeemhardingspatches die oorspronkelijk voor GrapheneOS zijn ontwikkeld. De software en firmware van mobiele toestellen worden slechts een beperkte tijd ondersteund, dus door nieuw te kopen wordt die levensduur zoveel mogelijk verlengd. 17.1 en hoger bevat GrapheneOS's per-netwerk volledige [MAC randomisatie](https://en.wikipedia.org/wiki/MAC_address#Randomization) optie, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) controle, en automatische reboot/Wi-Fi/Bluetooth [timeout opties](https://grapheneos.org/features). +DivestOS implementeert enkele systeemhardingspatches die oorspronkelijk voor GrapheneOS zijn ontwikkeld. DivestOS 16.0 en hoger implementeert GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) en SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), en partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 en hoger bevat GrapheneOS's per-netwerk volledige [MAC randomisatie](https://en.wikipedia.org/wiki/MAC_address#Randomization) optie, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) controle, en automatische reboot/Wi-Fi/Bluetooth [timeout opties](https://grapheneos.org/features). -CalyxOS bevat optioneel [microG](https://microg.org/), een gedeeltelijk open-source herimplementatie van Play Services die een bredere app compatibiliteit biedt. Het bundelt ook alternatieve locatiediensten: [Mozilla](https://location.services.mozilla.com/) en [DejaVu](https://github.com/n76/DejaVu). Op DivestOS is dat echter niet mogelijk; de ontwikkelaars werken hun apps bij via hun eigen F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) en [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Wij raden aan de officiële F-Droid app uit te schakelen en [Neo Store](https://github.com/NeoApplications/Neo-Store/) te gebruiken met de DivestOS repositories ingeschakeld om die componenten up-to-date te houden. Voor andere apps gelden nog steeds onze aanbevolen methoden om ze te verkrijgen. +DivestOS gebruikt F-Droid als standaard app store. Normaal gesproken raden we aan om F-Droid te vermijden vanwege de vele [beveiligingsproblemen](#f-droid). Op DivestOS is dat echter niet mogelijk; de ontwikkelaars werken hun apps bij via hun eigen F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) en [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Wij raden aan de officiële F-Droid app uit te schakelen en [Neo Store](https://github.com/NeoApplications/Neo-Store/) te gebruiken met de DivestOS repositories ingeschakeld om die componenten up-to-date te houden. Voor andere apps gelden nog steeds onze aanbevolen methoden om ze te verkrijgen. !!! warning @@ -77,7 +79,7 @@ CalyxOS bevat optioneel [microG](https://microg.org/), een gedeeltelijk open-sou Wanneer je een apparaat koopt, raden wij je aan er een zo nieuw als mogelijk te kopen. De software en firmware van mobiele apparaten worden slechts een beperkte tijd ondersteund, dus door nieuw te kopen wordt die levensduur zoveel mogelijk verlengd. -Vermijd het kopen van telefoons van mobiele netwerkoperatoren. Deze hebben vaak een **vergrendelde bootloader** en bieden geen ondersteuning voor [OEM-ontgrendeling](https://source.android.com/devices/bootloader/locking_unlocking). Deze telefoonvarianten voorkomen dat je enige vorm van alternatieve Android-distributie installeert. +Vermijd het kopen van telefoons van jouw mobiele provider. Deze hebben vaak een **vergrendelde bootloader** en bieden geen ondersteuning voor [OEM-ontgrendeling](https://source.android.com/devices/bootloader/locking_unlocking). Deze telefoonvarianten voorkomen dat je enige vorm van alternatieve Android-distributie installeert. Wees zeer **voorzichtig** met het kopen van tweedehands telefoons van online marktplaatsen. Controleer altijd de reputatie van de verkoper. Als het apparaat is gestolen, is het mogelijk [IMEI geblacklist](https://www.gsma.com/security/resources/imei-blacklisting/) is. Er is ook een risico dat je in verband wordt gebracht met de activiteiten van de vorige eigenaar. @@ -101,9 +103,9 @@ Google Pixel-telefoons zijn de **enige** toestellen die we aanraden om te kopen. [:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary } -Secure Elements zoals de Titan M2 zijn beperkter dan de Trusted Execution Environment van de processor die door de meeste andere telefoons gebruikt wordt, omdat ze alleen gebruikt worden voor geheimen opslag, hardware attestatie, en snelheidsbeperking van het invoeren van wachtwoorden, niet voor het draaien van "vertrouwde" programma's. Telefoons zonder een Secure Element moeten de TEE gebruiken voor *alle* van die functies, wat resulteert in een groter aanvalsoppervlak. +Secure Elements zoals de Titan M2 zijn beperkter dan de Trusted Execution Environment van de processor die door de meeste andere telefoons gebruikt wordt, omdat ze alleen gebruikt worden voor geheimen opslag, hardware attestatie, en snelheidsbeperking van het invoeren van wachtwoorden, niet voor het draaien van "vertrouwde" programma's. Telefoons zonder een Secure Element moeten de TEE gebruiken voor *alle* van deze functies. Dat leidt tot een groter aanvalsoppervlak. -Google Pixel-telefoons gebruiken een TEE OS genaamd Trusty dat [open-source](https://source.android.com/security/trusty#whyTrusty)is, in tegenstelling tot veel andere telefoons. +Google Pixel-telefoons gebruiken een TEE OS genaamd Trusty dat [open-source](https://source.android.com/security/trusty#whyTrusty) is, in tegenstelling tot veel andere telefoons. De installatie van GrapheneOS op een Pixel telefoon is eenvoudig met hun [web installer](https://grapheneos.org/install/web). Als je zich niet op jouw gemak voelt om het zelf te doen en bereid bent om een beetje extra geld uit te geven, kijk dan eens naar de [NitroPhone](https://shop.nitrokey.com/shop). Deze zijn voorgeladen met GrapheneOS van het gerenommeerde bedrijf [Nitrokey](https://www.nitrokey.com/about). @@ -116,7 +118,7 @@ Nog een paar tips voor de aanschaf van een Google Pixel: ## Algemene toepassingen -De volgende OEM's worden alleen genoemd omdat zij telefoons hebben die compatibel zijn met de door ons aanbevolen besturingssystemen. Als je een nieuw toestel koopt, raden we alleen aan om een Google Pixel te kopen. +Wij bevelen op deze site een groot aantal Android-apps aan. De hier vermelde apps zijn exclusief voor Android en verbeteren of vervangen specifiek belangrijke systeemfuncties. ### Shelter @@ -169,7 +171,7 @@ Auditor voert attest en inbraakdetectie uit door: - De *auditor* kan een ander exemplaar van de Auditor app zijn of de [Remote Attestation Service](https://attestation.app). - De *auditor* registreert de huidige toestand en configuratie van de *auditee*. - Mocht er met het besturingssysteem van de *auditee worden geknoeid* nadat de koppeling is voltooid, dan zal de auditor op de hoogte zijn van de verandering in de toestand en de configuraties van het apparaat. -- U zult op de hoogte worden gebracht van de wijziging. +- Je zult op de hoogte worden gebracht van de wijziging. Er wordt geen persoonlijk identificeerbare informatie aan de attestatiedienst verstrekt. Wij raden je aan je aan te melden met een anonieme account en attestatie op afstand in te schakelen voor voortdurende controle. @@ -199,7 +201,7 @@ De belangrijkste privacyfuncties zijn: - Automatisch verwijderen van [Exif](https://en.wikipedia.org/wiki/Exif) metadata (standaard ingeschakeld) - Gebruik van de nieuwe [Media](https://developer.android.com/training/data-storage/shared/media) API, daarom zijn [opslagmachtigingen](https://developer.android.com/training/data-storage) niet vereist -- Microfoontoestemming niet vereist, tenzij u geluid wilt opnemen +- Microfoontoestemming niet vereist, tenzij je geluid wilt opnemen !!! note @@ -232,11 +234,11 @@ De belangrijkste privacyfuncties zijn: ### GrapheneOS App Store -De app store van GrapheneOS is beschikbaar op [GitHub](https://github.com/GrapheneOS/Apps/releases). Het ondersteunt Android 12 en hoger en is in staat om zichzelf te updaten. De app store heeft standalone applicaties gebouwd door het GrapheneOS project zoals de [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), en [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Als je op zoek bent naar deze applicaties, raden wij je ten zeerste aan ze te halen uit de app-winkel van GrapheneOS in plaats van de Play Store, omdat de apps in hun winkel zijn ondertekend door de eigen handtekening van het GrapheneOS-project waar Google geen toegang toe heeft. +De app store van GrapheneOS is beschikbaar op [GitHub](https://github. com/GrapheneOS/Apps/releases). Het ondersteunt Android 12 en hoger en is in staat om zichzelf te updaten. De app store heeft losstaande applicaties gebouwd door het GrapheneOS project, zoals de [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), en [PDF-viewer](https://github.com/GrapheneOS/PdfViewer). Als je op zoek bent naar deze applicaties, raden wij je ten zeerste aan ze te halen uit de app-winkel van GrapheneOS in plaats van de Play Store, omdat de apps in hun winkel zijn ondertekend door de eigen handtekening van het GrapheneOS-project waar Google geen toegang toe heeft. ### Aurora Store -De Google Play Store vereist een Google-account om in te loggen, wat de privacy niet ten goede komt. U kunt dit omzeilen door een alternatieve client te gebruiken, zoals Aurora Store. +De Google Play Store vereist een Google-account om in te loggen, wat de privacy niet ten goede komt. Je kunt dit omzeilen door een alternatieve client te gebruiken, zoals Aurora Store. !!! recommendation @@ -257,7 +259,7 @@ Met de Aurora Store kun je geen betaalde apps downloaden met hun anonieme accoun Voor apps die worden uitgebracht op platforms als GitHub en GitLab, kun je misschien een RSS-feed toevoegen aan je [nieuwsaggregator](/news-aggregators) waarmee je nieuwe releases kunt volgen. -![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK wijzigingen](./assets/img/android/rss-changes-light.png#only-light) ![APK wijzigingen](./assets/img/android/rss-changes-dark.png#only-dark) +![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark) #### GitHub @@ -349,5 +351,3 @@ Dat gezegd zijnde, de [F-Droid](https://f-droid.org/en/packages/) en [IzzyOnDroi - Toepassingen op deze pagina mogen niet van toepassing zijn op andere softwarecategorieën op de site. - Algemene toepassingen moeten de kernfunctionaliteit van het systeem uitbreiden of vervangen. - Toepassingen moeten regelmatig worden bijgewerkt en onderhouden. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/account-creation.md b/i18n/nl/basics/account-creation.md index 93002d833..e609c9880 100644 --- a/i18n/nl/basics/account-creation.md +++ b/i18n/nl/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Het aanmaken van accounts" icon: 'material/account-plus' +description: Online accounts aanmaken is bijna een internetbehoefte, neem deze stappen om ervoor te zorgen dat je privé blijft. --- Vaak melden mensen zich aan voor diensten zonder na te denken. Misschien is het een streamingdienst zodat je die nieuwe show kunt bekijken waar iedereen het over heeft, of een account waarmee je korting krijgt op uw favoriete fastfood zaak. Wat het geval ook is, je moet nu en later rekening houden met de implicaties voor jouw gegevens. @@ -78,5 +79,3 @@ In veel gevallen moet je een nummer opgeven waarvan je smsjes of telefoontjes ku ### Gebruikersnaam en wachtwoord Bij sommige diensten kunt je je zonder e-mailadres registreren en hoeft je alleen een gebruikersnaam en wachtwoord in te stellen. Deze diensten kunnen meer anonimiteit bieden in combinatie met een VPN of Tor. Houd er rekening mee dat er voor deze accounts hoogstwaarschijnlijk **geen manier is om jouw account** te herstellen als je jouw gebruikersnaam of wachtwoord vergeet. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/account-deletion.md b/i18n/nl/basics/account-deletion.md index 762100c96..966cbc7ed 100644 --- a/i18n/nl/basics/account-deletion.md +++ b/i18n/nl/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account verwijderen" icon: 'material/account-remove' +description: Het is gemakkelijk om een groot aantal internetaccounts op te bouwen, hier zijn enkele tips over hoe je jouw verzameling kunt snoeien. --- Na verloop van tijd kan het gemakkelijk zijn om een aantal online accounts te verzamelen, waarvan je er vele misschien niet meer gebruikt. Het verwijderen van deze ongebruikte accounts is een belangrijke stap in het terugwinnen van jouw privacy, aangezien slapende accounts kwetsbaar zijn voor gegevensinbreuken. Van een datalek is sprake wanneer de beveiliging van een dienst wordt gecompromitteerd en beschermde informatie door onbevoegden wordt ingezien, doorgegeven of gestolen. Inbreuken op gegevens zijn tegenwoordig helaas al [te gewoon](https://haveibeenpwned.com/PwnedWebsites), en dus is een goede digitale hygiëne de beste manier om de impact ervan op jouw leven te minimaliseren. Het doel van deze gids is je door het vervelende proces van accountverwijdering te loodsen, vaak bemoeilijkt door [bedrieglijk ontwerp](https://www.deceptive.design/), ten voordele van uw online aanwezigheid. @@ -59,5 +60,3 @@ Zelfs wanneer je een account kunt verwijderen, is er geen garantie dat al jouw i ## Vermijd nieuwe accounts Zoals het oude gezegde luidt: "Voorkomen is beter dan genezen." Telkens wanneer je in de verleiding komt om een nieuwe account aan te maken, vraag jezelf dan af: "Heb ik dit echt nodig? Kan ik doen wat ik moet doen zonder een account?" Het kan vaak veel moeilijker zijn om een account te verwijderen dan om er een aan te maken. En zelfs na het verwijderen of wijzigen van de info op jouw account, kan er een cache-versie van een derde partij zijn, zoals het [Internet Archive](https://archive.org/). Vermijd de verleiding als je kunt. Je toekomstige ik zal je dankbaar zijn! - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/common-misconceptions.md b/i18n/nl/basics/common-misconceptions.md index 5f7df183d..c44a413f5 100644 --- a/i18n/nl/basics/common-misconceptions.md +++ b/i18n/nl/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Veel voorkomende misvattingen" icon: 'material/robot-confused' +description: Privacy is geen eenvoudig onderwerp, en men raakt gemakkelijk verstrikt in marketingclaims en andere desinformatie. --- ## "Open source software is altijd veilig" of "Private software is veiliger" @@ -56,6 +57,4 @@ Een van de duidelijkste dreigingsmodellen is een model waarbij mensen *weten wie Het gebruik van Tor kan hierbij helpen. Ook moet worden opgemerkt dat een grotere anonimiteit mogelijk is door asynchrone communicatie: Real-time communicatie is kwetsbaar voor analyse van typpatronen (d.w.z. meer dan een alinea tekst, verspreid op een forum, via e-mail, enz.) ---8<-- "includes/abbreviations.nl.txt" - [^1]: Een opmerkelijk voorbeeld hiervan is het incident van [2021, waarbij onderzoekers van de Universiteit van Minnesota drie kwetsbaarheden in het Linux-kernelontwikkelingsproject](https://cse.umn.edu/cs/linux-incident)introduceerden. diff --git a/i18n/nl/basics/common-threats.md b/i18n/nl/basics/common-threats.md index 2c25b3b59..06a90e653 100644 --- a/i18n/nl/basics/common-threats.md +++ b/i18n/nl/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Veel voorkomende bedreigingen" icon: 'material/eye-outline' +description: Jouw dreigingsmodel is persoonlijk voor je, maar dit zijn enkele van de dingen die veel bezoekers van deze site belangrijk vinden. --- In grote lijnen delen wij onze aanbevelingen in in deze algemene categorieën van [bedreigingen](threat-modeling.md) of doelstellingen die voor de meeste mensen gelden. ==U kunt zich bezighouden met geen, een, enkele, of al deze mogelijkheden==, en de instrumenten en diensten die je gebruikt hangen af van wat jouw doelstellingen zijn. Misschien heb je ook specifieke bedreigingen buiten deze categorieën, en dat is prima! Het belangrijkste is dat je inzicht krijgt in de voordelen en tekortkomingen van de middelen die je gebruikt, want vrijwel geen enkel middel beschermt je tegen elke denkbare bedreiging. @@ -140,8 +141,6 @@ Mensen die bezorgd zijn over de dreiging van censuur kunnen technologieën als [ Je moet altijd rekening houden met de risico 's van het proberen om censuur te omzeilen, de mogelijke gevolgen en hoe geavanceerd je tegenstander kan zijn. Je moet voorzichtig zijn met jouw software selectie, en een back-up plan hebben voor het geval je betrapt wordt. ---8<-- "includes/abbreviations.nl.txt" - [^1]: United States Privacy and Civil Liberties Oversight Board: [Rapport over het telefoongegevens programma, uitgevoerd onder Section 215](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^2]: Wikipedia: [Surveillance kapitalisme](https://en.wikipedia.org/wiki/Surveillance_capitalism) [^3]: Wikipedia: [*Surveillancekapitalisme*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/nl/basics/email-security.md b/i18n/nl/basics/email-security.md index 29e5c907e..7fbeabe3d 100644 --- a/i18n/nl/basics/email-security.md +++ b/i18n/nl/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email beveiliging icon: material/email +description: E-mail is op vele manieren inherent onveilig, en dit zijn enkele van de redenen waarom het niet onze eerste keuze is voor veilige communicatie. --- E-mail is standaard een onveilige vorm van communicatie. Je kunt je e-mailbeveiliging verbeteren met tools als OpenPGP, die end-to-end encryptie toevoegen aan je berichten, maar OpenPGP heeft nog steeds een aantal nadelen in vergelijking met encryptie in andere berichtentoepassingen, en sommige e-mailgegevens kunnen nooit inherent worden versleuteld als gevolg van de manier waarop e-mail is ontworpen. @@ -38,5 +39,3 @@ E-mail metadata wordt beschermd tegen externe waarnemers met [Opportunistic TLS] ### Waarom kan metadata niet E2EE zijn? E-mail metadata is van cruciaal belang voor de meest elementaire functionaliteit van e-mail (waar het vandaan komt, en waar het naartoe moet). E2EE was oorspronkelijk niet in de e-mailprotocollen ingebouwd; in plaats daarvan was extra software zoals OpenPGP nodig. Omdat OpenPGP-berichten nog steeds met traditionele e-mailproviders moeten werken, kan het niet de metagegevens van e-mail versleutelen, alleen de inhoud van het bericht zelf. Dat betekent dat zelfs wanneer OpenPGP wordt gebruikt, externe waarnemers veel informatie over jouw berichten kunnen zien, zoals wie je e-mailt, de onderwerpregels, wanneer je e-mailt, enz. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/multi-factor-authentication.md b/i18n/nl/basics/multi-factor-authentication.md index 98000e063..2795891a5 100644 --- a/i18n/nl/basics/multi-factor-authentication.md +++ b/i18n/nl/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multifactor-authenticatie" icon: 'material/two-factor-authentication' +description: MFA is een cruciaal beveiligingsmechanisme voor de beveiliging van jouw online accounts, maar sommige methoden zijn sterker dan andere. --- **Multifactorauthenticatie** is een beveiligingsmechanisme dat extra stappen vereist naast het invoeren van jouw gebruikersnaam (of e-mail) en wachtwoord. De meest gebruikelijke methode zijn codes met tijdsbeperking die je via sms of een app kunt ontvangen. @@ -206,5 +207,3 @@ SSH MFA kan ook worden ingesteld met TOTP. DigitalOcean heeft een tutorial besch ### KeePass (en KeePassXC) KeePass en KeePassXC databases kunnen worden beveiligd met Challenge-Response of HOTP als een tweede-factor authenticatie. Yubico heeft een document beschikbaar gesteld voor KeePass [Uw YubiKey gebruiken met KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) en er is er ook een op de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/passwords-overview.md b/i18n/nl/basics/passwords-overview.md index 4b98cf020..4665cbbe1 100644 --- a/i18n/nl/basics/passwords-overview.md +++ b/i18n/nl/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Inleiding tot wachtwoorden" icon: 'material/form-textbox-password' +description: Dit zijn enkele tips en trucs om de sterkste wachtwoorden te maken en jouw accounts veilig te houden. --- Wachtwoorden zijn een essentieel onderdeel van ons dagelijkse digitale leven. We gebruiken ze om onze accounts, onze apparaten en onze geheimen te beschermen. Hoewel ze vaak het enige zijn tussen ons en een tegenstander die uit is op onze privégegevens, wordt er niet veel aandacht aan besteed, wat er vaak toe leidt dat mensen wachtwoorden gebruiken die gemakkelijk geraden of gebruteforcet kunnen worden. @@ -108,5 +109,3 @@ Er zijn veel goede opties om uit te kiezen, zowel cloud-gebaseerd als lokaal. Ki ### Back-ups Je moet een [gecodeerde](../encryption.md) back-up van jouw wachtwoorden opslaan op meerdere opslagapparaten of een cloud-opslagprovider. Dit kan nuttig zijn als er iets gebeurt met jouw toestel of de dienst die je gebruikt. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/threat-modeling.md b/i18n/nl/basics/threat-modeling.md index b4af4912d..a010348c0 100644 --- a/i18n/nl/basics/threat-modeling.md +++ b/i18n/nl/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Bedreiging Modellering" icon: 'material/target-account' +description: Een evenwicht vinden tussen veiligheid, privacy en gebruiksvriendelijkheid is een van de eerste en moeilijkste taken die je op jouw privacyreis tegenkomt. --- Een evenwicht vinden tussen veiligheid, privacy en gebruiksvriendelijkheid is een van de eerste en moeilijkste taken die je op jouw privacyreis tegenkomt. Alles is een afweging: hoe veiliger iets is, hoe beperkter of onhandiger het over het algemeen is, enzovoort. Vaak vinden mensen het probleem met de hulpmiddelen die ze aanbevolen zien, dat ze gewoon te moeilijk zijn om te beginnen gebruiken! @@ -107,5 +108,3 @@ Voor mensen die hun privacy en veiligheid online willen vergroten, hebben we een ## Bronnen - [EFF Surveillance Zelfverdediging: Jouw Beveiligingsplan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/vpn-overview.md b/i18n/nl/basics/vpn-overview.md index 9d0ff3b5f..baa7229f9 100644 --- a/i18n/nl/basics/vpn-overview.md +++ b/i18n/nl/basics/vpn-overview.md @@ -1,6 +1,7 @@ --- title: VPN-overzicht icon: material/vpn +description: Virtual Private Networks verleggen het risico van jouw ISP naar een derde partij die je vertrouwt. Je moet deze dingen in gedachten houden. --- Virtual Private Networks zijn een manier om het einde van jouw netwerk uit te breiden tot een uitgang ergens anders in de wereld. Een ISP kan de stroom van internetverkeer zien dat jouw netwerkaansluitapparaat (d.w.z. modem) binnenkomt en verlaat. @@ -74,5 +75,3 @@ Voor dit soort situaties, of als je een andere dwingende reden hebt, zijn de VPN - [Gratis VPN-app onderzoek](https://www.top10vpn.com/free-vpn-app-investigation/) - [Verborgen VPN-eigenaars onthuld: 101 VPN-producten van slechts 23 bedrijven](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [Dit Chinese bedrijf zit in het geheim achter 24 populaire apps die gevaarlijke toestemmingen zoeken](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/calendar.md b/i18n/nl/calendar.md index f59a03c42..e060fe733 100644 --- a/i18n/nl/calendar.md +++ b/i18n/nl/calendar.md @@ -1,6 +1,7 @@ --- title: "Kalendersynchronisatie" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Kalenders en contactpersonen bevatten enkele van jouw gevoeligste gegevens; gebruik producten die E2EE in rust implementeren om te voorkomen dat een provider ze kan lezen. @@ -67,5 +68,3 @@ Kalenders en contactpersonen bevatten enkele van jouw gevoeligste gegevens; gebr Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte project in deze categorie. Het is mogelijk dat onze aanbevelingen geen of niet alle functies bevatten, maar degene die dat wel doen kunnen hoger gerangschikt worden dan andere op deze pagina. - Moet integreren met native OS agenda en contact management apps indien van toepassing. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/cloud.md b/i18n/nl/cloud.md index bdc0b66ad..6d1777793 100644 --- a/i18n/nl/cloud.md +++ b/i18n/nl/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud opslag" icon: material/file-cloud +description: Veel aanbieders van cloud-opslag eisen jouw volledige vertrouwen dat zij niet in jouw bestanden zullen kijken. Dit zijn de privé alternatieven! --- Veel aanbieders van cloud-opslag eisen uw volledige vertrouwen dat zij niet in uw bestanden zullen kijken. De onderstaande alternatieven nemen de behoefte aan vertrouwen weg door u de controle over uw gegevens te geven of door E2EE te implementeren. @@ -29,7 +30,6 @@ Als deze alternatieven niet aan uw behoeften voldoen, raden wij u aan te kijken - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -De mobiele clients van Proton Drive werden in december 2022 uitgebracht en zijn nog niet open-source. Proton heeft in het verleden zijn broncode releases uitgesteld tot na de eerste product releases, en [is van plan om](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) de broncode vrij te geven tegen eind 2023. Proton Drive desktop clients zijn nog in ontwikkeling. ## Criteria @@ -58,5 +58,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Deze clients moeten integreren met native OS tools voor cloud storage providers, zoals Files app integratie op iOS, of DocumentsProvider functionaliteit op Android. - Moet het gemakkelijk delen van bestanden met andere gebruikers ondersteunen. - Moet ten minste een basisfunctionaliteit voor het bekijken en bewerken van bestanden op de webinterface bieden. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/cryptocurrency.md b/i18n/nl/cryptocurrency.md new file mode 100644 index 000000000..8f5b958f3 --- /dev/null +++ b/i18n/nl/cryptocurrency.md @@ -0,0 +1,58 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Online betalen is een van de grootste uitdagingen voor privacy. Deze cryptocurrencies bieden standaard transactieprivacy (iets wat door de meeste cryptocurrencies **niet** wordt gegarandeerd), mits je goed begrijpt hoe je private betalingen effectief kunt uitvoeren. Wij raden je sterk aan eerst ons overzichtsartikel over betalingen te lezen voordat je aankopen doet: + +[Privébetalingen maken :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger "Gevaar" + + Veel zo niet de meeste cryptocurrency projecten zijn zwendel. Voer transacties zorgvuldig uit met alleen projecten die je vertrouwt. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** gebruikt een blockchain met privacyverbeterende technologieën die transacties versluieren om anonimiteit te bereiken. Elke Monero-transactie verbergt het transactiebedrag, het verzenden en ontvangen van adressen en de bron van fondsen zonder hoepels om doorheen te springen, waardoor het een ideale keuze is voor beginners met cryptocurrency. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +Met Monero kunnen externe waarnemers geen adressen ontcijferen die handelen in Monero, transactiebedragen, adresbalansen of transactiegeschiedenissen. + +Voor optimale privacy, zorg ervoor dat je een noncustodial wallet gebruikt waar de view key op het apparaat blijft. Dit betekent dat alleen jij je geld kunt uitgeven en de inkomende en uitgaande transacties kunt zien. Als je een custodial wallet gebruikt, kan de provider **alles zien wat** je doet; als je een "lichtgewicht" wallet gebruikt waarbij de provider jouw privé view key bewaard, kan de provider bijna alles zien wat u doet. Sommige niet-custodiale wallets omvatten: + +- [Officiële Monero-client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet ondersteunt meerdere cryptocurrencies. Een Monero-only versie van Cake Wallet is beschikbaar op [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +Voor maximale privacy (zelfs met een niet-custodiale wallet) moet je jouw eigen Monero-knooppunt beheren. Als je een knooppunt van een ander gebruikt, krijgt hij enige informatie, zoals het IP-adres van waaruit je verbinding maakt, de tijdstempels waarmee je jouw portemonnee synchroniseert, en de transacties die je vanuit jouw portemonnee verstuurt (maar geen andere details over die transacties). Als alternatief kun je via Tor of i2p verbinding maken met het Monero-knooppunt van iemand anders. + +In augustus 2021 kondigde CipherTrace [](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) verbeterde Monero-tracing-mogelijkheden aan voor overheidsinstanties. Uit openbare berichten blijkt dat het Financial Crimes Enforcement Network van het Amerikaanse ministerie van Financiën [eind 2022 een licentie heeft verleend aan](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module". + +De privacy van de Monero-transactiegrafiek wordt beperkt door de relatief kleine ringhandtekeningen, vooral tegen gerichte aanvallen. De privacyfuncties van Monero zijn ook + +in twijfel getrokken door sommige beveiligingsonderzoekers, en in het verleden zijn een aantal ernstige kwetsbaarheden gevonden en gepatcht, dus de beweringen van organisaties als CipherTrace zijn niet uitgesloten. Hoewel het onwaarschijnlijk is dat er voor Monero massa surveillance instrumenten bestaan zoals voor Bitcoin en andere, is het zeker dat opsporingstools helpen bij gerichte onderzoeken.

+ +Uiteindelijk is Monero de sterkste mededinger voor een privacyvriendelijke cryptocurrency, maar zijn privacyclaims zijn **niet** definitief bewezen. Er is meer tijd en onderzoek nodig om te beoordelen of Monero weerbaar genoeg is tegen aanvallen om altijd voldoende privacy te bieden. + + + +## Criteria + +**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je zich vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat het de juiste keuze voor je is. + +!!! example "Deze sectie is nieuw" + + We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering. + + +- Cryptocurrency moet standaard private/ontraceerbare transacties bieden. diff --git a/i18n/nl/data-redaction.md b/i18n/nl/data-redaction.md index 8ba8764f1..803621e98 100644 --- a/i18n/nl/data-redaction.md +++ b/i18n/nl/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Redactie van gegevens en metagegevens" icon: material/tag-remove +description: Gebruik deze hulpmiddelen om metadata zoals GPS-locatie en andere identificerende informatie te verwijderen uit foto's en bestanden die je deelt. --- Wanneer je bestanden deelt, is het belangrijk om de bijbehorende metadata te verwijderen. Beeldbestanden bevatten gewoonlijk [Exif](https://en.wikipedia.org/wiki/Exif) gegevens. Foto's bevatten soms zelfs GPS-coördinaten in de metagegevens van het bestand. @@ -142,5 +143,3 @@ De app biedt meerdere manieren om metadata uit afbeeldingen te wissen. Namelijk: - Apps ontwikkeld voor open-source besturingssystemen moeten open-source zijn. - Apps moeten gratis zijn en mogen geen advertenties of andere beperkingen bevatten. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/desktop-browsers.md b/i18n/nl/desktop-browsers.md index 22534cb12..b807d7d4c 100644 --- a/i18n/nl/desktop-browsers.md +++ b/i18n/nl/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox en Brave zijn onze aanbevelingen voor standaard/niet-anoniem browsen. --- Dit zijn momenteel onze aanbevolen mobiele webbrowsers en configuraties. In het algemeen raden we aan om extensies tot een minimum te beperken: ze hebben geprivilegieerde toegang binnen jouw browser, vereisen dat je de ontwikkelaar vertrouwt, kunnen je [doen opvallen](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), en [verzwakken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-Uchnm34/m/lDaXwQhzBAAJ) site-isolatie. In het algemeen raden wij aan jouw browserextensies tot een minimum te beperken; ze hebben bevoorrechte toegang binnen jouw browser, vereisen dat je de ontwikkelaar vertrouwt, kunnen je [doen opvallen](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), en [verzwakt](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) de site-isolatie. @@ -259,6 +260,4 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Mag geen ingebouwde browser- of OS-functionaliteit repliceren. - Moet rechtstreeks van invloed zijn op de privacy van de gebruiker, d.w.z. mag niet gewoon informatie verstrekken. ---8<-- "includes/abbreviations.nl.txt" - [^1]: De implementatie van Brave wordt gedetailleerd beschreven op [Brave Privacy Updates: Partitionering van netwerkstatus voor privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/nl/desktop.md b/i18n/nl/desktop.md index da2155037..00baa502e 100644 --- a/i18n/nl/desktop.md +++ b/i18n/nl/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux-distributies worden algemeen aanbevolen voor privacybescherming en softwarevrijheid. --- Linux-distributies worden algemeen aanbevolen voor privacybescherming en softwarevrijheid. Als je nog geen Linux gebruikt, zijn hieronder enkele distributies die we aanraden om uit te proberen, evenals enkele algemene tips om je privacy en veiligheid te verbeteren die op veel Linux-distributies van toepassing zijn. @@ -178,5 +179,3 @@ Onze aanbevolen besturingssystemen: - Moet tijdens de installatie volledige schijfversleuteling ondersteunen. - Mag regelmatige releases niet langer dan 1 jaar bevriezen. Wij [raden](os/linux-overview.md#release-cycle) "Long Term Support" of "stabiele" distro-uitgaven niet aan voor desktopgebruik. - Moet een grote verscheidenheid aan hardware ondersteunen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/dns.md b/i18n/nl/dns.md index 332947b8d..7a7392076 100644 --- a/i18n/nl/dns.md +++ b/i18n/nl/dns.md @@ -1,13 +1,12 @@ --- title: "DNS-resolvers" icon: material/dns +description: Dit zijn enkele versleutelde DNS-providers die wij aanbevelen, ter vervanging van de standaardconfiguratie van jouw ISP. --- -!!! question "Moet ik versleutelde DNS gebruiken?" +Versleutelde DNS met servers van derden zou alleen moeten worden gebruikt om simpele [DNS-blokkering](https://en.wikipedia.org/wiki/DNS_blocking) te omzeilen en als je er zeker van bent dat er geen gevolgen zullen zijn. Versleutelde DNS zal je niet helpen jouw surfactiviteiten te verbergen. - Versleutelde DNS met servers van derden zou alleen moeten worden gebruikt om simpele [DNS-blokkering](https://en.wikipedia.org/wiki/DNS_blocking) te omzeilen als u er zeker van kunt zijn dat er geen gevolgen zullen zijn. Versleutelde DNS zal je niet helpen jouw surfactiviteiten te verbergen. - - [Leer meer over DNS](advanced/dns-overview.md){ .md-button } +[Meer informatie over DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Aanbevolen Providers @@ -132,8 +131,6 @@ Een zelf gehoste DNS-oplossing is handig voor het bieden van filtering op gecont [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Broncode" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Bijdrage leveren } ---8<-- "includes/abbreviations.nl.txt" - [^1]: AdGuard slaat geaggregeerde prestatiecijfers van hun DNS-servers op, namelijk het aantal volledige verzoeken aan een bepaalde server, het aantal geblokkeerde verzoeken, en de snelheid waarmee verzoeken worden verwerkt. Zij houden ook de database bij van domeinen die in de laatste 24 uur zijn aangevraagd. "We hebben deze informatie nodig om nieuwe trackers en bedreigingen te identificeren en te blokkeren." "We houden ook bij hoe vaak deze of gene tracker geblokkeerd is. We hebben deze informatie nodig om verouderde regels uit onze filters te verwijderen." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare verzamelt en bewaart alleen de beperkte DNS-querygegevens die naar de 1.1.1.1 resolver worden gestuurd. De 1.1.1.1 resolver dienst logt geen persoonsgegevens, en het grootste deel van de beperkte niet-persoonlijk identificeerbare query-gegevens wordt slechts 25 uur bewaard. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D logt alleen voor Premium resolvers met aangepaste DNS-profielen. Gratis resolvers loggen geen gegevens. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/nl/email-clients.md b/i18n/nl/email-clients.md index 5ba3959f4..c273aae56 100644 --- a/i18n/nl/email-clients.md +++ b/i18n/nl/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email clients" icon: material/email-open +description: Deze e-mailclients respecteren de privacy en ondersteunen OpenPGP e-mail versleuteling. --- Onze aanbevelingslijst bevat e-mailcliënten die zowel [OpenPGP](encryption.md#openpgp) als sterke authenticatie ondersteunen, zoals [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). Met OAuth kunt u [Multi-Factor Authentication](basics/multi-factor-authentication.md) gebruiken en accountdiefstal voorkomen. @@ -235,5 +236,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Verzamelt standaard geen telemetrie. - Moet OpenPGP native ondersteunen, dat wil zeggen zonder extensies. - Moet ondersteuning bieden voor het lokaal opslaan van OpenPGP-versleutelde e-mails. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/email.md b/i18n/nl/email.md index be78812f5..6104e5935 100644 --- a/i18n/nl/email.md +++ b/i18n/nl/email.md @@ -1,6 +1,7 @@ --- title: "Email Diensten" icon: material/email +description: Deze e-mailproviders bieden een uitstekende plaats om jouw e-mails veilig op te slaan, en vele bieden interoperabele OpenPGP versleuteling met andere providers. --- E-mail is bijna een noodzaak voor het gebruik van elke online dienst, maar wij raden het niet aan voor gesprekken van persoon tot persoon. In plaats van e-mail te gebruiken om andere mensen te contacteren, kunt u overwegen een instant messaging medium te gebruiken dat forward secrecy ondersteunt. @@ -9,15 +10,27 @@ E-mail is bijna een noodzaak voor het gebruik van elke online dienst, maar wij r Voor al het andere raden wij verschillende e-mailproviders aan op basis van duurzame bedrijfsmodellen en ingebouwde beveiligings- en privacyfuncties. +- [OpenPGP-compatibele e-mailproviders :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Andere versleutelde aanbieders :material-arrow-right-drop-circle:](#more-providers) +- [E-mail Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Zelf-gehoste opties :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP compatibele diensten -Deze providers ondersteunen native OpenPGP-encryptie/decryptie, waardoor provider-agnostische E2EE-e-mails mogelijk zijn. Een Proton Mail-gebruiker zou bijvoorbeeld een E2EE-bericht kunnen sturen naar een Mailbox.org-gebruiker, of je zou OpenPGP-versleutelde meldingen kunnen ontvangen van internetdiensten die dit ondersteunen. +Deze providers ondersteunen standaard OpenPGP-encryptie/decryptie en het Web Key Directory (WKD) -standaard, waardoor provider-agnostische E2EE-e-mails mogelijk zijn. Een Proton Mail-gebruiker zou bijvoorbeeld een E2EE-bericht kunnen sturen naar een Mailbox.org-gebruiker, of je zou OpenPGP-versleutelde meldingen kunnen ontvangen van internetdiensten die dit ondersteunen. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning "Waarschuwing" Wanneer gebruik wordt gemaakt van E2EE-technologie zoals OpenPGP, zullen e-mailberichten nog steeds metagegevens bevatten die niet zijn versleuteld in de header van het e-mailbericht. Lees meer over [e-mail metadata](basics/email-security.md#email-metadata-overview). - OpenPGP ondersteunt ook geen Forward secrecy, wat betekent dat als uw of de geadresseerde's privésleutel ooit wordt gestolen, alle eerdere berichten die ermee zijn versleuteld, openbaar worden. [Hoe bescherm ik mijn privésleutels?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP ondersteunt ook geen forward secrecy, wat betekent dat als uw of de geadresseerde's privésleutel ooit wordt gestolen, alle eerdere berichten die ermee zijn versleuteld, openbaar worden. [Hoe bescherm ik mijn privésleutels?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail @@ -49,41 +62,41 @@ Als je Proton Unlimited, Business of Visionary hebt, krijg je ook [SimpleLogin]( Proton Mail heeft interne crash rapporten die ze **niet** delen met derden. Dit kan worden uitgeschakeld in: **Instellingen** > **Ga naar Instellingen** > **Account** > **Beveiliging en privacy** > **Crashmeldingen versturen**. -??? success "Aangepaste domeinen en aliassen" +#### :material-check:{ .pg-green } Aangepaste domeinen en aliassen - Betalende Proton Mail-abonnees kunnen hun eigen domein bij de dienst gebruiken of een [catch-all](https://proton.me/support/catch-all) adres. Proton Mail ondersteunt ook [subaddressing](https://proton.me/support/creating-aliases), wat handig is voor mensen die geen domein willen kopen. +Betaalde Proton Mail abonnees kunnen hun eigen domein met de dienst gebruiken of een [catch-all](https://proton.me/support/catch-all) adres. Proton Mail ondersteunt ook [subadressering](https://proton.me/support/creating-aliases), wat handig is voor mensen die geen domein willen kopen. -??? success "Privé betaalmethoden" +#### :material-check:{ .pg-green } Privé betaalmethodes - Proton Mail [accepteerd](https://proton.me/support/payment-options) Bitcoin en contant geld per post naast de standaard credit/debetkaart en PayPal-betalingen. +Proton Mail [accepteert](https://proton.me/support/payment-options) contant geld per post, naast standaard creditcard/debetkaart, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), en PayPal-betalingen. -??? success "Account beveiliging" +#### :material-check:{ .pg-green } Accountbeveiliging - Proton Mail ondersteunt alleen TOTP [tweefactorauthenticatie](https://proton.me/support/two-factor-authentication-2fa). Het gebruik van een U2F beveiligingssleutel wordt nog niet ondersteund. Proton Mail is van plan U2F te implementeren na voltooiing van hun [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail ondersteunt alleen TOTP [twee factor authenticatie](https://proton.me/support/two-factor-authentication-2fa). Het gebruik van een U2F beveiligingssleutel wordt nog niet ondersteund. Proton Mail is van plan U2F te implementeren na voltooiing van hun \[Single Sign On (SSO)\](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Gegevens beveiliging" +#### :material-check:{ .pg-green } Gegevensbeveiliging - Proton Mail heeft [zero-access encryption](https://proton.me/blog/zero-access-encryption) in rust voor jouw e-mails en [calendars](https://proton.me/news/protoncalendar-security-model). Gegevens die zijn beveiligd met zero-access encryptie zijn alleen voor jouw toegankelijk. - - Bepaalde in [Proton Contacts](https://proton.me/support/proton-contacts) opgeslagen informatie, zoals namen en e-mailadressen, zijn niet beveiligd met zero access encryptie. Contact velden die zero-access encryptie ondersteunen, zoals telefoonnummers, worden aangegeven met een hangslot pictogram. +Proton Mail heeft [zero-access encryptie](https://proton.me/blog/zero-access-encryption) in rust voor jouw e-mails en [agenda's](https://proton.me/news/protoncalendar-security-model). Gegevens die zijn beveiligd met zero-access encryptie zijn alleen voor jouw toegankelijk. -??? success "Email Encryptiie" +Bepaalde in \[Proton Contacts\](https://proton.me/support/proton-contacts) opgeslagen informatie, zoals namen en e-mailadressen, zijn niet beveiligd met zero access encryptie. Contact velden die zero-access encryptie ondersteunen, zoals telefoonnummers, worden aangegeven met een hangslot pictogram. - Proton Mail heeft [geïntegreerde OpenPGP-encryptie](https://proton.me/support/how-to-use-pgp) in hun webmail. E-mails naar andere Proton Mail-accounts worden automatisch versleuteld, en versleuteling naar niet-Proton Mail-adressen met een OpenPGP-sleutel kan eenvoudig worden ingeschakeld in jouw accountinstellingen. Zij laten u ook toe [berichten te coderen naar niet-Proton Mail adressen](https://proton.me/support/password-protected-emails) zonder dat zij zich moeten aanmelden voor een Proton Mail account of software zoals OpenPGP moeten gebruiken. - - Proton Mail ondersteunt ook de ontdekking van openbare sleutels via HTTP vanuit hun [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hierdoor kunnen mensen die geen Proton Mail gebruiken de OpenPGP sleutels van Proton Mail accounts gemakkelijk vinden, voor cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryptie -??? warning "Digitale erfgoed" +Proton Mail heeft [OpenPGP encryptie](https://proton.me/support/how-to-use-pgp) geïntegreerd in hun webmail. E-mails naar andere Proton Mail-accounts worden automatisch versleuteld, en versleuteling naar niet-Proton Mail-adressen met een OpenPGP-sleutel kan eenvoudig worden ingeschakeld in jouw accountinstellingen. U kunt hiermee ook [berichten versleutelen naar niet-Proton Mail adressen](https://proton.me/support/password-protected-emails) zonder dat zij zich hoeven aan te melden voor een Proton Mail account of software zoals OpenPGP hoeven te gebruiken. - Proton Mail biedt geen digitale erfenisfunctie. +Proton Mail ondersteunt ook de ontdekking van openbare sleutels via HTTP van hun [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hierdoor kunnen mensen die geen Proton Mail gebruiken de OpenPGP sleutels van Proton Mail accounts gemakkelijk vinden, voor cross-provider E2EE. -??? info "Account beëindiging" +#### :material-alert-outline:{ .pg-orange } Digitale erfenis - Als je een betaalde account hebt en je [rekening is onbetaald](https://proton.me/support/delinquency) na 14 dagen, krijg je geen toegang tot je gegevens. Na 30 dagen wordt uw account delinquent en ontvangt u geen inkomende e-mail. Tijdens deze periode wordt u nog steeds gefactureerd. +Proton Mail biedt geen digitale erfenisfunctie. -??? info "Aanvullende Functionaliteit" +#### :material-information-outline:{ .pg-blue } Beëindiging van account - Proton Mail biedt een "Unlimited" account voor €9,99/maand, die ook toegang geeft tot Proton VPN, naast meerdere accounts, domeinen, aliassen en 500GB opslagruimte. +Als je een betaalde account hebt en je \[rekening is onbetaald\](https://proton.me/support/delinquency) na 14 dagen, krijg je geen toegang tot je gegevens. Na 30 dagen wordt uw account delinquent en ontvangt u geen inkomende e-mail. Tijdens deze periode wordt u nog steeds gefactureerd. + +#### :material-information-outline:{ .pg-blue } Extra functionaliteit + +Proton Mail biedt een "Unlimited" account voor €9,99/maand, die ook toegang geeft tot Proton VPN, naast meerdere accounts, domeinen, aliassen en 500GB opslagruimte. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail heeft interne crash rapporten die ze **niet** delen met derden. Dit - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Aangepaste domeinen en aliassen" +#### :material-check:{ .pg-green } Aangepaste domeinen en aliassen - Mailbox.org staat je toe jouw eigen domein te gebruiken, en zij ondersteunen [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) adressen. Mailbox.org ondersteunt ook [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), wat handig is als je geen domein wilt kopen. +Mailbox.org laat je je eigen domein gebruiken en ze ondersteunen [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) adressen. Mailbox.org ondersteunt ook [subadressering](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), wat handig is als je geen domein wilt kopen. -??? info "Privé betaalmethoden" +#### :material-check:{ .pg-green } Privé betaalmethodes - Mailbox.org accepteert geen Bitcoin of andere cryptocurrencies als gevolg van het feit dat hun betalingsverwerker BitPay zijn activiteiten in Duitsland heeft opgeschort. Zij aanvaarden echter wel Contant geld per post, contante betaling op bankrekening, bankoverschrijving, kredietkaart, PayPal en een paar Duits-specifieke verwerkers: paydirekt en Sofortüberweisung. +Mailbox.org accepteert geen Bitcoin of andere cryptocurrencies als gevolg van het feit dat hun betalingsverwerker BitPay zijn activiteiten in Duitsland heeft opgeschort. Zij aanvaarden echter wel Contant geld per post, contante betaling op bankrekening, bankoverschrijving, kredietkaart, PayPal en een paar Duits-specifieke verwerkers: paydirekt en Sofortüberweisung. -??? success "Account beveiliging" +#### :material-check:{ .pg-green } Accountbeveiliging - Mailbox.org ondersteunt [tweefactorauthenticatie](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) alleen voor hun webmail. U kunt zowel TOTP als een [Yubikey](https://en.wikipedia.org/wiki/YubiKey) gebruiken via de [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Webstandaarden zoals [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) worden nog niet ondersteund. +Mailbox.org ondersteunt [twee-factor authenticatie](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) alleen voor hun webmail. Je kunt TOTP of een [Yubikey](https://en.wikipedia.org/wiki/YubiKey) gebruiken via de [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Webstandaarden zoals [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) worden nog niet ondersteund. -??? info "Gegevens beveiliging" +#### :material-information-outline:{ .pg-blue } Gegevensbeveiliging - Mailbox.org maakt versleuteling van inkomende mail mogelijk door gebruik te maken van hun [versleutelde mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Nieuwe berichten die je ontvangt, worden dan onmiddellijk versleuteld met jouw openbare sleutel. - - [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), het softwareplatform dat door Mailbox.org wordt gebruikt, [ondersteunt echter niet](https://kb.mailbox.org/display/BMBOKBEN/Encryption+van+kalender+en+adres+boek) de encryptie van jouw adresboek en agenda. Een [standalone optie](calendar.md) is misschien meer geschikt voor die informatie. +Mailbox.org maakt encryptie van inkomende mail mogelijk met behulp van hun [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Nieuwe berichten die je ontvangt, worden dan onmiddellijk versleuteld met jouw openbare sleutel. -??? success "Email Encryptiie" +Echter, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), het softwareplatform dat wordt gebruikt door Mailbox.org, [ondersteunt niet](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) de versleuteling van jouw adresboek en agenda. Een [zelfstandige optie](calendar.md) kan geschikter zijn voor die informatie. - Mailbox.org heeft [geïntegreerde encryptie](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in hun webmail, wat het verzenden van berichten naar mensen met openbare OpenPGP-sleutels vereenvoudigt. Zij staan ook [ontvangers op afstand toe een e-mail te ontsleutelen](https://kb.mailbox.org/display/MBOKBEN/My+ontvanger+gebruikt+geen+PGP) op de servers van Mailbox.org. Deze functie is nuttig wanneer de ontvanger op afstand geen OpenPGP heeft en geen kopie van de e-mail in zijn eigen mailbox kan ontsleutelen. - - Mailbox.org ondersteunt ook de ontdekking van openbare sleutels via HTTP vanuit hun [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hierdoor kunnen mensen buiten Mailbox.org gemakkelijk de OpenPGP sleutels van Mailbox.org accounts vinden, voor cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryptie -??? success "Digitale erfgoed" +Mailbox.org heeft [geïntegreerde encryptie](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in hun webmail, wat het verzenden van berichten naar mensen met openbare OpenPGP-sleutels vereenvoudigt. Ze staan ook [externe ontvangers toe om een e-mail](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) op de servers van Mailbox.org te ontsleutelen. Deze functie is nuttig wanneer de ontvanger op afstand geen OpenPGP heeft en geen kopie van de e-mail in zijn eigen mailbox kan ontsleutelen. - Mailbox.org heeft een digitale erfenis voor alle plannen. Je kunt kiezen of je wilt dat jouw gegevens worden doorgegeven aan jouw erfgenamen, mits zij een aanvraag indienen en jouw testament overleggen. Je kunt ook een persoon nomineren met naam en adres. +Mailbox.org ondersteunt ook de ontdekking van publieke sleutels via HTTP vanuit hun [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hierdoor kunnen mensen buiten Mailbox.org gemakkelijk de OpenPGP sleutels van Mailbox.org accounts vinden, voor cross-provider E2EE. -??? info "Account beëindiging" +#### :material-check:{ .pg-green } Digitale erfenis - Jouw account zal worden ingesteld op een beperkte gebruikersaccount wanneer jouw contract eindigt, na [30 dagen zal het onherroepelijk worden verwijderd](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org heeft een digitale erfenis voor alle plannen. Je kunt kiezen of je wilt dat jouw gegevens worden doorgegeven aan jouw erfgenamen, mits zij een aanvraag indienen en jouw testament overleggen. Je kunt ook een persoon nomineren met naam en adres. -??? info "Aanvullende Functionaliteit" +#### :material-information-outline:{ .pg-blue } Beëindiging van account - Je kunt toegang krijgen tot jouw Mailbox.org account via IMAP/SMTP door gebruik te maken van hun [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+van+mailbox.org). Hun webmailinterface is echter niet toegankelijk via hun .onion dienst en je kunt TLS-certificaatfouten ondervinden. - - Alle accounts worden geleverd met beperkte cloudopslag die [kan worden versleuteld](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org biedt ook de alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), die de TLS-encryptie afdwingt op de verbinding tussen mailservers, anders wordt het bericht helemaal niet verzonden. Mailbox.org ondersteunt ook [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync), naast standaard toegangsprotocollen zoals IMAP en POP3. +Je account wordt ingesteld op een beperkt gebruikersaccount zodra je contract is beëindigd, na [30 dagen wordt deze onherroepelijk verwijderd](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Beëindiging van account + +Je hebt toegang tot jouw Mailbox.org account via IMAP/SMTP met behulp van hun [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Hun webmailinterface is echter niet toegankelijk via hun .onion dienst en je kunt TLS-certificaatfouten ondervinden. + +Alle accounts worden geleverd met beperkte cloud-opslag die [kan worden versleuteld](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org biedt ook de alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), die de TLS-versleuteling op de verbinding tussen mailservers afdwingt, anders wordt het bericht helemaal niet verzonden. Mailbox.org ondersteunt ook [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) naast standaard toegangs protocollen zoals IMAP en POP3. + +## Meer providers + +Deze providers slaan jouw e-mails op met zero-knowledge encryptie, waardoor ze geweldige opties zijn om jouw opgeslagen e-mails veilig te houden. Zij ondersteunen echter geen interoperabele versleutelingsnormen voor E2EE-communicatie tussen aanbieders. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail heeft interne crash rapporten die ze **niet** delen met derden. Dit - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Aangepaste domeinen en aliassen" +#### :material-check:{ .pg-green } Aangepaste domeinen en aliassen - Persoonlijke accounts kunnen [Custom of Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliassen gebruiken. [Eigen domeinen](https://support.startmail.com/hc/nl-nl/articles/4403911432209-Setup-a-custom-domain) zijn ook beschikbaar. +Persoonlijke accounts kunnen [aangepaste of Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliassen gebruiken. [Aangepaste domeinen](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) zijn ook beschikbaar. -??? warning "Privé betaalmethoden" +#### :material-alert-outline:{ .pg-orange } Privé betaalmethodes - StartMail accepteert Visa, MasterCard, American Express en Paypal. StartMail heeft ook andere [betalingsopties](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) zoals Bitcoin (momenteel alleen voor Persoonlijke accounts) en SEPA Direct Debit voor accounts ouder dan een jaar. +StartMail accepteert Visa, MasterCard, American Express en Paypal. StartMail heeft ook andere [betalingsopties](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) zoals [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (momenteel alleen voor Persoonlijke accounts) en SEPA Direct Debit voor accounts ouder dan een jaar. -??? success "Account beveiliging" +#### :material-check:{ .pg-green } Accountbeveiliging - StartMail ondersteunt TOTP tweefactorauthenticatie [alleen voor webmail](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Zij staan geen U2F-authenticatie met beveiligingssleutel toe. +StartMail ondersteunt TOTP tweefactorauthenticatie [alleen voor webmail](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Zij staan geen U2F-authenticatie met beveiligingssleutel toe. -??? info "Gegevens beveiliging" +#### :material-information-outline:{ .pg-blue } Gegevensbeveiliging - StartMail heeft [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), met behulp van hun "user vault" systeem. Wanneer je inlogt, wordt de kluis geopend, en de e-mail wordt dan uit de wachtrij naar de kluis verplaatst, waar hij wordt ontsleuteld met de bijbehorende privésleutel. - - StartMail ondersteunt het importeren van [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts), maar deze zijn alleen toegankelijk in de webmail en niet via protocollen zoals [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacten worden ook niet opgeslagen met behulp van zero knowledge encryptie. +StartMail heeft [zero access encryptie bij rust](https://www.startmail.com/en/whitepaper/#_Toc458527835), met behulp van hun "user vault" systeem. Wanneer je inlogt, wordt de kluis geopend, en de e-mail wordt dan uit de wachtrij naar de kluis verplaatst, waar hij wordt ontsleuteld met de bijbehorende privésleutel. -??? success "Email Encryptiie" +StartMail ondersteunt het importeren van [contacten](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) echter, ze zijn alleen toegankelijk in de webmail en niet via protocollen zoals [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacten worden ook niet opgeslagen met behulp van zero knowledge encryptie. - StartMail heeft [geïntegreerde encryptie](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in hun webmail, wat het verzenden van versleutelde berichten met openbare OpenPGP-sleutels vergemakkelijkt. +#### :material-check:{ .pg-green } Email Encryptie -??? warning "Digitale erfgoed" +StartMail heeft [encryptie](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) geïntegreerd in hun webmail, wat het versturen van versleutelde berichten met openbare OpenPGP-sleutels vereenvoudigt. Ze ondersteunen echter niet de Web Key Directory-standaard, waardoor de ontdekking van de openbare sleutel van een Startmail-postvak uitdagender wordt voor andere e-mailproviders of -clients. - StartMail biedt geen digitale erfenisfunctie. +#### :material-alert-outline:{ .pg-orange } Digitale erfenis -??? info "Account beëindiging" +StartMail biedt geen digitale erfenisfunctie. - Bij afloop van de account zal StartMail jouw account definitief verwijderen na [6 maanden in 3 fasen](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Beëindiging van account -??? info "Aanvullende Functionaliteit" +Bij afloop van jouw account, zal StartMail jouw account definitief verwijderen na [6 maanden in 3 fasen](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail maakt proxying van afbeeldingen in e-mails mogelijk. Als je toestaat dat het beeld op afstand wordt geladen, weet de verzender niet wat jouw IP-adres is. +#### :material-information-outline:{ .pg-blue } extra functionaliteit -## Meer providers - -Deze providers slaan jouw e-mails op met zero-knowledge encryptie, waardoor ze geweldige opties zijn om jouw opgeslagen e-mails veilig te houden. Zij ondersteunen echter geen interoperabele versleutelingsnormen voor E2EE-communicatie tussen aanbieders. +StartMail maakt proxying van afbeeldingen in e-mails mogelijk. Als je toestaat dat het beeld op afstand wordt geladen, weet de verzender niet wat jouw IP-adres is. ### Tutanota @@ -220,44 +240,51 @@ Deze providers slaan jouw e-mails op met zero-knowledge encryptie, waardoor ze g Tutanota ondersteunt het [IMAP protocol](https://tutanota.com/faq/#imap) em het gebruik van e-mailclients van derden niet[](email-clients.md), en je zult ook niet in staat zijn om [externe e-mailaccounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) toe te voegen aan de Tutanota app. Beide [E-mail import](https://github.com/tutao/tutanota/issues/630) of [submappen](https://github.com/tutao/tutanota/issues/927) worden momenteel ondersteund, hoewel dit binnenkort [zal worden gewijzigd](https://tutanota.com/blog/posts/kickoff-import). E-mails kunnen [individueel of per bulk selectie](https://tutanota.com/howto#generalMail) per map worden geëxporteerd, wat onhandig kan zijn als je veel mappen hebt. -??? success "Aangepaste domeinen en aliassen" +#### :material-check:{ .pg-green } Aangepaste domeinen en aliassen - Betaalde Tutanota accounts kunnen tot 5 [aliases](https://tutanota.com/faq#alias) en [aangepaste domeinen](https://tutanota.com/faq#custom-domain) gebruiken. Tutanota staat geen [subadressering (plus adressen)](https://tutanota.com/faq#plus) toe, maar je kunt een [catch-all](https://tutanota.com/howto#settings-global) gebruiken met een aangepast domein. +Betaalde Tutanota accounts kunnen tot 5 [aliassen gebruiken](https://tutanota.com/faq#alias) en [aangepaste domeinen](https://tutanota.com/faq#custom-domain). Tutanota staat geen [subadressering (plus adressen)](https://tutanota.com/faq#plus)toe, maar je kunt een [catch-all](https://tutanota.com/howto#settings-global) gebruiken met een aangepast domein. -??? warning "Privé betaalmethoden" +#### :material-information-outline:{ .pg-blue } Privé betaalmethodes - Tutanota accepteert alleen rechtstreeks creditcards en PayPal, maar Bitcoin en Monero kunnen worden gebruikt om cadeaubonnen te kopen via hun [partnership](https://tutanota.com/faq/#cryptocurrency) met Proxystore. +Tutanota accepteert alleen rechtstreeks creditcards en PayPal, maar Bitcoin en Monero kunnen worden gebruikt om cadeaubonnen te kopen via hun [partnerschap](https://tutanota.com/faq/#cryptocurrency) met Proxystore. -??? success "Account beveiliging" +#### :material-check:{ .pg-green } Accountbeveiliging - Tutanota ondersteunt [twee factor authenticatie](https://tutanota.com/faq#2fa) met TOTP of U2F. +Tutanota ondersteunt [twee-factor authenticatie](https://tutanota.com/faq#2fa) met TOTP of U2F. -??? success "Gegevens beveiliging" +#### :material-check:{ .pg-green } Gegevensbeveiliging - Tutanota heeft [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) voor jouw emails, [adresboek contacten](https://tutanota.com/faq#encrypted-address-book), en [calendars](https://tutanota.com/faq#calendar). Dit betekent dat de berichten en andere gegevens die in jouw account zijn opgeslagen, alleen door je kunnen worden gelezen. +Tutanota heeft [zero access encryptie bij rust](https://tutanota.com/faq#what-encrypted) voor jouw e-mails, [adresboek contacten](https://tutanota.com/faq#encrypted-address-book), en [kalenders](https://tutanota.com/faq#calendar). Dit betekent dat de berichten en andere gegevens die in jouw account zijn opgeslagen, alleen door je kunnen worden gelezen. -??? warning "Email Encryptie" +#### :material-information-outline:{ .pg-blue } Email Encryptie - Tutanota [gebruikt geen OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts kunnen alleen versleutelde e-mails ontvangen van niet-Tutanota e-mail accounts wanneer deze worden verzonden via een [tijdelijke Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [maakt geen gebruik van OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota-accounts kunnen alleen versleutelde e-mails ontvangen van niet-Tutanota-e-mailaccounts wanneer ze worden verzonden via een [tijdelijke Tutanota-postvak](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digitale erfgoed" +#### :material-alert-outline:{ .pg-orange } Digitale erfenis - Tutanota biedt geen digitale erfenis functie. +Tutanota biedt geen digitale erfenis functie. -??? info "Account beëindiging" +#### :material-information-outline:{ .pg-blue } Beëindiging van account - Tutanota zal [inactieve gratis accounts verwijderen](https://tutanota.com/faq#inactive-accounts) na zes maanden. Je kunt een gedeactiveerd gratis account opnieuw gebruiken als je betaalt. +Tutanota zal [inactieve gratis accounts](https://tutanota.com/faq#inactive-accounts) verwijderen na zes maanden. Je kunt een gedeactiveerd gratis account opnieuw gebruiken als je betaalt. -??? info "Aanvullende Functionaliteit" +#### :material-information-outline:{ .pg-blue } extra functionaliteit - Tutanota biedt de zakelijke versie van [Tutanota gratis of met zware korting aan organisaties zonder winstoogmerk](https://tutanota.com/blog/posts/secure-email-for-non-profit). - - Tutanota heeft ook een zakelijke functie genaamd [Secure Connect](https://tutanota.com/secure-connect/). Dit zorgt ervoor dat het klantcontact met het bedrijf gebruik maakt van E2EE. De functie kost €240/j. +Tutanota biedt de zakelijke versie van [Tutanota aan non-profitorganisaties](https://tutanota.com/blog/posts/secure-email-for-non-profit) gratis of met een fikse korting. + +Tutanota heeft ook een zakelijke functie genaamd [Secure Connect](https://tutanota.com/secure-connect/). Dit zorgt ervoor dat het klantcontact met het bedrijf gebruik maakt van E2EE. De functie kost €240/j. ## E-mail aliasing diensten Met een e-mail aliasing dienst kun je gemakkelijk een nieuw e-mailadres genereren voor elke website waarvoor je je aanmeldt. De e-mailaliassen die je aanmaakt worden dan doorgestuurd naar een e-mailadres vanjouw keuze, waardoor zowel jouw "hoofd"-e-mailadres als de identiteit van jouw e-mailprovider wordt verborgen. Echte e-mailaliasing is beter dan de door veel providers gebruikte en ondersteunde plus-adressering, waarmee je aliassen kunt maken als jouwnaam+[anythinghere]@voorbeeld.com, omdat websites, adverteerders en traceringsnetwerken triviaal alles na het +-teken kunnen verwijderen om jouw echte e-mailadres te ontdekken. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ E-mailaliasing kan fungeren als een waarborg voor het geval jouw e-mailprovider ooit ophoudt te werken. In dat scenario kun je jouw aliassen gemakkelijk omleiden naar een nieuw e-mailadres. Op zijn beurt stelt je echter vertrouwen in de aliasingdienst om te blijven functioneren. Het gebruik van een speciale e-mail aliasing dienst heeft ook een aantal voordelen ten opzichte van een catch-all alias op een aangepast domein: @@ -411,7 +438,7 @@ Wij geven er de voorkeur aan dat de door ons aanbevolen aanbieders zo weinig mog **Beste geval:** -- Accepteert Bitcoin, contant geld en andere vormen van cryptocurrency en/of anonieme betalingsopties (cadeaubonnen, enz.) +- Accepteert [anonieme betalingsopties](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), contant geld, cadeaukaarten, etc.) ### Veiligheid @@ -428,10 +455,10 @@ Email servers verwerken veel zeer gevoelige gegevens. We verwachten dat provider - Geldige [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) en [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Geldige [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) en [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Zorg voor een correct [DMARC](https://en.wikipedia.org/wiki/DMARC) record en beleid of gebruik [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) voor verificatie. Als DMARC-authenticatie wordt gebruikt, moet het beleid worden ingesteld op `reject` of `quarantine`. -- Een voorkeur voor een server suite van TLS 1.2 of later en een plan voor [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- Een server suite voorkeur van TLS 1.2 of hoger en een plan voor [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) indiening, ervan uitgaande dat SMTP wordt gebruikt. - Beveiligingsnormen voor websites, zoals: - - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) + - [HTTP Strict Transport Security](https://nl.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subbron Integriteit](https://en.wikipedia.org/wiki/Subresource_Integrity) als dingen van externe domeinen worden geladen. - Moet het bekijken van [Message headers](https://en.wikipedia.org/wiki/Email#Message_header)ondersteunen, aangezien dit een cruciale forensische functie is om te bepalen of een e-mail een phishing-poging is. @@ -443,7 +470,7 @@ Email servers verwerken veel zeer gevoelige gegevens. We verwachten dat provider - Programma's voor bug-bounty's en/of een gecoördineerd proces voor de openbaarmaking van kwetsbaarheden. - Beveiligingsnormen voor websites, zoals: - [Inhoud beveiligingsbeleid (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Verwacht-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Vertrouwen @@ -481,5 +508,3 @@ Mag geen marketing hebben die onverantwoord is: ### Extra functionaliteit Hoewel het geen strikte vereisten zijn, zijn er nog enkele andere factoren met betrekking tot gemak of privacy die wij in aanmerking hebben genomen bij het bepalen van de aan te bevelen providers. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/encryption.md b/i18n/nl/encryption.md index bfd914ed0..15c96076e 100644 --- a/i18n/nl/encryption.md +++ b/i18n/nl/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryptie Software" icon: material/file-lock +description: Encryptie van gegevens is de enige manier om te controleren wie er toegang toe heeft. Met deze tools kun je jouw e-mails en andere bestanden versleutelen. --- Encryptie van gegevens is de enige manier om te controleren wie er toegang toe heeft. Als je momenteel geen encryptiesoftware gebruikt voor jouw harde schijf, e-mails of bestanden, moet je hier een optie kiezen. @@ -353,5 +354,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Toepassingen voor versleuteling van het besturingssysteem (FDE) moeten gebruik maken van hardwarebeveiliging zoals een TPM of Secure Enclave. - Bestandsversleutelingsapps moeten ondersteuning van eerste of derde partijen hebben voor mobiele platforms. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/file-sharing.md b/i18n/nl/file-sharing.md index 5f33a9a01..87c0e3f9c 100644 --- a/i18n/nl/file-sharing.md +++ b/i18n/nl/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Bestanden delen en synchroniseren" icon: material/share-variant +description: Ontdek hoe je jouw bestanden privé kunt delen tussen jouw apparaten, met jouw vrienden en familie, of anoniem online. --- Ontdek hoe je jouw bestanden privé kunt delen tussen jouw apparaten, met jouw vrienden en familie, of anoniem online. @@ -144,5 +145,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Heeft mobiele clients voor iOS en Android, die tenminste document previews ondersteunen. - Ondersteunt back-up van foto's van iOS en Android, en ondersteunt optioneel synchronisatie van bestanden/mappen op Android. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/financial-services.md b/i18n/nl/financial-services.md new file mode 100644 index 000000000..8ad93810f --- /dev/null +++ b/i18n/nl/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financiële diensten +icon: material/bank +--- + +Online betalen is een van de grootste uitdagingen voor privacy. Deze diensten kunnen je helpen jouw privacy te beschermen tegen handelaren en andere trackers, op voorwaarde dat je goed weet hoe je privébetalingen doeltreffend kunt verrichten. Wij raden je sterk aan eerst ons overzichtsartikel over betalingen te lezen voordat je aankopen doet: + +[Privébetalingen maken :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Maskerende betalingsdiensten + +Er zijn een aantal diensten die "virtuele debetkaarten" aanbieden die je bij online handelaren kunt gebruiken zonder in de meeste gevallen jouw werkelijke bank- of factureringsgegevens bekend te maken. Het is belangrijk op te merken dat deze financiële diensten **niet** anoniem zijn en onderworpen zijn aan "Know Your Customer" (KYC) wetten en jouw ID of andere identificerende informatie kunnen vereisen. Deze diensten zijn vooral nuttig om je te beschermen tegen inbreuken op gegevens van handelaars, minder gesofisticeerde tracking of aankoopcorrelatie door marketingbureaus, en online gegevensdiefstal; en **niet** om volledig anoniem een aankoop te doen. + +!!! tip "Controleer jouw huidige bank" + + Veel banken en kredietkaartaanbieders bieden hun eigen virtuele kaartfunctionaliteit. Als je er een gebruikt die deze optie al biedt, moet je deze in de meeste gevallen over de volgende aanbevelingen gebruiken. Op die manier vertrouw je niet meerdere partijen met jouw persoonlijke informatie. + +### Privacy.com (VS) + +!!! recommendation + + Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + Met het gratis plan van **Privacy.com** kunt je tot 12 virtuele kaarten per maand aanmaken, uitgavenlimieten op die kaarten instellen en kaarten onmiddellijk uitschakelen. Met hun betaalde plan kunt je tot 36 kaarten per maand aanmaken, 1% cashback krijgen op aankopen en transactiegegevens voor jouw bank verbergen. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacybeleid" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentatie} + +Privacy.com geeft standaard informatie over de handelaren bij wie je koopt door aan jouw bank. Hun betaalde functie "discrete handelaars" verbergt handelaarsinformatie voor jouw bank, zodat jouw bank alleen ziet dat een aankoop werd gedaan bij Privacy.com maar niet waar dat geld werd uitgegeven, maar dat is niet waterdicht, en natuurlijk heeft Privacy.com nog steeds kennis over de handelaars waar je geld uitgeeft. + +### MySudo (VS, Betaald) + +!!! recommendation + + MySudo logo](assets/img/financiële-diensten/mysudo.svg#alleen-licht){ align=right } + MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** biedt tot 9 virtuele kaarten, afhankelijk van het plan dat je koopt. Hun betaalde plannen omvatten bovendien functionaliteit die nuttig kan zijn om privé aankopen te doen, zoals virtuele telefoonnummers en e-mailadressen, hoewel wij gewoonlijk andere [email aliasing providers](email.md) aanbevelen voor uitgebreid e-mail aliasing gebruik. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je zich vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat het de juiste keuze voor je is. + +!!! example "Deze sectie is nieuw" + + We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering. + +- Maakt het mogelijk om meerdere kaarten aan te maken die functioneren als een schild tussen de handelaar en jouw persoonlijke financiën. +- Kaarten mogen je niet verplichten de handelaar nauwkeurige informatie over het factuuradres te verstrekken. + +## Marktplaatsen voor cadeaubonnen + +Met deze diensten kunt je online cadeaubonnen kopen voor verschillende handelaren met [cryptocurrency](cryptocurrency.md). Sommige van deze services bieden opties voor ID-verificatie voor hogere limieten, maar ze staan ook accounts toe met alleen een e-mailadres. Basislimieten beginnen bij $ 5.000-10.000 per dag voor basisaccounts en aanzienlijk hogere limieten voor ID geverifieerde accounts (indien aangeboden). + +### Cake Pay + +!!! recommendation + + CakePay logo](assets/img/financiële-diensten/cakepay.svg){ align=right } + + Met **Cake Pay** kunt je cadeaubonnen en aanverwante producten kopen met Monero. Aankopen voor Amerikaanse handelaren zijn beschikbaar in de Cake Wallet mobiele app, terwijl de Cake Pay web app een brede selectie van wereldwijde handelaren bevat. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacybeleid" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentatie} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + ** CoinCards ** (beschikbaar in de VS, Canada en het VK) kunt je cadeaubonnen kopen voor een grote verscheidenheid aan verkopers. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacybeleid" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentatie} + +### Criteria + +**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je zich vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat het de juiste keuze voor je is. + +!!! example "Deze sectie is nieuw" + + We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering. + +- Accepteert betaling in [een aanbevolen cryptocurrency](cryptocurrency.md). +- Geen identificatieplicht. diff --git a/i18n/nl/frontends.md b/i18n/nl/frontends.md index 3def04408..981d48507 100644 --- a/i18n/nl/frontends.md +++ b/i18n/nl/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: Deze open-source frontends voor verschillende internetdiensten geven je toegang tot inhoud zonder JavaScript of andere ergernissen. --- Soms proberen diensten je te dwingen zich aan te melden voor een account door de toegang tot inhoud te blokkeren met vervelende popups. Ze kunnen ook breken zonder JavaScript. Met deze frontends kunt je deze beperkingen omzeilen. @@ -264,5 +265,3 @@ Aanbevolen frontends... We overwegen alleen frontends voor websites die... - Niet normaal toegankelijk zonder JavaScript. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/index.md b/i18n/nl/index.md index 54a863138..90b72082b 100644 --- a/i18n/nl/index.md +++ b/i18n/nl/index.md @@ -11,7 +11,7 @@ hide: ##### "Ik heb niets te verbergen. Waarom zou ik me zorgen maken over mijn privacy?" -Net zoals het recht op interraciale huwelijken, het kiesrecht voor vrouwen, de vrijheid van meningsuiting en vele andere, hadden wij niet altijd recht op privacy. In verschillende dictaturen hebben velen dat nog steeds niet. Generaties voor ons vochten voor ons recht op privacy. ==Privacy is een mensenrecht, inherent aan ons allen,== waar we recht op hebben (zonder discriminatie). +Net zoals het recht op interraciale huwelijken, het kiesrecht voor vrouwen, de vrijheid van meningsuiting en vele andere, hadden wij niet altijd recht op privacy. In verschillende dictaturen is dat nog steeds niet het geval. Generaties voor ons vochten voor ons recht op privacy. ==Privacy is een mensenrecht, inherent aan ons allen,== waar we recht op hebben (zonder discriminatie). Je moet privacy niet verwarren met geheimzinnigheid. We weten wat er in de badkamer gebeurt, maar je doet nog steeds de deur dicht. Dat is omdat je privacy wilt, geen geheimzinnigheid. **Iedereen** heeft iets te beschermen. Privacy is iets wat ons menselijk maakt. @@ -40,5 +40,3 @@ Het is onpraktisch, duur en vermoeiend om te proberen al jouw gegevens altijd te [:material-hand-coin-outline:](about/donate.md){ title="Steun het project" } Het is belangrijk voor een website zoals Privacy Guides om altijd up-to-date te blijven. Ons publiek moet software-updates in de gaten houden voor de toepassingen die op onze site staan en recent nieuws volgen over aanbieders die wij aanbevelen. Het is moeilijk om het hoge tempo van het internet bij te houden, maar we doen ons best. Als je een fout ziet, denkt dat een provider niet in de lijst thuishoort, merkt dat een gekwalificeerde provider ontbreekt, denkt dat een browserplugin niet langer de beste keuze is, of een ander probleem ontdekt, laat het ons dan weten. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/kb-archive.md b/i18n/nl/kb-archive.md index 5db41d4a1..2c6dcee5a 100644 --- a/i18n/nl/kb-archive.md +++ b/i18n/nl/kb-archive.md @@ -1,11 +1,12 @@ --- title: KB Archief icon: material/archive +description: Sommige pagina's die vroeger in onze kennisbank zaten, zijn nu te vinden op onze blog. --- # Pagina's verplaatst naar Blog -Sommige pagina's die vroeger in onze kennisbank stonden, staan nu op onze blog: +Sommige pagina's die vroeger in onze kennisbank zaten, zijn nu te vinden op onze blog: - [GrapheneOS vs CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) - [Signal configuratie en verharding](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) @@ -14,5 +15,3 @@ Sommige pagina's die vroeger in onze kennisbank stonden, staan nu op onze blog: - [Veilig wissen van gegevens](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integreren van metadata verwijdering](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS configuratiegids](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/meta/brand.md b/i18n/nl/meta/brand.md index da25e7988..0237502dc 100644 --- a/i18n/nl/meta/brand.md +++ b/i18n/nl/meta/brand.md @@ -20,5 +20,3 @@ Aanvullende merkrichtlijnen zijn te vinden op [github.com/privacyguides/brand](h "Privacy Guides" en het schild logo zijn handelsmerken in eigendom van Jonah Aragon, onbeperkt gebruik is toegekend aan de Privacy Guides project. Zonder af te zien van haar rechten, adviseert Privacy Guides anderen niet over de reikwijdte van haar intellectuele-eigendomsrechten. Privacy Guides staat geen gebruik van haar handelsmerken toe op een manier die verwarring kan veroorzaken door associatie met of sponsoring door Privacy Guides te impliceren, en geeft daar ook geen toestemming voor. Als u op de hoogte bent van dergelijk gebruik, neem dan contact op met Jonah Aragon via jonah@privacyguides.org. Raadpleeg uw juridisch adviseur als u vragen hebt. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/meta/git-recommendations.md b/i18n/nl/meta/git-recommendations.md index c11fb3e7f..bb81b6a81 100644 --- a/i18n/nl/meta/git-recommendations.md +++ b/i18n/nl/meta/git-recommendations.md @@ -44,5 +44,3 @@ Als je aan jouw eigen branch werkt, voer dan deze commando's uit voordat je een git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/meta/uploading-images.md b/i18n/nl/meta/uploading-images.md index 79b6a59ca..4de7106d7 100644 --- a/i18n/nl/meta/uploading-images.md +++ b/i18n/nl/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/meta/writing-style.md b/i18n/nl/meta/writing-style.md index 9ceb6b7be..999f73cc7 100644 --- a/i18n/nl/meta/writing-style.md +++ b/i18n/nl/meta/writing-style.md @@ -85,5 +85,3 @@ Bron: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversationa > - "mag niet" voor een verbod > - "kan" voor een discretionaire actie > - “zou moeten” voor een aanbeveling - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/mobile-browsers.md b/i18n/nl/mobile-browsers.md index 3728c0376..340c5dde5 100644 --- a/i18n/nl/mobile-browsers.md +++ b/i18n/nl/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobiele browsers" icon: material/cellphone-information +description: Deze browsers zijn wat we momenteel aanbevelen voor standaard/niet-anoniem internetten op jouw telefoon. --- Dit zijn onze momenteel aanbevolen mobiele webbrowsers en configuraties voor standaard/niet-anoniem internetten. In het algemeen raden we aan om extensies tot een minimum te beperken: ze hebben geprivilegieerde toegang binnen jouw browser, vereisen dat je de ontwikkelaar vertrouwt, kunnen je [doen opvallen](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), en [verzwakken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-Uchnm34/m/lDaXwQhzBAAJ) site-isolatie. In het algemeen raden we aan om extensies tot een minimum te beperken: ze hebben geprivilegieerde toegang binnen jouw browser, vereisen dat u de ontwikkelaar vertrouwt, kunnen je [doen opvallen](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), en [verzwakken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site-isolatie. @@ -189,5 +190,3 @@ Extra filterlijsten vertragen de zaken en kunnen uw aanvalsoppervlak vergroten, - Mag geen ingebouwde browser- of OS-functionaliteit repliceren. - Moet rechtstreeks van invloed zijn op de privacy van de gebruiker, d.w.z. mag niet gewoon informatie verstrekken. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/multi-factor-authentication.md b/i18n/nl/multi-factor-authentication.md index 77bf7c3b8..c85aa9869 100644 --- a/i18n/nl/multi-factor-authentication.md +++ b/i18n/nl/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: Deze tools helpen je jouw internetaccounts te beveiligen met Multi-Factor Authentication zonder jouw geheimen naar een derde partij te sturen. --- ## Hardware Veiligheidssleutels @@ -139,5 +140,3 @@ Wij raden je ten zeerste aan om mobiele TOTP apps te gebruiken in plaats van des - Moet geen internetverbinding vereisen. - Mag niet synchroniseren met een cloud sync/backup service van derden. - **Optioneel is** E2EE sync-ondersteuning met OS-native tools aanvaardbaar, bv. versleutelde sync via iCloud. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/news-aggregators.md b/i18n/nl/news-aggregators.md index 9f0439116..466896627 100644 --- a/i18n/nl/news-aggregators.md +++ b/i18n/nl/news-aggregators.md @@ -1,6 +1,7 @@ --- title: "Nieuws Aggregators" icon: material/rss +description: Met deze news aggregator clients kunt je op de hoogte blijven van jouw favoriete blogs en nieuwssites via internetstandaarden zoals RSS. --- Een [nieuwsaggregator](https://en.wikipedia.org/wiki/News_aggregator) is een manier om op de hoogte te blijven van jouw favoriete blogs en nieuwssites. @@ -169,5 +170,3 @@ Je kunt zich abonneren op YouTube-kanalen zonder in te loggen en gebruiksinforma ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/notebooks.md b/i18n/nl/notebooks.md index 5667751dd..6e8477576 100644 --- a/i18n/nl/notebooks.md +++ b/i18n/nl/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notitieboekjes" icon: material/notebook-edit-outline +description: Met deze versleutelde notitie-apps kun je je notities bijhouden zonder ze aan derden te geven. --- Houd jouw notities en aantekeningen bij zonder ze aan derden te geven. @@ -111,5 +112,3 @@ Cryptee biedt gratis 100MB opslag, met betaalde opties als je meer nodig hebt. A - De lokale backup/sync-functie moet encryptie ondersteunen. - Cloud-platforms moeten het delen van documenten ondersteunen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/os/android-overview.md b/i18n/nl/os/android-overview.md index 55243cf38..171bee148 100644 --- a/i18n/nl/os/android-overview.md +++ b/i18n/nl/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overzicht icon: simple/android +description: Android is een open-source besturingssysteem met sterke beveiliging, waardoor het onze topkeuze is voor telefoons. --- Android is een veilig besturingssysteem met sterke [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), en een robuust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ Het is belangrijk om geen [end-of-life](https://endoflife.date/android) versie v ## Android-machtigingen -[Machtigingen op Android](https://developer.android.com/guide/topics/permissions/overview) geven je controle over welke apps toegang krijgen. Google brengt regelmatig [verbeteringen aan](https://developer.android.com/about/versions/11/privacy/permissions) in het toestemmingssysteem in elke opeenvolgende versie. Alle apps die je installeert zijn strikt [sandboxed](https://source.android.com/security/app-sandbox), daarom is het niet nodig om antivirus apps te installeren. Een smartphone met de nieuwste versie van Android zal altijd veiliger zijn dan een oude smartphone met een antivirus waarvoor je betaald heeft. Het is beter om niet te betalen voor antivirussoftware en geld te sparen om een nieuwe smartphone te kopen, zoals een Google Pixel. +[Machtigingen op Android](https://developer.android.com/guide/topics/permissions/overview) geven je controle over waar apps toegang tot toe krijgen. Google brengt regelmatig [verbeteringen aan](https://developer.android.com/about/versions/11/privacy/permissions) in het machtigingssysteem in elke opeenvolgende versie. Alle apps die je installeert zijn strikt [sandboxed](https://source.android.com/security/app-sandbox), daarom is het niet nodig om antivirus apps te installeren. -Als je een app wilt gebruiken waar je niet zeker van bent, kun je overwegen een gebruikers- of werkprofiel te gebruiken. +Een smartphone met de nieuwste versie van Android zal altijd veiliger zijn dan een oude smartphone met een betaalde antivirus. Het is beter om niet te betalen voor antivirussoftware en geld te sparen om een nieuwe smartphone te kopen, zoals een Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) geeft je meer controle over jouw bestanden en kan beperken wat [toegang heeft tot externe opslag](https://developer.android.com/training/data-storage#permissions). Apps kunnen een specifieke map in externe opslag hebben en de mogelijkheid om daar specifieke soorten media op te slaan. +- Strengere toegang op [apparaatlocatie](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) door invoering van de machtiging `ACCESS_BACKGROUND_LOCATION`. Dit voorkomt dat apps op de achtergrond toegang krijgen tot de locatie zonder uitdrukkelijke toestemming van de gebruiker. + +Android 11: + +- [Eenmalige toestemmingen](https://developer.android.com/about/versions/11/privacy/permissions#one-time) waarmee je eenmalig een machtiging kunt verlenen aan een app. +- [Automatische reset machtigingen](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), die [runtime machtigingen](https://developer.android.com/guide/topics/permissions/overview#runtime) terugzet die werden toegekend toen de app werd geopend. +- Machtigingen voor toegang tot [telefoon nummer](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) gerelateerde functies. + +Android 12: + +- Een machtiging om alleen de [geschatte locatie](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location) toe te kennen. +- Auto-reset van [apps in slaapstand](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) die het gemakkelijker maakt om te bepalen welk deel van een app een bepaald type gegevenstoegang gebruikt. + +Android 13: + +- Een permissie voor [nabijgelegen wifi toegang](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). De MAC-adressen van WiFi-toegangspunten in de buurt waren een populaire manier voor apps om de locatie van een gebruiker te traceren. +- Een meer [granulaire mediatoestemmingen](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), wat betekent dat je alleen toegang kan verlenen tot afbeeldingen, video's of audiobestanden. +- Achtergrondgebruik van sensoren vereist nu de toestemming [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission). + +Een app kan een toestemming vragen voor een specifieke functie die hij heeft. Bijvoorbeeld, elke app die QR-codes kan scannen heeft toestemming voor de camera nodig. Sommige apps kunnen meer toestemmingen vragen dan ze nodig hebben. + +[Exodus](https://exodus-privacy.eu.org/) kan nuttig zijn bij het vergelijken van apps die vergelijkbare doelen hebben. Als een app veel machtigingen nodig heeft en veel advertenties en analytics heeft, is dit waarschijnlijk een slecht teken. Wij raden aan de individuele trackers te bekijken en hun beschrijvingen te lezen in plaats van eenvoudigweg **het totaal** te tellen en aan te nemen dat alle vermelde items gelijk zijn. + +!!! warning + + Als een app vooral een webdienst is, kan de tracking aan de serverzijde plaatsvinden. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) toont "geen trackers", maar volgt zeker de interesses en het gedrag van gebruikers op de site. Apps kunnen detectie omzeilen door geen gebruik te maken van door de reclame-industrie geproduceerde standaardcodebibliotheken, hoewel dit onwaarschijnlijk is. + +!!! note + + Privacy-vriendelijke apps zoals [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) kunnen sommige trackers tonen zoals [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). Deze bibliotheek bevat [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) die [pushmeldingen](https://en.wikipedia.org/wiki/Push_technology) in apps kan bieden. Dit [is het geval](https://fosstodon.org/@bitwarden/109636825700482007) met Bitwarden. Dat betekent niet dat Bitwarden alle analysefuncties gebruikt die Google Firebase Analytics biedt. ## Mediatoegang @@ -131,5 +167,3 @@ Je krijgt de optie om jouw advertentie-ID te verwijderen of om *af te melden voo [SafetyNet](https://developer.android.com/training/safetynet/attestation) en de [Play Integrity API's](https://developer.android.com/google/play/integrity) worden over het algemeen gebruikt voor [bankapps](https://grapheneos.org/usage#banking-apps). Veel bank apps zullen prima werken in GrapheneOS met sandboxed Play services, maar sommige niet-financiële apps hebben hun eigen grove anti-tampering mechanismen die kunnen falen. GrapheneOS doorstaat de `basicIntegrity` check, maar niet de certificeringscheck `ctsProfileMatch`. Toestellen met Android 8 of later hebben hardware-attestondersteuning die niet kan worden omzeild zonder gelekte sleutels of ernstige kwetsbaarheden. Wat Google Wallet betreft, wij raden dit niet aan vanwege hun [privacybeleid](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), waarin staat dat je zich moet afmelden als je niet wilt dat jouw kredietwaardigheid en persoonlijke gegevens worden gedeeld met affiliate marketingdiensten. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/os/linux-overview.md b/i18n/nl/os/linux-overview.md index d9c509776..6235e8832 100644 --- a/i18n/nl/os/linux-overview.md +++ b/i18n/nl/os/linux-overview.md @@ -1,6 +1,7 @@ --- title: Linux Overzicht icon: simple/linux +description: Linux is een open-source, privacy-gericht desktop besturingssysteem alternatief, maar niet alle distributies zijn gelijk. --- Vaak wordt aangenomen dat [open-source](https://en.wikipedia.org/wiki/Open-source_software) software inherent veilig is omdat de broncode beschikbaar is. Er wordt verwacht dat er regelmatig communautaire verificatie plaatsvindt; dit is echter niet altijd [het geval](https://seirdy.one/posts/2022/02/02/floss-security/). Het hangt af van een aantal factoren, zoals de activiteit van het project, de ervaring van de ontwikkelaar, de striktheid waarmee [code wordt gereviewd](https://en.wikipedia.org/wiki/Code_review), en hoe vaak aandacht wordt besteed aan specifieke delen van de [codebase](https://en.wikipedia.org/wiki/Codebase) die misschien jarenlang onaangeroerd zijn gebleven. @@ -139,5 +140,3 @@ Het Fedora Project [telt](https://fedoraproject.org/wiki/Changes/DNF_Better_Coun Deze [optie](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) staat momenteel standaard uit. We raden aan om `countme=false` toe te voegen aan `/etc/dnf/dnf.conf` voor het geval het in de toekomst wordt ingeschakeld. Op systemen die `rpm-ostree` gebruiken, zoals Silverblue, wordt de countme optie uitgeschakeld door de [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer te maskeren. openSUSE gebruikt ook een [unieke ID](https://en.opensuse.org/openSUSE:Statistics) om systemen te tellen, die kan worden uitgeschakeld door het bestand `/var/lib/zypp/AnonymousUniqueId` te verwijderen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/os/qubes-overview.md b/i18n/nl/os/qubes-overview.md index cbc308852..8e51575c6 100644 --- a/i18n/nl/os/qubes-overview.md +++ b/i18n/nl/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overzicht" icon: simple/qubesos +description: Qubes is een besturingssysteem dat apps isoleert binnen virtuele machines voor een betere beveiliging. --- [**Qubes OS**](../desktop.md#qubes-os) is een besturingssysteem dat gebruik maakt van de [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor om sterke beveiliging te bieden voor desktop computing via geïsoleerde virtuele machines. Elke VM wordt een *Qube* genoemd en je kunt elke Qube een vertrouwensniveau toewijzen op basis van het doel ervan. Omdat Qubes OS beveiliging biedt door isolatie te gebruiken en alleen acties per geval toe te staan, is dit het tegenovergestelde van [slechtheids opsomming](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ Voor aanvullende informatie raden wij je aan de uitgebreide Qubes OS documentati - J. Rutkowska: [*Softwarecompartimentering versus fysieke scheiding*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*De verdeling van mijn digitale leven in veiligheidsdomeinen*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Verwante artikelen*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/passwords.md b/i18n/nl/passwords.md index 2c5a94ce9..a42cd28bd 100644 --- a/i18n/nl/passwords.md +++ b/i18n/nl/passwords.md @@ -1,6 +1,7 @@ --- title: "Wachtwoord managers" icon: material/form-textbox-password +description: Met wachtwoord Managers kunt je wachtwoorden en andere geheimen veilig opslaan en beheren met behulp van een hoofdwachtwoord. --- Met wachtwoord Managers kunt je wachtwoorden en andere geheimen veilig opslaan en beheren met behulp van een hoofdwachtwoord. @@ -226,5 +227,3 @@ Deze producten zijn minimale wachtwoordmanagers die kunnen worden gebruikt binne We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering. - Moet cross-platform zijn. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/productivity.md b/i18n/nl/productivity.md index 20f218f9e..18745373d 100644 --- a/i18n/nl/productivity.md +++ b/i18n/nl/productivity.md @@ -1,6 +1,7 @@ --- title: "Productiviteitshulpmiddelen" icon: material/file-sign +description: De meeste online office suites ondersteunen geen E2EE, wat betekent dat de cloud provider toegang heeft tot alles wat je doet. --- De meeste online office suites ondersteunen geen E2EE, wat betekent dat de cloud provider toegang heeft tot alles wat je doet. Het privacybeleid kan jouw rechten wettelijk beschermen, maar het voorziet niet in technische toegangsbeperkingen. @@ -152,5 +153,3 @@ In het algemeen definiëren wij kantoorsuites als toepassingen die voor de meest [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentatie} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Broncode" } - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/real-time-communication.md b/i18n/nl/real-time-communication.md index 5e8400777..23d88cd75 100644 --- a/i18n/nl/real-time-communication.md +++ b/i18n/nl/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communicatie" icon: material/chat-processing +description: Andere instant messengers maken al je privégesprekken beschikbaar voor het bedrijf dat ze beheert. --- Dit zijn onze aanbevelingen voor versleutelde real-time communicatie. @@ -191,5 +192,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Moet gedecentraliseerd zijn, d.w.z. gefedereerd of P2P. - Moet standaard E2EE gebruiken voor privé-berichten. - Moet Linux, macOS, Windows, Android en iOS ondersteunen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/router.md b/i18n/nl/router.md index ffa3eddbe..64180ac14 100644 --- a/i18n/nl/router.md +++ b/i18n/nl/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: Deze alternatieve besturingssystemen kunnen worden gebruikt om jouw router of Wi-Fi-toegangspunt te beveiligen. --- Hieronder staan een paar alternatieve besturingssystemen, die gebruikt kunnen worden op routers, Wi-Fi access points, enz. @@ -47,5 +48,3 @@ OPNsense werd oorspronkelijk ontwikkeld als een fork van [pfSense](https://en.wi - Moet open source zijn. - Moet regelmatig updates ontvangen. - Moet een grote verscheidenheid aan hardware ondersteunen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/search-engines.md b/i18n/nl/search-engines.md index 4de94b18e..c7fdeb5f3 100644 --- a/i18n/nl/search-engines.md +++ b/i18n/nl/search-engines.md @@ -1,6 +1,7 @@ --- title: "Zoekmachines" icon: material/search-web +description: Deze privacy respecterende zoekmachines bouwen geen advertentieprofiel op basis van jouw zoekopdrachten. --- Gebruik een zoekmachine die geen advertentieprofiel opbouwt op basis van jouw zoekopdrachten. @@ -105,5 +106,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Moet gebaseerd zijn op open-source software. - Mag geen Tor exit node IP adressen blokkeren. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/tools.md b/i18n/nl/tools.md index 60b813936..428b606c7 100644 --- a/i18n/nl/tools.md +++ b/i18n/nl/tools.md @@ -3,6 +3,7 @@ title: "Privacy Hulpmiddelen" icon: material/tools hide: - toc +description: Privacy Guides is de meest transparante en betrouwbare website voor het vinden van software, apps en diensten die jouw persoonlijke gegevens beschermen tegen massa surveillance programma's en andere internetbedreigingen. --- Als je op zoek bent naar een specifieke oplossing voor iets, dan zijn dit de hardware en software tools die wij aanbevelen in verschillende categorieën. Onze aanbevolen privacytools zijn in de eerste plaats gekozen op basis van beveiligingskenmerken, met extra nadruk op gedecentraliseerde en open-source tools. Ze zijn van toepassing op een verscheidenheid aan dreigingsmodellen, variërend van bescherming tegen wereldwijde massasurveillanceprogramma's en het vermijden van grote technologiebedrijven tot het beperken van aanvallen, maar alleen jij kunt bepalen wat het beste werkt voor jouw behoeften. @@ -84,10 +85,10 @@ Voor meer details over elk project, waarom ze werden gekozen, en extra tips of t
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) -- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Werkprofielen)](android.md#shelter) -- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Ondersteunde apparaten)](android.md#auditor) -- ![Beveiligde camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Beveiligde camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Beveiligde camera](android.md#secure-camera) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) - ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
@@ -199,6 +200,29 @@ Wij [bevelen](dns.md#recommended-providers) een aantal versleutelde DNS servers [Meer informatie :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financiële diensten + +#### Maskerende betalingsdiensten + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Meer informatie :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online marktplaatsen voor cadeaubonnen + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Meer informatie :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Zoekmachines
@@ -226,9 +250,9 @@ Wij [bevelen](dns.md#recommended-providers) een aantal versleutelde DNS servers
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ Wij [bevelen](dns.md#recommended-providers) een aantal versleutelde DNS servers [Meer informatie :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Meer informatie :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Redactie van gegevens en metagegevens
@@ -439,5 +473,3 @@ Wij [bevelen](dns.md#recommended-providers) een aantal versleutelde DNS servers
[Meer informatie :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/tor.md b/i18n/nl/tor.md index 141168839..6d61dc550 100644 --- a/i18n/nl/tor.md +++ b/i18n/nl/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Netwerk" icon: simple/torproject +description: Bescherm je surf gedrag tegen nieuwsgierige ogen door gebruik te maken van het Tor netwerk, een beveiligd netwerk dat censuur omzeilt. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -13,13 +14,7 @@ Het **Tor** netwerk is een groep vrijwilligersservers waarmee je gratis verbindi Tor werkt door je internetverkeer om te leiden via deze door vrijwilligers beheerde servers, in plaats van een directe verbinding te maken met de site die je probeert te bezoeken. Dit versluiert waar het verkeer vandaan komt, en geen enkele server in het verbindingspad kan het volledige pad zien van waar het verkeer vandaan komt en naartoe gaat, wat betekent dat zelfs de servers die je gebruikt om verbinding te maken jouw anonimiteit niet kunnen doorbreken. -
- Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Knooppunten in het pad kunnen alleen de servers zien waarmee ze direct verbonden zijn, bijvoorbeeld het getoonde "Entry" knooppunt kan je IP adres zien, en het adres van het "Middle" knooppunt, maar kan niet zien welke website je bezoekt.
-
- -- [Meer informatie over hoe Tor werkt :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Gedetailleerd Tor-overzicht :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Verbinding maken met Tor @@ -118,5 +113,3 @@ Om weerstand te bieden tegen verkeersanalyse aanvallen, kunt je overwegen om *Is Snowflake verhoogt jouw privacy op geen enkele manier, en wordt ook niet gebruikt om verbinding te maken met het Tor-netwerk binnen jouw persoonlijke browser. Als jouw internetverbinding echter ongecensureerd is, zou je moeten overwegen het te gebruiken om mensen in gecensureerde netwerken te helpen zelf betere privacy te krijgen. Je hoeft je geen zorgen te maken over welke websites mensen via je proxy bezoeken- hun zichtbare surf IP adres zal overeenkomen met hun Tor exit node, niet met die van jou. Het runnen van een Snowflake proxy is weinig riskant, zelfs meer dan het runnen van een Tor relay of bridge, wat al geen bijzonder riskante onderneming is. Het stuurt echter nog steeds verkeer door jouw netwerk, wat in sommige opzichten gevolgen kan hebben, vooral als jouw netwerk een beperkte bandbreedte heeft. Zorg ervoor dat je [begrijpt hoe Snowflake werkt](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) voordat je beslist of je een proxy wilt gebruiken. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/video-streaming.md b/i18n/nl/video-streaming.md index 04a1663c5..cce00403b 100644 --- a/i18n/nl/video-streaming.md +++ b/i18n/nl/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Videostreaming" icon: material/video-wireless +description: Met deze netwerken kunt je internet content streamen zonder een advertentieprofiel op te bouwen op basis van jouw interesses. --- Het grootste gevaar bij het gebruik van een videostreamingplatform is dat uw streaminggewoonten en abonneelijsten kunnen worden gebruikt om u te profileren. Je zou deze tools moeten combineren met een [VPN](vpn.md) of [Tor](https://www.torproject.org/) om het moeilijker te maken je gebruik te profileren. @@ -48,5 +49,3 @@ Je kunt de optie *Hostinggegevens opslaan om het LBRY-netwerk te helpen* uitscha - Mag geen gecentraliseerde account vereisen om video's te bekijken. - Gedecentraliseerde authenticatie, bijvoorbeeld via de privésleutel van een mobiele portemonnee, is aanvaardbaar. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/vpn.md b/i18n/nl/vpn.md index 92674839d..a2419c1f1 100644 --- a/i18n/nl/vpn.md +++ b/i18n/nl/vpn.md @@ -1,94 +1,34 @@ --- title: "VPN-diensten" icon: material/vpn +description: Dit zijn de beste VPN-diensten om jouw privacy en veiligheid online te beschermen. Vind hier een provider die er niet op uit is om je te bespioneren. --- -Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkopen of te lezen. +Als je op zoek bent naar extra **privacy** van uw ISP, op een openbaar Wi-Fi-netwerk, of tijdens het torrenten van bestanden, kan een VPN de oplossing voor je zijn, zolang je de risico's ervan begrijpt. Wij denken dat deze aanbieders een stuk beter zijn dan de rest: -??? danger "VPN's zorgen niet voor anonimiteit" +
- Het gebruik van een VPN houdt jouw surfgedrag niet anoniem, noch voegt het extra beveiliging toe aan niet-beveiligd (HTTP) verkeer. +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPN's zorgen niet voor anonimiteit" + + Het gebruik van een VPN houdt jouw surfgedrag niet anoniem, ook voegt het geen extra beveiliging toe aan niet-beveiligd (HTTP) verkeer. - Als je op zoek bent naar **anonimiteit**, kunt je beter de Tor Browser **in plaats** van een VPN gebruiken. + Als je op zoek bent naar **anonimiteit**, moet je de Tor Browser gebruiken **in plaats** van een VPN. Als je op zoek bent naar extra **veiligheid**, moet je er altijd voor zorgen dat je verbinding maakt met websites via HTTPS. Een VPN is geen vervanging voor goede beveiligingspraktijken. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Mythen & FAQ](advanced/tor-overview.md){ .md-button } -??? question "Wanneer zijn VPN's nuttig?" - - Als je op zoek bent naar extra **privacy** van uw ISP, op een openbaar Wi-Fi-netwerk, of tijdens het torrenten van bestanden, kan een VPN de oplossing voor je zijn, zolang je de risico's ervan begrijpt. - - [Meer info](basics/vpn-overview.md){ .md-button } +[Gedetailleerd VPN-overzicht :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Aanbevolen Providers -!!! abstract "Criteria" - - Onze aanbevolen providers gebruiken encryptie, accepteren Monero, ondersteunen WireGuard & OpenVPN, en hebben een no logging beleid. Lees onze [volledige lijst van criteria](#onze-criteria) voor meer informatie. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is een sterke speler in de VPN-ruimte, en ze zijn in bedrijf sinds 2016. Proton AG is gevestigd in Zwitserland en biedt een beperkt gratis niveau en een meer uitgebreide premium optie. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentatie} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Broncode" } - - ??? downloads "Downloaden" - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Landen" - - Proton VPN heeft [servers in 67 landen](https://protonvpn.com/vpn-servers) (1). Door een VPN-provider te kiezen met een server het dichtst bij jou in de buurt, verminder je de latentie van het netwerkverkeer dat je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. - - Wij denken ook dat het voor de veiligheid van de privé-sleutels van de VPN-provider beter is als zij [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde oplossingen (met andere klanten) zoals [virtuele privé-servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Laatst gecontroleerd: 2022-09-16 - -??? success "Onafhankelijk Gecontroleerd" - - Vanaf januari 2020, heeft Proton VPN een onafhankelijke audit door SEC Consult ondergaan. SEC Consult vond enkele kwetsbaarheden met een gemiddeld en laag risico in de Windows-, Android- en iOS-applicaties van Proton VPN, die allemaal door Proton VPN "naar behoren waren verholpen" voordat de rapporten werden gepubliceerd. Geen van de geconstateerde problemen zou een aanvaller op afstand toegang hebben verschaft tot jouw apparaat of verkeer. Je kunt de afzonderlijke verslagen voor elk platform bekijken op [protonvpn.com](https://protonvpn.com/blog/open-source/). In april 2022 onderging Proton VPN [nog een audit](https://protonvpn.com/blog/no-logs-audit/) en het verslag werd [opgesteld door Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Voor de apps van Proton VPN is op 9 november 2021 een [attestbrief](https://proton.me/blog/security-audit-all-proton-apps) verstrekt door [Securitum](https://research.securitum.com). - -??? success "Open-Source Cliënts" - - Proton VPN biedt de broncode voor hun desktop en mobiele clients in hun [GitHub organisatie](https://github.com/ProtonVPN). - -??? success "Accepteert Cash" - - Proton VPN accepteert naast creditcards en PayPal ook Bitcoin en **contant geld/lokale valuta** als anonieme vormen van betaling. - -??? success "WireGuard Support" - - Proton VPN ondersteunt hoofdzakelijk het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van het modernste [cryptography](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) het gebruik van WireGuard met hun dienst. Op Proton VPN's Windows, macOS, iOS, Android, ChromeOS, en Android TV apps is WireGuard het standaard protocol; [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) voor het protocol is echter niet aanwezig in hun Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN ondersteunt momenteel alleen remote [port forwarding](https://protonvpn.com/support/port-forwarding/) op Windows, wat gevolgen kan hebben voor sommige toepassingen. Vooral Peer-to-peer-toepassingen zoals Torrent-cliënten. - -??? success "Mobiele klanten" - - Naast het leveren van standaard OpenVPN-configuratiebestanden, heeft Proton VPN mobiele clients voor [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=nl_US), en [GitHub](https://github.com/ProtonVPN/android-app/releases) die eenvoudige verbindingen met hun servers mogelijk maken. - -??? info "Aanvullende Functionaliteit" - - Proton VPN heeft eigen servers en datacenters in Zwitserland, IJsland en Zweden. Ze bieden adblocking en het blokkeren van bekende malware domeinen met hun DNS service. Ze bieden adblocking en blokkering van bekende malwaredomeinen met hun DNS-dienst. Daarnaast biedt Proton VPN ook "Tor" servers waarmee je gemakkelijk verbinding kunt maken met onion sites, maar we raden nog steeds sterk aan om hiervoor [de officiële Tor Browser](https://www.torproject.org/) te gebruiken. - -!!! danger "De killswitch-functionaliteit werkt niet op Intel-gebaseerde Macs" - - Systeemcrashes [kunnen optreden](https://protonvpn.com/support/macos-t2-chip-kill-switch/) op Intel-gebaseerde Macs bij gebruik van de VPN killswitch. Als je deze functie nodig hebt, en je gebruikt een Mac met Intel-chipset, moet je overwegen een andere VPN-dienst te gebruiken. +Onze aanbevolen providers gebruiken encryptie, accepteren Monero, ondersteunen WireGuard & OpenVPN, en hebben een no logging beleid. Lees onze [volledige lijst met criteria](#criteria) voor meer informatie. ### IVPN @@ -96,10 +36,10 @@ Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkop ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** is een andere premium VPN provider, en ze zijn actief sinds 2009. IVPN is gevestigd in Gibraltar. + **IVPN** is een premium VPN-provider en zijn actief sinds 2009. IVPN is gevestigd in Gibraltar. [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacybeleid" } [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentatie} [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Broncode" } @@ -111,43 +51,44 @@ Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkop - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Landen" +#### :material-check:{ .pg-green } 35 Landen - IVPN heeft [servers in 35 landen](https://www.ivpn.net/server-locations) (1). Door een VPN-provider te kiezen met een server het dichtst bij jou in de buurt, verminder je de latentie van het netwerkverkeer dat je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. - - Wij denken ook dat het voor de veiligheid van de privé-sleutels van de VPN-provider beter is als zij [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde oplossingen (met andere klanten) zoals [virtuele privé-servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN heeft [servers in 35 landen](https://www.ivpn.net/server-locations).(1) Door een VPN-provider te kiezen met een server die het dichtst bij je in de buurt staat, verminder je de vertraging van het netwerkverkeer die je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. +{ .annotate } 1. Laatst gecontroleerd: 2022-09-16 -??? success "Onafhankelijk Gecontroleerd" +Wij denken ook dat het beter is voor de veiligheid van de privésleutels van de VPN-provider als ze [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde servers (met andere klanten) zoals [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN heeft een [no-logging audit van Cure53](https://cure53.de/audit-report_ivpn.pdf) ondergaan die concludeerde in overeenstemming met de no-logging claim van IVPN. IVPN heeft in januari 2020 ook een [uitgebreid pentestrapport Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) afgerond. IVPN heeft ook gezegd dat zij van plan zijn in de toekomst [jaarverslagen](https://www.ivpn.net/blog/independent-security-audit-concluded) uit te brengen. Er is nog een evaluatie uitgevoerd [in april 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) en deze is opgesteld door Cure53 [op hun website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Onafhankelijk geaudit -??? success "Open-Source Cliënts" +IVPN heeft een [no-logging audit ondergaan van Cure53](https://cure53.de/audit-report_ivpn.pdf) die concludeerde in overeenstemming met de no-logging claim van IVPN. IVPN heeft ook een [uitgebreid pentest rapport afgerond Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in januari 2020. IVPN heeft ook gezegd dat het van plan is om in de toekomst [jaarverslagen](https://www.ivpn.net/blog/independent-security-audit-concluded) te publiceren. In april 2022 werd een verdere evaluatie uitgevoerd [](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) en door Cure53 [geproduceerd op hun website](https://cure53.de/pentest-report_IVPN_2022.pdf). - Sinds februari 2020 zijn [IVPN applicaties nu open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Broncode kan worden verkregen van hun [GitHub organisatie](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-source clients -??? success "Accepteert contant geld en Monero" +Vanaf februari 2020 zijn [IVPN-toepassingen nu open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Broncode kan worden verkregen van hun [GitHub organisatie](https://github.com/ivpn). - Naast creditcards/debetkaarten en PayPal accepteert IVPN ook Bitcoin, **Monero** en **cash/lokale valuta** (op jaarplannen) als anonieme betalingsvormen. +#### :material-check:{ .pg-green } Accepteert contant geld en Monero -??? success "WireGuard Support" +Mullvad accepteert naast creditcards en PayPal ook Bitcoin, Bitcoin Cash, **Monero** en **contant geld/lokale valuta** als anonieme vormen van betaling. - IVPN ondersteunt het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van het modernste [cryptography](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. - - IVPN [raad](https://www.ivpn.net/wireguard/) het gebruik van WireGuard aan en hierom is het protocol de standaard in alle apps van IVPN. IVPN biedt ook een WireGuard configuratie generator voor gebruik met de officiële WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard ondersteuning -??? success "Remote Port Forwarding" +IVPN ondersteunt het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van geavanceerde [cryptografie](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. - Remote [port forwarding] (https://en.wikipedia.org/wiki/Port_forwarding) is mogelijk met een Pro-abonnement. Port forwarding [kan geactiveerd worden](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via de client area. Port forwarding is alleen beschikbaar op IVPN bij gebruik van WireGuard of OpenVPN protocollen en is [uitgeschakeld op US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [adviseert](https://www.ivpn.net/wireguard/) het gebruik van WireGuard met hun dienst en daarom is het protocol de standaard op alle apps van IVPN. IVPN biedt ook een WireGuard configuratie generator voor gebruik met de officiële WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobiele klanten" +#### :material-check:{ .pg-green } Remote Port Forwarding - Naast het leveren van standaard OpenVPN-configuratiebestanden, heeft IVPN mobiele clients voor [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), en [GitHub](https://github.com/ivpn/android-app/releases) die eenvoudige verbindingen met hun servers mogelijk maken. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is mogelijk met een Pro-abonnement. Port forwarding [kan](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) geactiveerd worden via de client area. Port forwarding is alleen beschikbaar op IVPN bij gebruik van WireGuard- of OpenVPN-protocollen en is [uitgeschakeld op Amerikaanse servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Aanvullende Functionaliteit" +#### :material-check:{ .pg-green } Mobiele Clients - IVPN-clients ondersteunen tweefactorauthenticatie (de clients van Mullvad niet). IVPN biedt ook de "[AntiTracker](https://www.ivpn.net/antitracker)" functionaliteit, die advertentienetwerken en trackers op netwerkniveau blokkeert. +Naast het leveren van standaard OpenVPN-configuratiebestanden, heeft IVPN mobiele clients voor [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), en [GitHub](https://github.com/ivpn/android-app/releases) die gemakkelijke verbindingen met hun servers mogelijk maken. + +#### :material-information-outline:{ .pg-blue } Aanvullende functionaliteit + +IVPN-clients ondersteunen tweefactorauthenticatie (de clients van Mullvad niet). IVPN biedt ook "[AntiTracker](https://www.ivpn.net/antitracker)" functionaliteit, die advertentienetwerken en trackers op netwerkniveau blokkeert. ### Mullvad @@ -159,7 +100,7 @@ Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkop [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" }. + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacybeleid" }. [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentatie} [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Broncode" } @@ -172,55 +113,120 @@ Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkop - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 landen" +#### :material-check:{ .pg-green } 41 Landen - Mullvad heeft [servers in 41 landen](https://mullvad.net/servers/) (1). Door een VPN-provider te kiezen met een server het dichtst bij jou in de buurt, verminder je de latentie van het netwerkverkeer dat je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. - - Wij denken ook dat het voor de veiligheid van de privé-sleutels van de VPN-provider beter is als zij [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde oplossingen (met andere klanten) zoals [virtuele privé-servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad heeft [servers in 41 landen](https://mullvad.net/servers/).(1) Door een VPN-provider te kiezen met een server die het dichtst bij je in de buurt staat, verminder je de vertraging van het netwerkverkeer die je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. +{ .annotate } 1. Laatst gecontroleerd: 2023-01-19 -??? success "Onafhankelijk Gecontroleerd" +Wij denken ook dat het beter is voor de veiligheid van de privésleutels van de VPN-provider als ze [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde servers (met andere klanten) zoals [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - De VPN-clients van Mullvad zijn gecontroleerd door Cure53 en Assured AB in een pentest-rapport [gepubliceerd op cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). De beveiligingsonderzoekers concludeerden: +#### :material-check:{ .pg-green } Onafhankelijk geaudit + +De VPN-clients van Mullvad zijn geaudit door Cure53 en Assured AB in een pentest-rapport [gepubliceerd op cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). De beveiligingsonderzoekers concludeerden: + +> Cure53 en Assured AB zijn blij met de resultaten van de audit en de software laat over het algemeen een positieve indruk achter. Dankzij de inzet van het interne team van Mullvad VPN, twijfelen de testers er niet aan dat het project vanuit een beveiligingsoogpunt op het juiste spoor zit. + +In 2020 werd een tweede audit [aangekondigd](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) en werd het [definitieve auditverslag ](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) beschikbaar gesteld op de website van Cure53: + +> De resultaten van dit mei-juni 2020-project gericht op het Mullvad-complex zijn vrij positief. [...] Het totale applicatie-ecosysteem dat door Mullvad wordt gebruikt, laat een goede en gestructureerde indruk achter. De algemene structuur van de applicatie maakt het gemakkelijk om patches en fixes op een gestructureerde manier uit te rollen. De bevindingen van Cure53 laten vooral zien hoe belangrijk het is om de huidige lekken voortdurend te controleren en opnieuw te beoordelen, om de privacy van de eindgebruikers altijd te waarborgen. Dat gezegd hebbende, Mullvad beschermt de eindgebruiker uitstekend tegen veelvoorkomende lekken van PII en privacygerelateerde risico's. + +In 2020 werd een infstrastructuuraudit [aangekondigd](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) en werd het [definitieve auditverslag ](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) beschikbaar gesteld op de website van Cure53. Een ander rapport werd in opdracht gegeven [in juni 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) en is beschikbaar op [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-source clients + +Mullvad levert de broncode voor hun desktop en mobiele clients in hun [GitHub organisatie](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepteert contant geld en Monero + +Mullvad accepteert naast creditcards en PayPal ook Bitcoin, Bitcoin Cash, **Monero** en **contant geld/lokale valuta** als anonieme vormen van betaling. Ze aanvaarden ook Swish en bankoverschrijvingen. + +#### :material-check:{ .pg-green } WireGuard ondersteuning + +Mullvad ondersteunt het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van geavanceerde [cryptografie](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. + +Mullvad [adviseert](https://mullvad.net/en/help/why-wireguard/) het gebruik van WireGuard met hun dienst. Het is het standaard of enige protocol op Mullvad's Android, iOS, macOS en Linux apps, maar op Windows moet je [handmatig](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard inschakelen. Mullvad biedt ook een WireGuard configuratiegenerator voor gebruik met de officiële WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6-ondersteuning + +Mullvad ondersteunt de toekomst van netwerken [IPv6](https://en.wikipedia.org/wiki/IPv6). Hun netwerk geeft u [toegang tot diensten die gehost worden op IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) in tegenstelling tot andere providers die IPv6-verbindingen blokkeren. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is toegestaan voor mensen die eenmalige betalingen doen, maar niet voor rekeningen met een terugkerende/abonnementsgebaseerde betalingsmethode. Dit is om te voorkomen dat Mullvad je kan identificeren op basis van jouw poortgebruik en opgeslagen abonnementsinformatie. Zie [Port forwarding met Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) voor meer informatie. + +#### :material-check:{ .pg-green } Mobiele Clients + +Mullvad heeft [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) en [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients gepubliceerd, die beide een gebruiksvriendelijke interface ondersteunen in plaats van dat je jouw WireGuard-verbinding handmatig moet configureren. De Android client is ook beschikbaar op [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Aanvullende functionaliteit + +Mullvad is zeer transparant over welke knooppunten zij [bezitten of huren](https://mullvad.net/en/servers/). Ze gebruiken [ShadowSocks](https://shadowsocks.org/) in hun ShadowSocks + OpenVPN-configuratie, waardoor ze beter bestand zijn tegen firewalls met [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) die VPN's proberen te blokkeren. Vermoedelijk moet [China een andere methode gebruiken om ShadowSocks servers te blokkeren](https://github.com/net4people/bbs/issues/22). Mullvad's website is ook toegankelijk via Tor via [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 en Assured AB zijn blij met de resultaten van de audit en de software laat een algehele positieve indruk achter. Dankzij de inzet van het interne team van Mullvad VPN, twijfelen de testers er niet aan dat het project vanuit beveiligingsoogpunt op het juiste spoor zit. + **Proton VPN** is een sterke speler in de VPN-ruimte en is in bedrijf sinds 2016. Proton AG is gevestigd in Zwitserland en biedt een beperkte gratis versie aan en ook een meer uitgebreide premium optie. - In 2020 werd een tweede audit [aangekondigd](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) en werd het [definitieve auditverslag](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) beschikbaar gesteld op de website van Cure53: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacybeleid" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentatie} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Broncode" } - > De resultaten van dit mei-juni 2020 project gericht op het Mullvad complex zijn vrij positief. [...] Het door Mullvad gebruikte totale applicatie-ecosysteem maakt een degelijke en gestructureerde indruk. De algemene structuur van de applicatie maakt het gemakkelijk om patches en fixes op een gestructureerde manier uit te rollen. De bevindingen van Cure53 laten vooral zien hoe belangrijk het is om de huidige lekvectoren voortdurend te controleren en opnieuw te beoordelen, om de privacy van de eindgebruikers altijd te waarborgen. Dat gezegd hebbende, Mullvad beschermt de eindgebruiker uitstekend tegen veelvoorkomende lekken van PII en privacygerelateerde risico's. + ??? downloads "Downloaden" - In 2021 werd een infrastructuuraudit [aangekondigd](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) en werd het [definitieve auditverslag](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) beschikbaar gesteld op de website van Cure53. Een ander rapport werd [in juni 2022] besteld (https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) en is beschikbaar op [de website van Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Cliënts" +#### :material-check:{ .pg-green } 67 Landen - Mullvad biedt de broncode voor hun desktop en mobiele clients in hun [GitHub organisatie](https://github.com/mullvad/mullvadvpn-app). +Proton VPN heeft [servers in 67 landen](https://protonvpn.com/vpn-servers).(1) Door een VPN-provider te kiezen met een server die het dichtst bij je in de buurt staat, verminder je de vertraging van het netwerkverkeer die je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. +{ .annotate } -??? success "Accepteert contant geld en Monero" +1. Laatst gecontroleerd: 2022-09-16 - Mullvad accepteert naast creditcards en PayPal ook Bitcoin, Bitcoin Cash, **Monero** en **contant geld/lokale valuta** als anonieme vormen van betaling. Zij aanvaarden ook Swish en bankoverschrijvingen. +Wij denken ook dat het beter is voor de veiligheid van de privésleutels van de VPN-provider als ze [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde servers (met andere klanten) zoals [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Onafhankelijk geaudit - Mullvad ondersteunt het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van het modernste [cryptography](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. - - Mullvad [recommends](https://mullvad.net/nl/help/why-wireguard/) het gebruik van WireGuard met hun service. Het is het standaard of enige protocol op Mullvad 's Android-, iOS-, macOS- en Linux-apps, maar op Windows moet je [handmatig inschakelen](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad biedt ook een WireGuard configuratie generator aan voor gebruik met de officiële WireGuard [apps](https://www.wireguard.com/install/). +Vanaf januari 2020, heeft Proton VPN een onafhankelijke audit door SEC Consult ondergaan. SEC Consult vond enkele kwetsbaarheden met een gemiddeld en laag risico in de Windows-, Android- en iOS-applicaties van Proton VPN, die allemaal door Proton VPN "naar behoren waren verholpen" voordat de rapporten werden gepubliceerd. Geen van de geconstateerde problemen zou een aanvaller op afstand toegang hebben verschaft tot jouw apparaat of verkeer. Je kunt individuele rapporten voor elk platform bekijken op [protonvpn.com](https://protonvpn.com/blog/open-source/). In april 2022 onderging Proton VPN [nog een audit](https://protonvpn.com/blog/no-logs-audit/) en het rapport werd [opgesteld door Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Een [attestatiebrief](https://proton.me/blog/security-audit-all-proton-apps) werd op 9 november 2021 voor de apps van Proton VPN verstrekt door [Securitum](https://research.securitum.com). -??? success "IPv6 ondersteuning" +#### :material-check:{ .pg-green } Open-source clients - Mullvad ondersteunt de toekomst van networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Hun netwerk laat je toe [toegang te krijgen tot diensten die gehost worden op IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) in tegenstelling tot andere providers die IPv6-verbindingen blokkeren. +Proton VPN levert de broncode voor hun desktop en mobiele clients in hun [GitHub organisatie](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepteert contant geld - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is toegestaan voor mensen die eenmalige betalingen doen, maar niet voor rekeningen met een terugkerende/abonnementsgebaseerde betalingsmethode. Dit is om te voorkomen dat Mullvad je kan identificeren op basis van jouw poortgebruik en opgeslagen abonnementsinformatie. Zie [Port forwarding met Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) voor meer informatie. +Proton VPN accepteert, naast credit/debit cards, PayPal en [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), ook **contant geld** als anonieme vorm van betaling. -??? success "Mobiele klanten" +#### :material-check:{ .pg-green } WireGuard ondersteuning - Mullvad heeft [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) en [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients gepubliceerd, die beide een gebruiksvriendelijke interface ondersteunen in plaats van je te verplichten jouw WireGuard-verbinding handmatig te configureren. De Android-client is ook beschikbaar op [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN ondersteunt hoofdzakelijk het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van geavanceerde [cryptografie](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. -??? info "Aanvullende Functionaliteit" +Proton VPN [adviseert](https://protonvpn.com/blog/wireguard/) het gebruik van WireGuard met hun dienst. Op de Windows, macOS, iOS, Android, ChromeOS en Android TV apps van Proton VPN is WireGuard het standaardprotocol; [ondersteuning](https://protonvpn.com/support/how-to-change-vpn-protocols/) voor het protocol is echter niet aanwezig in hun Linux app. - Mullvad is zeer transparant over welke knooppunten zij [bezitten of huren] (https://mullvad.net/en/servers/). Ze gebruiken [ShadowSocks](https://shadowsocks.org/) in hun ShadowSocks + OpenVPN configuratie, waardoor ze beter bestand zijn tegen firewalls met [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) die VPN's proberen te blokkeren. Vermoedelijk, [China moet een andere methode gebruiken om ShadowSocks servers te blokkeren](https://github.com/net4people/bbs/issues/22). De website van Mullvad is ook toegankelijk via Tor op [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN ondersteunt momenteel alleen remote [port forwarding](https://protonvpn.com/support/port-forwarding/) op Windows, wat van invloed kan zijn op sommige toepassingen. Vooral Peer-to-peer-toepassingen zoals Torrent-cliënten. + +#### :material-check:{ .pg-green } Mobiele Clients + +Naast het leveren van standaard OpenVPN-configuratiebestanden, heeft Proton VPN mobiele clients voor [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), en [GitHub](https://github.com/ProtonVPN/android-app/releases) die eenvoudige verbindingen met hun servers mogelijk maken. + +#### :material-information-outline:{ .pg-blue } Aanvullende functionaliteit + +Proton VPN heeft eigen servers en datacenters in Zwitserland, IJsland en Zweden. Ze bieden adblocking en het blokkeren van bekende malware domeinen met hun DNS service. Ze bieden adblocking en blokkering van bekende malwaredomeinen met hun DNS-dienst. Bovendien biedt Proton VPN ook "Tor" -servers waarmee je eenvoudig verbinding kunt maken met. onion sites, maar we raden je nog steeds ten zeerste aan om hiervoor [de officiële Tor Browser](https://www.torproject.org/) te gebruiken. + +#### :material-alert-outline:{ .pg-orange } Killswitch-functie is kapot op Intel-gebaseerde Macs + +Systeemcrashes [kunnen optreden](https://protonvpn.com/support/macos-t2-chip-kill-switch/) op Intel-gebaseerde Macs bij het gebruik van de VPN killswitch. Als je deze functie nodig hebt, en je gebruikt een Mac met Intel-chipset, moet je overwegen een andere VPN-dienst te gebruiken. ## Criteria @@ -255,13 +261,13 @@ Wij geven er de voorkeur aan dat de door ons aanbevolen aanbieders zo weinig mog **Minimum om in aanmerking te komen:** -- Monero of contante betaling. +- [Anonieme cryptocurrency](cryptocurrency.md) **of** cash betalingsoptie. - Geen persoonlijke informatie nodig om te registreren: Hooguit gebruikersnaam, wachtwoord en e-mail. **Beste geval:** -- Accepteert Monero, contant geld, en andere vormen van anonieme betalingsopties (cadeaubonnen, enz.) -- Geen persoonlijke informatie aanvaard (automatisch gegenereerde gebruikersnaam, geen e-mail nodig, enz.) +- Accepteert meerdere [anonieme betalingsopties](advanced/payments.md). +- Er wordt geen persoonlijke informatie geaccepteerd (automatisch gegenereerde gebruikersnaam, geen e-mail vereist, enz.). ### Veiligheid @@ -319,5 +325,3 @@ Verantwoorde marketing die zowel educatief als nuttig is voor de consument zou k ### Extra functionaliteit Hoewel het geen strikte vereisten zijn, zijn er enkele factoren die wij in aanmerking hebben genomen bij het bepalen van de aanbieders die wij aanbevelen. Deze omvatten adblocking/tracker-blocking-functionaliteit, warrant canaries, multihop-verbindingen, uitstekende klantenondersteuning, het aantal toegestane gelijktijdige verbindingen, enz. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/pl/404.md b/i18n/pl/404.md index f0f4bec07..3c0a285c8 100644 --- a/i18n/pl/404.md +++ b/i18n/pl/404.md @@ -1,17 +1,19 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- -# 404 - Not Found +# 404 - Nie znaleziono We couldn't find the page you were looking for! Maybe you were looking for one of these? -- [Introduction to Threat Modeling](basics/threat-modeling.md) -- [Recommended DNS Providers](dns.md) -- [Best Desktop Web Browsers](desktop-browsers.md) -- [Best VPN Providers](vpn.md) -- [Privacy Guides Forum](https://discuss.privacyguides.net) -- [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.pl.txt" +- [Wprowadzenie do modelowania zagrożeń](basics/threat-modeling.md) +- [Polecani dostawcy DNS](dns.md) +- [Najlepsze przeglądarki internetowe na komputer](desktop-browsers.md) +- [Najlepszy VPN](vpn.md) +- [Forum Privacy Guides](https://discuss.privacyguides.net) +- [Nasz blog](https://blog.privacyguides.org) diff --git a/i18n/pl/about/criteria.md b/i18n/pl/about/criteria.md index f2e96c127..3084230bd 100644 --- a/i18n/pl/about/criteria.md +++ b/i18n/pl/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/donate.md b/i18n/pl/about/donate.md index 73bae2860..192953b88 100644 --- a/i18n/pl/about/donate.md +++ b/i18n/pl/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin Od czasu do czasu kupujemy produkty oraz usługi w celu przetestowania naszych [polecanych narzędzi](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/index.md b/i18n/pl/about/index.md index 950ea8271..619406fee 100644 --- a/i18n/pl/about/index.md +++ b/i18n/pl/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/notices.md b/i18n/pl/about/notices.md index 47d7c3f4e..788007668 100644 --- a/i18n/pl/about/notices.md +++ b/i18n/pl/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/privacy-policy.md b/i18n/pl/about/privacy-policy.md index 3f7f65c0c..c15227563 100644 --- a/i18n/pl/about/privacy-policy.md +++ b/i18n/pl/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Privacy Policy" +title: "Polityka prywatności" --- Privacy Guides to projekt społecznościowy prowadzony przez wielu aktywnych wolontariuszy. Publiczna lista członków zespołu [jest dostępna na GitHub](https://github.com/orgs/privacyguides/people). @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). Zastrzegamy sobie prawo do zmiany sposobu ogłaszania zmian w przyszłych wersjach tego dokumentu. W międzyczasie możemy aktualizować nasze informacje kontaktowe w dowolnym momencie bez ogłaszania tej zmiany. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/privacytools.md b/i18n/pl/about/privacytools.md index 46af2addc..515c21f59 100644 --- a/i18n/pl/about/privacytools.md +++ b/i18n/pl/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/services.md b/i18n/pl/about/services.md index a5af3086e..71f2c95b7 100644 --- a/i18n/pl/about/services.md +++ b/i18n/pl/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/statistics.md b/i18n/pl/about/statistics.md index d5cc14acf..8f17240c3 100644 --- a/i18n/pl/about/statistics.md +++ b/i18n/pl/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/advanced/communication-network-types.md b/i18n/pl/advanced/communication-network-types.md index 7acf22fa1..1f07a2c4c 100644 --- a/i18n/pl/advanced/communication-network-types.md +++ b/i18n/pl/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/advanced/dns-overview.md b/i18n/pl/advanced/dns-overview.md index 01f965751..8457d85b4 100644 --- a/i18n/pl/advanced/dns-overview.md +++ b/i18n/pl/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/advanced/payments.md b/i18n/pl/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/pl/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/pl/advanced/tor-overview.md b/i18n/pl/advanced/tor-overview.md index d92addd8d..69cc70f28 100644 --- a/i18n/pl/advanced/tor-overview.md +++ b/i18n/pl/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.pl.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/pl/android.md b/i18n/pl/android.md index 58e9121a7..cfe21b0d1 100644 --- a/i18n/pl/android.md +++ b/i18n/pl/android.md @@ -1,11 +1,12 @@ --- title: "Android" icon: 'fontawesome/brands/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } -The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features. +**Android Open Source Project** to system operacyjny o otwartym kodzie źródłowym przeznaczony na urządzenia mobilne, który jest rozwijany przez Google i działa na większości urządzeń mobilnych na Ziemi. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features. [:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage } [:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. rekomendacja -- [Ogólny przegląd Androida i zalecenia :hero-arrow-circle-right-fill:](os/android-overview.md) -- [Dlaczego polecamy GrapheneOS zamiast CalyxOS :hero-arrow-circle-right-fill:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Pochodne AOSP @@ -41,7 +43,7 @@ We recommend installing one of these custom Android operating systems on your de [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } -DivestOS posiada zautomatyzowane [naprawianie](https://gitlab.com/divested-mobile/cve_checker) luk bezpieczeństwa jądra ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), mniej zastrzeżonych moduów, własny plik [hosts](https://divested.dev/index.php?page=dnsbl) oraz [F-Droid](https://www.f-droid.org) jako sklep z aplikacjami. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). @@ -63,9 +65,9 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS implements some system hardening patches originally developed for GrapheneOS. Systemy oraz oprogramowanie sprzętowe urządzeń mobilnych są wspierane tylko przez ograniczony czas, więc kupno nowego urządzenia wydłuża jego żywotność do maksimum. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -Unikaj kupowania urządzeń od operatorów sieci komórkowych. Posiadają one często **zablokowany program rozruchowy** i nie mają wsparcia dla [odblokowania OEM](https://source.android.com/devices/bootloader/locking_unlocking). Te warianty urządzeń uniemożliwią Ci zainstalowanie jakiejkolwiek alternatywnej dystrybucji Androida. We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning @@ -77,14 +79,14 @@ Unikaj kupowania urządzeń od operatorów sieci komórkowych. Posiadają one cz When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Urządzenia Google Pixel są **jedynymi** urządzeniami, które polecamy zakupić. Te urządzenia posiadają silniejsze zabezpieczenia sprzętowe niż jakiekolwiek inne urządzenia z Androidem obecnie dostępne na rynku dzięki odpowiedniemu wsparciu AVB dla alternatywnych systemów operacyjnych oraz układom bezpieczeństwa Google [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) działającymi jako Bezpieczna enklawa. These phone variants will prevent you from installing any kind of alternative Android distribution. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. A few more tips regarding Android devices and operating system compatibility: -- Nie kupuj urządzeń, których okres wsparcia dobiegł końca lub zbliża się do tego momentu, ponieważ dodatkowe aktualizacje bezpieczeństwa muszą zostać dostarczone przez producenta. -- Nie kupuj urządzeń z fabrycznie wgranym LineageOS lub /e/ OS lub jakiegokolwiek urządzenia z Androidem bez odpowiedniego wsparcia dla [Zweryfikowanego rozruchu](https://source.android.com/security/verifiedboot) oraz aktualizacji oprogramowania. Na tych urządzeniach nie można również sprawdzić, czy ktoś z nimi nie eksperymentował. +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. - In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! ### Google Pixel @@ -251,7 +253,7 @@ The Google Play Store requires a Google account to login which is not great for - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store does not allow you to download paid apps with their anonymous account feature. [Aurora Store](https://auroraoss.com/download/AuroraStore/) (klient Sklepu Google Play) tego nie wymaga i działa w większości przypadków. +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. ### GrapheneOS App Store @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/account-creation.md b/i18n/pl/basics/account-creation.md index 40dbcd5a5..afa5d429f 100644 --- a/i18n/pl/basics/account-creation.md +++ b/i18n/pl/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/account-deletion.md b/i18n/pl/basics/account-deletion.md index abcaa5073..ead15df35 100644 --- a/i18n/pl/basics/account-deletion.md +++ b/i18n/pl/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/common-misconceptions.md b/i18n/pl/basics/common-misconceptions.md index a85efe598..41997417f 100644 --- a/i18n/pl/basics/common-misconceptions.md +++ b/i18n/pl/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.pl.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/pl/basics/common-threats.md b/i18n/pl/basics/common-threats.md index 0de46265d..e278c0cbf 100644 --- a/i18n/pl/basics/common-threats.md +++ b/i18n/pl/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.pl.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/pl/basics/email-security.md b/i18n/pl/basics/email-security.md index 9593ee2ce..f0c2fb579 100644 --- a/i18n/pl/basics/email-security.md +++ b/i18n/pl/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/multi-factor-authentication.md b/i18n/pl/basics/multi-factor-authentication.md index 3f50a6c7e..9259d8b7a 100644 --- a/i18n/pl/basics/multi-factor-authentication.md +++ b/i18n/pl/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Uwierzytelnianie wieloskładnikowe" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Uwierzytelnianie wieloskładnikowe** to mechanizm zabezpieczeń, który wymaga dodatkowych czynności poza wprowadzeniem nazwy użytkownika (lub e-maila) oraz hasła. Najczęściej spotykaną metodą są ograniczone czasowo kody otrzymywane poprzez wiadomość SMS lub aplikację. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/passwords-overview.md b/i18n/pl/basics/passwords-overview.md index c596d8b07..a18b788e9 100644 --- a/i18n/pl/basics/passwords-overview.md +++ b/i18n/pl/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Kopie zapasowe You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/threat-modeling.md b/i18n/pl/basics/threat-modeling.md index a9786ffe2..2b52e6aef 100644 --- a/i18n/pl/basics/threat-modeling.md +++ b/i18n/pl/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Czym są modele zagrożeń" icon: 'material/target-account' +description: Osiągnięcie kompromisu pomiędzy bezpieczeństwem, prywatnością oraz łatwością korzystania jest pierwszym, a zarazem najtrudniejszym zadaniem z jakim przyjdzie Ci się zmierzyć na swojej drodze do prywatności. --- Osiągnięcie kompromisu pomiędzy bezpieczeństwem, prywatnością oraz łatwością korzystania jest pierwszym, a zarazem najtrudniejszym zadaniem z jakim przyjdzie Ci się zmierzyć na swojej drodze do prywatności. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Źródła - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/vpn-overview.md b/i18n/pl/basics/vpn-overview.md index 6c7660e44..a1a007f52 100644 --- a/i18n/pl/basics/vpn-overview.md +++ b/i18n/pl/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/calendar.md b/i18n/pl/calendar.md index de7240973..4d5b9f554 100644 --- a/i18n/pl/calendar.md +++ b/i18n/pl/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -68,5 +69,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/cloud.md b/i18n/pl/cloud.md index 4a9c053ed..1ec79fa5d 100644 --- a/i18n/pl/cloud.md +++ b/i18n/pl/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/cryptocurrency.md b/i18n/pl/cryptocurrency.md new file mode 100644 index 000000000..8721af78f --- /dev/null +++ b/i18n/pl/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! rekomendacja + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/pl/data-redaction.md b/i18n/pl/data-redaction.md index 15cfda674..4cace5240 100644 --- a/i18n/pl/data-redaction.md +++ b/i18n/pl/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/desktop-browsers.md b/i18n/pl/desktop-browsers.md index 0c8d6b45c..ac30fb8a5 100644 --- a/i18n/pl/desktop-browsers.md +++ b/i18n/pl/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.pl.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/pl/desktop.md b/i18n/pl/desktop.md index 3f4000b35..7466b4b85 100644 --- a/i18n/pl/desktop.md +++ b/i18n/pl/desktop.md @@ -1,6 +1,7 @@ --- title: "Magazyny chmurowe" icon: fontawesome/brands/linux +description: Dystrybucje systemu Linux są powszechnie polecane, jeśli chodzi o ochronę prywatności oraz wolne oprogramowanie. --- Dystrybucje systemu Linux są powszechnie polecane, jeśli chodzi o ochronę prywatności oraz wolne oprogramowanie. Jeśli nie korzystasz jeszcze z systemu Linux, poniżej znajdziesz kilka dystrybucji, które polecamy wypróbować oraz kilka ogólnych porad dotyczących lepszej prywatności i bezpieczeństwa, które mają zastosowanie dla wielu dystrybucji systemu Linux. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/dns.md b/i18n/pl/dns.md index f326defd9..0275f4790 100644 --- a/i18n/pl/dns.md +++ b/i18n/pl/dns.md @@ -1,24 +1,23 @@ --- -title: "DNS Resolvers" +title: "Rekursywne serwery nazw" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Szyfrowany DNS nie pomoże Ci w ukryciu jakiejkolwiek aktywności w Internecie. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} -## Recommended Providers +## Rekomendowani dostawcy -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| Dostawca DNS | Polityka prywatności | Protokoły | Rejestrowane dane | ECS | Filtrowanie | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ----------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Niektóre[^1] | Nie | Zależne od wybranego serwera. Listę filtrowania możesz znaleźć tutaj: [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Niektóre[^2] | Nie | Zależne od wybranego serwera. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Do wyboru[^3] | Nie | Zależne od wybranego serwera. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | Żadne[^4] | Nie | Zależne od wybranego serwera. Listę filtrowania możesz znaleźć tutaj: [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Do wyboru[^5] | Do wyboru | Zależne od wybranego serwera. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Niektóre[^6] | Do wyboru | Zależne od wybranego serwera. Złośliwe zasoby blokowane automatycznie. | ## Criteria @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.pl.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/pl/email-clients.md b/i18n/pl/email-clients.md index 09dfdfe4e..db8baa996 100644 --- a/i18n/pl/email-clients.md +++ b/i18n/pl/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/email.md b/i18n/pl/email.md index e820464b5..2cc31c536 100644 --- a/i18n/pl/email.md +++ b/i18n/pl/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/encryption.md b/i18n/pl/encryption.md index ccb3fbf10..ac0153225 100644 --- a/i18n/pl/encryption.md +++ b/i18n/pl/encryption.md @@ -1,6 +1,7 @@ --- title: "Oprogramowanie szyfrujące" icon: material/file-lock +description: Szyfrowanie danych to jedyny sposób na kontrolowanie tego, kto ma do nich dostęp. These tools allow you to encrypt your emails and any other files. --- Szyfrowanie danych to jedyny sposób na kontrolowanie tego, kto ma do nich dostęp. Jeśli obecnie nie używasz oprogramowania szyfrującego dla swojego dysku, e-maili lub plików, możesz wybrać jedną z tych opcji. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/file-sharing.md b/i18n/pl/file-sharing.md index 7c5c2668e..1868bf2fc 100644 --- a/i18n/pl/file-sharing.md +++ b/i18n/pl/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Dowiedz się, jak prywatnie udostępniać piki pomiędzy swoimi urządzeniami, ze znajomymi lub rodziną lub anonimowo w sieci. --- Dowiedz się, jak prywatnie udostępniać piki pomiędzy swoimi urządzeniami, ze znajomymi lub rodziną lub anonimowo w sieci. @@ -152,5 +153,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/financial-services.md b/i18n/pl/financial-services.md new file mode 100644 index 000000000..95af41ad5 --- /dev/null +++ b/i18n/pl/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! rekomendacja + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! rekomendacja + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! rekomendacja + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! rekomendacja + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/pl/frontends.md b/i18n/pl/frontends.md index 3b041ef07..dd2122b6b 100644 --- a/i18n/pl/frontends.md +++ b/i18n/pl/frontends.md @@ -1,6 +1,7 @@ --- title: "Menedżery haseł" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/index.md b/i18n/pl/index.md index 19b703ce9..36687c098 100644 --- a/i18n/pl/index.md +++ b/i18n/pl/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/kb-archive.md b/i18n/pl/kb-archive.md index 629dbfe23..e588f3c5f 100644 --- a/i18n/pl/kb-archive.md +++ b/i18n/pl/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integracja usuwania metadanych](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/meta/brand.md b/i18n/pl/meta/brand.md index 896f17030..53cb9ac42 100644 --- a/i18n/pl/meta/brand.md +++ b/i18n/pl/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/meta/git-recommendations.md b/i18n/pl/meta/git-recommendations.md index 7d1c26683..f59b5f81f 100644 --- a/i18n/pl/meta/git-recommendations.md +++ b/i18n/pl/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/meta/uploading-images.md b/i18n/pl/meta/uploading-images.md index 58a7b0f4f..55f136f8a 100644 --- a/i18n/pl/meta/uploading-images.md +++ b/i18n/pl/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/meta/writing-style.md b/i18n/pl/meta/writing-style.md index b5b31357f..b9e47a716 100644 --- a/i18n/pl/meta/writing-style.md +++ b/i18n/pl/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/mobile-browsers.md b/i18n/pl/mobile-browsers.md index a89eebfc7..9d6b80ca6 100644 --- a/i18n/pl/mobile-browsers.md +++ b/i18n/pl/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Przeglądarki mobilne" icon: octicons/device-mobile-16 +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- Oto obecnie polecane przez nas przeglądarki mobilne oraz ich konfiguracje. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. Ogólnie rzecz biorąc, zalecamy ograniczenie rozszerzeń do minimum; posiadają one uprzywilejowany dostęp do Twojej przeglądarki, wymagają zaufania do twórcy, mogą wspomóc [personalizowanie](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) oraz [osłabić](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) izolację witryn. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/multi-factor-authentication.md b/i18n/pl/multi-factor-authentication.md index cb7f9e886..e222c7e0a 100644 --- a/i18n/pl/multi-factor-authentication.md +++ b/i18n/pl/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/news-aggregators.md b/i18n/pl/news-aggregators.md index 65538dc63..8068bf49d 100644 --- a/i18n/pl/news-aggregators.md +++ b/i18n/pl/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/notebooks.md b/i18n/pl/notebooks.md index 4540fd5fa..cb812f44a 100644 --- a/i18n/pl/notebooks.md +++ b/i18n/pl/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notatniki" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Prowadź swoje notatniki i dzienniki bez udostępniania ich stronom trzecim. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/os/android-overview.md b/i18n/pl/os/android-overview.md index b705b0dfe..7787caafe 100644 --- a/i18n/pl/os/android-overview.md +++ b/i18n/pl/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: fontawesome/brands/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android to bezpieczny system operacyjny, który posiada silną [izolację aplikacji](https://source.android.com/security/app-sandbox), [Weryfikację rozruchu](https://source.android.com/security/verifiedboot) (AVB), oraz solidny system kontroli [uprawnień](https://developer.android.com/guide/topics/permissions/overview). @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Uprawnienia systemu Android -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Profile użytkowników @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/os/linux-overview.md b/i18n/pl/os/linux-overview.md index 78e266ce1..e0d85bc3f 100644 --- a/i18n/pl/os/linux-overview.md +++ b/i18n/pl/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: fontawesome/brands/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/os/qubes-overview.md b/i18n/pl/os/qubes-overview.md index 0e92c5dc5..1325d97cf 100644 --- a/i18n/pl/os/qubes-overview.md +++ b/i18n/pl/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/passwords.md b/i18n/pl/passwords.md index 4c958bd16..48f2b1ecd 100644 --- a/i18n/pl/passwords.md +++ b/i18n/pl/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/productivity.md b/i18n/pl/productivity.md index f45343ad4..1b6b6db2a 100644 --- a/i18n/pl/productivity.md +++ b/i18n/pl/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/real-time-communication.md b/i18n/pl/real-time-communication.md index afbe34716..7e9c8a31b 100644 --- a/i18n/pl/real-time-communication.md +++ b/i18n/pl/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/router.md b/i18n/pl/router.md index c495b5c0c..7653b9ac4 100644 --- a/i18n/pl/router.md +++ b/i18n/pl/router.md @@ -1,6 +1,7 @@ --- title: "Oprogramowanie routera" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Poniżej wymieniono kilka alternatywnych systemów operacyjnych, które możesz zainstalować na swoim routerze, punkcie dostępowym Wi-Fi itp. @@ -48,5 +49,3 @@ OPNsense zostało pierwotnie opracowane na podstawie [pfSense](https://en.wikipe - Wymagane jest otwarte źródło. - Wymagane są regularne aktualizacje. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/search-engines.md b/i18n/pl/search-engines.md index 1669cfafd..22c86ff0f 100644 --- a/i18n/pl/search-engines.md +++ b/i18n/pl/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/tools.md b/i18n/pl/tools.md index ec3295aab..b8c002fa9 100644 --- a/i18n/pl/tools.md +++ b/i18n/pl/tools.md @@ -3,6 +3,7 @@ title: "Narzędzia ochrony prywatności" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Jeśli szukasz konkretnego rozwiązania, oto polecane przez nas narzędzia oraz oprogramowanie w różnych kategoriach. Polecane przez nas narzędzia zostały wybrane głównie na podstawie funkcji zabezpieczeń z dodatkowym naciskiem na te o zdecentralizowane i o otwartym kodzie żródłowym. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Dowiedz się więcej :hero-arrow-circle-right-fill:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Dowiedz się więcej :hero-arrow-circle-right-fill:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Dowiedz się więcej :hero-arrow-circle-right-fill:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Dowiedz się więcej :hero-arrow-circle-right-fill:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Dowiedz się więcej :hero-arrow-circle-right-fill:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Dowiedz się więcej :hero-arrow-circle-right-fill:](video-streaming.md) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/tor.md b/i18n/pl/tor.md index 63a26275a..2d4488419 100644 --- a/i18n/pl/tor.md +++ b/i18n/pl/tor.md @@ -1,6 +1,7 @@ --- title: "Przeglądarki internetowe" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/video-streaming.md b/i18n/pl/video-streaming.md index d51c7c01d..a89a6ffd8 100644 --- a/i18n/pl/video-streaming.md +++ b/i18n/pl/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Strumieniowanie filmów" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- Podstawowym zagrożeniem związanym z korzystaniem z platformy do strumieniowania filmów jest to, że Twoje nawyki dotyczące strumieniowania oraz listy subskrypcyjne mogą zostać wykorzystane do profilowania Ciebie. Warto połączyć te narzędzia z [VPN](vpn.md) lub [Tor](https://www.torproject.org/), aby utrudnić profilowanie. @@ -50,5 +51,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/vpn.md b/i18n/pl/vpn.md index 2073c392b..8f4738b0c 100644 --- a/i18n/pl/vpn.md +++ b/i18n/pl/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +## Rekomendowani dostawcy -## Recommended Providers - -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pt-BR/404.md b/i18n/pt-BR/404.md index 0b626e1e3..a2ee2ba04 100644 --- a/i18n/pt-BR/404.md +++ b/i18n/pt-BR/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Não encontrado @@ -13,5 +17,3 @@ Não conseguimos encontrar a página que você estava procurando! Talvez você e - [Melhores serviços de VPN](vpn.md) - [Fórum do Privacy Guides](https://discuss.privacyguides.net) - [Nosso Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/criteria.md b/i18n/pt-BR/about/criteria.md index cfb1252c5..3084230bd 100644 --- a/i18n/pt-BR/about/criteria.md +++ b/i18n/pt-BR/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/donate.md b/i18n/pt-BR/about/donate.md index 490497a9c..32e48ff06 100644 --- a/i18n/pt-BR/about/donate.md +++ b/i18n/pt-BR/about/donate.md @@ -48,5 +48,3 @@ Nós hospedamos [serviços de internet](https://privacyguides.net) para teste e Ocasionamente adquirimos produtos e serviços com o propósito de testar as nossas [ferramentas recomendadas](../tools.md). Ainda estamos a trabalhar com o nosso anfitrião fiscal (a Open Collective Foundation) para receber doações em criptomoeda. No momento a contabilidade não é viável para muitas transações menores, mas isso deve mudar no futuro. Enquanto isso, se você deseja fazer uma doação de criptomoeda considerável (> $100), entre em contato com [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/index.md b/i18n/pt-BR/about/index.md index 1869f484a..619406fee 100644 --- a/i18n/pt-BR/about/index.md +++ b/i18n/pt-BR/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/notices.md b/i18n/pt-BR/about/notices.md index c6fdff4ad..57185994d 100644 --- a/i18n/pt-BR/about/notices.md +++ b/i18n/pt-BR/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Mineração de dados * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/privacy-policy.md b/i18n/pt-BR/about/privacy-policy.md index 4299a53c0..e8c74d876 100644 --- a/i18n/pt-BR/about/privacy-policy.md +++ b/i18n/pt-BR/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Privacy Policy" +title: "Política de Privacidade" --- Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). @@ -8,12 +8,12 @@ Privacy Guides is a community project operated by a number of active volunteer c The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website: -- No personal information is collected +- Nenhuma informação pessoal é coletada - No information such as cookies are stored in the browser - No information is shared with, sent to or sold to third-parties - No information is shared with advertising companies - No information is mined and harvested for personal and behavioral trends -- No information is monetized +- Nenhuma informação é monetizada You can view the data we collect on our [statistics](statistics.md) page. @@ -29,7 +29,7 @@ To sign up for most accounts, we will collect a name, username, email, and passw We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services. -We use your email to: +Nós usamos o seu e-mail para: - Notify you about posts and other activity on the websites or services. - Reset your password and help keep your account secure. @@ -40,7 +40,7 @@ On some websites and services you may provide additional information for your ac We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days. -## Contacting Us +## Fale Conosco The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to: @@ -54,10 +54,8 @@ For all other inquiries, you can contact any member of our team. Para queixas no âmbito da GDPR em geral, você pode apresentar queixas às suas autoridades supervisoras locais de proteção de dados. Na França, é a Commission Nationale de l'Informatique et des Libertés que cuida e lida com as queixas. Eles fornecem um [modelo de carta de reclamação](https://www.cnil.fr/en/plaintes) para usar. -## About This Policy +## Sobre esta Política We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/privacytools.md b/i18n/pt-BR/about/privacytools.md index f74ea6bd7..dc483628e 100644 --- a/i18n/pt-BR/about/privacytools.md +++ b/i18n/pt-BR/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/services.md b/i18n/pt-BR/about/services.md index d4a69ebca..48ee99c4a 100644 --- a/i18n/pt-BR/about/services.md +++ b/i18n/pt-BR/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Disponibilidade: Semi-Público Hospedamos o Invidious principalmente para veicular vídeos incorporados do YouTube em nosso site, esta instância não se destina ao uso geral e pode ser limitada a qualquer momento. - Fonte: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/statistics.md b/i18n/pt-BR/about/statistics.md index 517109adb..8f17240c3 100644 --- a/i18n/pt-BR/about/statistics.md +++ b/i18n/pt-BR/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/advanced/communication-network-types.md b/i18n/pt-BR/advanced/communication-network-types.md index dda1fcfe9..ec863db5b 100644 --- a/i18n/pt-BR/advanced/communication-network-types.md +++ b/i18n/pt-BR/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Tipos de redes de comunicação" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- Existem várias arquiteturas de rede comumente usadas para retransmitir mensagens entre pessoas. Essas redes podem fornecer diferentes garantias de privacidade, e é por isso que vale a pena considerar seu [modelo de ameaça](../basics/threat-modeling.md) ao decidir qual aplicativo usar. @@ -100,5 +101,3 @@ A auto-hospedagem de um nó em uma rede de roteamento anônimo não fornece ao h - Menos confiável se os nós são selecionados por roteamento randomizado, alguns nós podem estar muito longe do remetente e do receptor, adicionando latência ou mesmo não transmitindo mensagens se um dos nós ficar offline. - Mais complexo para começar, pois é necessária a criação e o backup seguro de uma chave privada criptográfica. - Assim como outras plataformas descentralizadas, adicionar recursos é mais complexo para os desenvolvedores do que em uma plataforma centralizada. Assim, os recursos podem estar faltando ou incompletamente implementados, como retransmissão de mensagens offline ou exclusão de mensagens. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/advanced/dns-overview.md b/i18n/pt-BR/advanced/dns-overview.md index 429b36cd1..bd4061ccd 100644 --- a/i18n/pt-BR/advanced/dns-overview.md +++ b/i18n/pt-BR/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Introdução ao DNS" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/advanced/payments.md b/i18n/pt-BR/advanced/payments.md new file mode 100644 index 000000000..cbc1846f3 --- /dev/null +++ b/i18n/pt-BR/advanced/payments.md @@ -0,0 +1,85 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Criptomoedas + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! aviso + Você **nunca** deve instalar quaisquer extensões adicionais no Tor Browser, incluindo as que sugerimos para o Firefox. + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/pt-BR/advanced/tor-overview.md b/i18n/pt-BR/advanced/tor-overview.md index 25cc0834c..61dc2ec43 100644 --- a/i18n/pt-BR/advanced/tor-overview.md +++ b/i18n/pt-BR/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [Como funciona o Tor - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Serviços Tor Onion - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/pt-BR/android.md b/i18n/pt-BR/android.md index aa7a84d1d..c98fc6332 100644 --- a/i18n/pt-BR/android.md +++ b/i18n/pt-BR/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,20 +14,21 @@ O **Android Open Source Project** é um sistema operacional de código aberto li Estes são os sistemas operacionais, dispositivos e aplicações Android que recomendamos para maximizar a segurança e privacidade do seu dispositivo móvel. Para saber mais sobre o Android: -- [Visão geral do Android :material-arrow-right-drop-circle:](os/android-overview.md) -- [Por que recomendamos o GrapheneOS em vez do CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[Visão Geral do Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Por que recomendamos o GrapheneOS em vez do CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Derivados do AOSP Recomendamos instalar um desses sistemas operacionais Android personalizados em seu dispositivo, listados em ordem de preferência, dependendo da compatibilidade do seu dispositivo com esses sistemas operacionais. -!!! note +!!! nota Os dispositivos em fim de vida útil (como os dispositivos GrapheneOS ou "suporte estendido" da CalyxOS) não possuem patches de segurança completos (atualizações de firmware) devido à interrupção do suporte do OEM. Estes dispositivos não podem ser considerados completamente seguros, independentemente do software instalado. ### GrapheneOS -!!! recommendation +!!! recomendação ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right } ![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right } @@ -41,13 +43,13 @@ Recomendamos instalar um desses sistemas operacionais Android personalizados em [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } -GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. Isso significa que você pode tirar proveito da maioria dos Google Play Services, como [notificações push](https://firebase.google.com/docs/cloud-messaging/), enquanto lhe dá controle total sobre suas permissões e acesso, e ao mesmo tempo contê-los para um perfil de trabalho [específico](os/android-overview.md#work-profile) ou [perfil de usuário](os/android-overview.md#user-profiles) de sua escolha. -Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). +Os telefones Google Pixel são os únicos dispositivos que atualmente atendem aos [requisitos de segurança de hardware do GrapheneOS](https://grapheneos.org/faq#device-support). ### DivestOS -!!! recommendation +!!! recomendação ![DivestOS logo](assets/img/android/divestos.svg){ align=right } @@ -63,11 +65,11 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). +O DivestOS implementa alguns patches de fortalecimento desenvolvidos originalmente para o GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 e superior apresenta a opção de [ randomização do MAC](https://en.wikipedia.org/wiki/MAC_address#Randomization) completa por rede do GrapheneOS, controle [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) e [opções de tempo limite](https://grapheneos.org/features) de reinicialização automática/Wi-Fi/Bluetooth. DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. -!!! warning +!!! aviso DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. @@ -75,7 +77,7 @@ DivestOS uses F-Droid as its default app store. Normally, we would recommend avo ## Android Devices -When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. +Ao adquirir um dispositivo, recomendamos que o adquira o mais novo possível. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. @@ -310,9 +312,9 @@ If you download APK files to install manually, you can verify their signature wi Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. -Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. No entanto, não é algo que podemos recomendar, já que normalmente os aplicativos são [removidos](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) desse repositório quando vão para o repositório oficial do F-Droid. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. -Com isso em mente, os repositórios do [F-Droid](https://f-droid.org/en/packages/) e [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) hospedam milhares de projetos, então eles podem ser boas ferramentas para pesquisar e descobrir aplicativos open-source que você pode, então, obter pela Play Store, Aurora Store ou baixando o APK disponibilizado pelo desenvolvedor. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. !!! note @@ -337,7 +339,7 @@ Com isso em mente, os repositórios do [F-Droid](https://f-droid.org/en/packages - Must **not** enable Google Play Services by default. - Must **not** require system modification to support Google Play Services. -### Devices +### Dispositivos - Must support at least one of our recommended custom operating systems. - Must be currently sold new in stores. @@ -349,5 +351,3 @@ Com isso em mente, os repositórios do [F-Droid](https://f-droid.org/en/packages - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/account-creation.md b/i18n/pt-BR/basics/account-creation.md index 7e82dedf9..afa5d429f 100644 --- a/i18n/pt-BR/basics/account-creation.md +++ b/i18n/pt-BR/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/account-deletion.md b/i18n/pt-BR/basics/account-deletion.md index 01266fb36..d1463f8af 100644 --- a/i18n/pt-BR/basics/account-deletion.md +++ b/i18n/pt-BR/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Exclusão de Conta" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Com o tempo, pode ser fácil acumular várias contas online, muitas das quais você pode não mais usar. Excluir essas contas não utilizadas é um passo importante para recuperar sua privacidade, pois contas inativas são vulneráveis a violações de dados. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Evite Novas Contas As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/common-misconceptions.md b/i18n/pt-BR/basics/common-misconceptions.md index a5e7a0192..7e0257f1c 100644 --- a/i18n/pt-BR/basics/common-misconceptions.md +++ b/i18n/pt-BR/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Equívocos Comuns" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Software de código aberto é sempre seguro" ou "Software proprietário é mais seguro" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/pt-BR/basics/common-threats.md b/i18n/pt-BR/basics/common-threats.md index 2d4f6b0c4..a2b297d47 100644 --- a/i18n/pt-BR/basics/common-threats.md +++ b/i18n/pt-BR/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Ameaças Comuns" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/pt-BR/basics/email-security.md b/i18n/pt-BR/basics/email-security.md index a95f97e8c..24a8cfc35 100644 --- a/i18n/pt-BR/basics/email-security.md +++ b/i18n/pt-BR/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Segurança de Email icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Por Que os Metadados Não Podem Ser E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/multi-factor-authentication.md b/i18n/pt-BR/basics/multi-factor-authentication.md index cefa281d4..0e9fb7063 100644 --- a/i18n/pt-BR/basics/multi-factor-authentication.md +++ b/i18n/pt-BR/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticação de Múltiplos Fatores" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/passwords-overview.md b/i18n/pt-BR/basics/passwords-overview.md index fce59c5f2..6858d8b5b 100644 --- a/i18n/pt-BR/basics/passwords-overview.md +++ b/i18n/pt-BR/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/threat-modeling.md b/i18n/pt-BR/basics/threat-modeling.md index e405f4a0f..0940d141e 100644 --- a/i18n/pt-BR/basics/threat-modeling.md +++ b/i18n/pt-BR/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Modelagem de Ameaças" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Fontes - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/vpn-overview.md b/i18n/pt-BR/basics/vpn-overview.md index 4f9a7736f..b1d59230d 100644 --- a/i18n/pt-BR/basics/vpn-overview.md +++ b/i18n/pt-BR/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -17,7 +18,7 @@ VPNs cannot encrypt data outside of the connection between your device and the V However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking. -## When shouldn't I use a VPN? +## Quando não deveria usar uma VPN? Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful. @@ -43,11 +44,11 @@ By using a VPN with Tor, you're creating essentially a permanent entry node, oft ## E se eu precisar de anonimato? -VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead. +As VPNs não podem fornecer anonimato. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) em vez disso. ## E os provedores de VPN que fornecem nós Tor? -Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). +Não use esse recurso. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/calendar.md b/i18n/pt-BR/calendar.md index ba913cf16..bbcb033ad 100644 --- a/i18n/pt-BR/calendar.md +++ b/i18n/pt-BR/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/cloud.md b/i18n/pt-BR/cloud.md index df89a2de6..2bcc2596f 100644 --- a/i18n/pt-BR/cloud.md +++ b/i18n/pt-BR/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/cryptocurrency.md b/i18n/pt-BR/cryptocurrency.md new file mode 100644 index 000000000..7c0606c88 --- /dev/null +++ b/i18n/pt-BR/cryptocurrency.md @@ -0,0 +1,54 @@ +--- +title: Criptomoedas +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! aviso + Você **nunca** deve instalar quaisquer extensões adicionais no Tor Browser, incluindo as que sugerimos para o Firefox. + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/pt-BR/data-redaction.md b/i18n/pt-BR/data-redaction.md index ca0f8552c..961594a8d 100644 --- a/i18n/pt-BR/data-redaction.md +++ b/i18n/pt-BR/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/desktop-browsers.md b/i18n/pt-BR/desktop-browsers.md index 7481af53c..0f5ca515c 100644 --- a/i18n/pt-BR/desktop-browsers.md +++ b/i18n/pt-BR/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Navegadores Desktop" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/pt-BR/desktop.md b/i18n/pt-BR/desktop.md index 5076ac4db..2db4d1191 100644 --- a/i18n/pt-BR/desktop.md +++ b/i18n/pt-BR/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/dns.md b/i18n/pt-BR/dns.md index 1eb4b8385..79a7144fd 100644 --- a/i18n/pt-BR/dns.md +++ b/i18n/pt-BR/dns.md @@ -1,24 +1,23 @@ --- title: "Introdução ao DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! Devo usar DNS criptografado? +DNS criptografado com servidores de terceiros só deve ser usado para contornar o [bloqueio básico de DNS](https://en.wikipedia.org/wiki/DNS_blocking) quando você pode ter certeza de que não haverá nenhuma consequência. DNS encriptada não irá te ajudar a esconder qualquer uma das suas atividades de navegação. - Encrypted DNS with a 3rd party should only be used to get around redirects and basic DNS blocking when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Saiba mais sobre DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Provedores Recomendados -| DNS | Privacy Policy | Protocol | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Some[^1] | 2 | Based on server choice. Filter list being used can be found here. [**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83. | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | 2 | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Optional[^3] | 2 | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | 2 | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| Provedor de DNS | Política de Privacidade | Protocolos | Registro | ECS | Filtragem | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Some[^1] | Não | Baseado na escolha do servidor. As listas de filtragem usadas podem ser encontradas aqui. [**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83. | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | Não | Baseado na escolha do servidor. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Optional[^3] | Não | Baseado na escolha do servidor. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | Não | Baseado na escolha do servidor. As listas de filtragem usadas podem ser encontradas aqui. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Baseado na escolha do servidor. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | ## Criteria @@ -131,8 +130,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/pt-BR/email-clients.md b/i18n/pt-BR/email-clients.md index d052838f1..e2821a142 100644 --- a/i18n/pt-BR/email-clients.md +++ b/i18n/pt-BR/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/email.md b/i18n/pt-BR/email.md index eae629b83..60db1d4fe 100644 --- a/i18n/pt-BR/email.md +++ b/i18n/pt-BR/email.md @@ -1,41 +1,52 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- -Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. +Email é praticamente uma necessidade para utilizar qualquer serviço online, contudo não recomendamos ele para conversas pessoas pessoa-a-pessoa. Ao invés de utilizar email para falar com outras pessoas, considere utilizar um meio de mensagens instantâneas que suporte sigilo encaminhado. -[Recommended Instant Messengers](real-time-communication.md ""){.md-button} +[Mensageiros Instantâneos Recomendados](real-time-communication.md ""){.md-button} -For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +Para qualquer outra coisa, recomendamos uma variedade de provedores de email baseados em modelos de negócio sustentáveis e recursos de segurança e privacidade incorporados. -## OpenPGP Compatible Services +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +## Serviços Compatíveis com OpenPGP -!!! warning +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Por exemplo, um usuário do Proton Mail pode mandar uma mensagem E2EE para um usuário de Mailbox.org, ou você pode receber notificações OpenPGP-encriptadas de serviços de internet que suportam isso. - When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
+ +!!! aviso + + Quando usada tecnologia E2EE como OpenPGP, o email ainda terá alguns metadados que não são encriptados no cabeçalho do email. Leia mais sobre [metadados de email](basics/email-security.md#email-metadata-overview). - OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP também não suporta Sigilo Encaminhado, isso significa que se a sua chave ou a do destinatário é alguma vez roubada, todas as mensagens anteriores encriptadas com essa chave serão expostas. [Como eu protejo minhas chaves privadas?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail !!! recommendation - ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + ![logo do Proton Mail](assets/img/email/protonmail.svg){ align=right } - **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + **Proton Mail** é um serviço de email com foco na privacidade, criptografia, segurança, e facilidade de uso. Eles estão operando desde **2013**. Proton AG é localizado em Genève, Suíça. As contas começam com 500 MB de armazenamento com seu plano grátis. - [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } - [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" } + [:octicons-home-16: Página Inicial](https://proton.me/mail){ .md-button .md-button--primary } + [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Serviço Onion" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Política de Privacidade" } + [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentação} + [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Código-Fonte" } - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android) + ??? - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android) - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id979659905) - [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases) - [:simple-windows11: Windows](https://proton.me/mail/bridge#download) @@ -43,47 +54,47 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +Contas gratuitas têm algumas limitações, como não poderem pesquisar no corpo de texto e não ter acesso à [Ponte Proton Mail](https://proton.me/mail/bridge), o que é requerido para usar um [cliente de email desktop recomendado](email-clients.md) (ex. Thunderbird). Contas pagas incluem funcionalidades como a Ponte Proton Mail, mais armazenamento, e suporte para domínios customizados. Uma [carta de atestação](https://proton.me/blog/security-audit-all-proton-apps) foi fornecida para os apps do Proton Mail em 9 de Novembro de 2021 pela [Securitium](https://research.securitum.com). -If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. +Se você tem o Proton Unlimited, Bussiness, ou Visionary Plan, você também ganha o [SimpleLogin](#simplelogin) Premium de graça. Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +112,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +178,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +238,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +436,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Aceita [opções de pagamento anônimas](advanced/payments.md) ([criptomoedas](cryptocurrency.md), dinheiro, cartões-presente, etc.) ### Security @@ -428,7 +453,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +468,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +506,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/encryption.md b/i18n/pt-BR/encryption.md index c8a2fafa4..aba09710c 100644 --- a/i18n/pt-BR/encryption.md +++ b/i18n/pt-BR/encryption.md @@ -1,6 +1,7 @@ --- title: "Softwares de Criptografia" icon: material/file-lock +description: A criptografia de dados é a única maneira de controlar quem pode acessá-los. These tools allow you to encrypt your emails and any other files. --- A criptografia de dados é a única maneira de controlar quem pode acessá-los. Se você atualmente não está usando “software” de criptografia para seu disco rígido, e-mails ou arquivos, você deve escolher uma opção aqui. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/file-sharing.md b/i18n/pt-BR/file-sharing.md index a68205675..aafc6486c 100644 --- a/i18n/pt-BR/file-sharing.md +++ b/i18n/pt-BR/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -145,5 +146,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/financial-services.md b/i18n/pt-BR/financial-services.md new file mode 100644 index 000000000..e2f0a0437 --- /dev/null +++ b/i18n/pt-BR/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Serviços Financeiros +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Serviços de Mascaramento de Pagamento + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/pt-BR/frontends.md b/i18n/pt-BR/frontends.md index 149badabe..9638c15a2 100644 --- a/i18n/pt-BR/frontends.md +++ b/i18n/pt-BR/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/index.md b/i18n/pt-BR/index.md index adedf2fd5..89289ce61 100644 --- a/i18n/pt-BR/index.md +++ b/i18n/pt-BR/index.md @@ -40,5 +40,3 @@ Tentar proteger todos os seus dados de todos — o tempo todo — é impraticáv [:material-hand-coin-outline:](about/donate.md){ title="Apoie o projeto" } É importante que um site como o Privacy Guides esteja sempre atualizado. Precisamos que nosso público fique de olho nas atualizações de software para os aplicativos listados em nosso site e acompanhe as notícias recentes sobre os serviços que recomendamos. É difícil acompanhar o ritmo acelerado da internet, mas tentamos o nosso melhor. Se você detectar um erro, achar que um serviço não deve ser listado, notar que um serviço qualificado está faltando, acreditar que uma extensão de navegador não é mais a melhor escolha ou descobrir qualquer outro problema, informe-nos. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/kb-archive.md b/i18n/pt-BR/kb-archive.md index ab4c65c7c..9cb406b2b 100644 --- a/i18n/pt-BR/kb-archive.md +++ b/i18n/pt-BR/kb-archive.md @@ -1,11 +1,12 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog -Some pages that used to be in our knowledge base can now be found on our blog: +Algumas páginas que costumavam estar em nossa base de conhecimento agora podem ser encontradas em nosso blog: - [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) - [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrando a remoção de metadados](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/meta/brand.md b/i18n/pt-BR/meta/brand.md index 8f6197c26..53cb9ac42 100644 --- a/i18n/pt-BR/meta/brand.md +++ b/i18n/pt-BR/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/meta/git-recommendations.md b/i18n/pt-BR/meta/git-recommendations.md index 48582c340..f59b5f81f 100644 --- a/i18n/pt-BR/meta/git-recommendations.md +++ b/i18n/pt-BR/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/meta/uploading-images.md b/i18n/pt-BR/meta/uploading-images.md index 57a21a595..7003af709 100644 --- a/i18n/pt-BR/meta/uploading-images.md +++ b/i18n/pt-BR/meta/uploading-images.md @@ -1,10 +1,10 @@ --- -title: Uploading Images +title: Enviando Imagens --- Here are a couple of general rules for contributing to Privacy Guides: -## Images +## Imagens - We **prefer** SVG images, but if those do not exist we can use PNG images @@ -13,7 +13,7 @@ Company logos have canvas size of: - 128x128px - 384x128px -## Optimization +## Otimização ### PNG @@ -31,7 +31,7 @@ optipng -o7 file.png In Inkscape: -1. File Save As.. +1. Salvar Arquivo Como.. 2. Set type to Optimized SVG (*.svg) In the **Options** tab: @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/meta/writing-style.md b/i18n/pt-BR/meta/writing-style.md index d816f95d3..b9e47a716 100644 --- a/i18n/pt-BR/meta/writing-style.md +++ b/i18n/pt-BR/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/mobile-browsers.md b/i18n/pt-BR/mobile-browsers.md index ebe3dd950..8b829fd60 100644 --- a/i18n/pt-BR/mobile-browsers.md +++ b/i18n/pt-BR/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/multi-factor-authentication.md b/i18n/pt-BR/multi-factor-authentication.md index bdf3c00cd..41030fe3b 100644 --- a/i18n/pt-BR/multi-factor-authentication.md +++ b/i18n/pt-BR/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/news-aggregators.md b/i18n/pt-BR/news-aggregators.md index 4ab18287f..2dad5ac09 100644 --- a/i18n/pt-BR/news-aggregators.md +++ b/i18n/pt-BR/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/notebooks.md b/i18n/pt-BR/notebooks.md index 62bd44820..19e867a39 100644 --- a/i18n/pt-BR/notebooks.md +++ b/i18n/pt-BR/notebooks.md @@ -1,27 +1,28 @@ --- -title: "Notebooks" +title: "Blocos de Notas" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- -Keep track of your notes and journalings without giving them to a third-party. +Mantenha o controle de suas anotações e registros de atividades sem entregá-los a terceiros. -If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE. +Se você estiver usando atualmente um aplicativo como Evernote, Google Keep, ou Microsoft OneNote, sugerimos que escolha uma alternativa que suporte E2EE. -## Cloud-based +## Baseado na nuvem ### Joplin !!! recommendation - ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right } + ![Logotipo Joplin](assets/img/notebooks/joplin.svg){ align=right } - **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes. + * *Joplin** é um aplicativo de anotações e tarefas gratuito, de código aberto e com todos os recursos que pode lidar com um grande número de anotações organizadas em blocos de anotações e tags. Ele oferece E2EE e pode sincronizar através do Nextcloud, Dropbox e muito mais. Oferece também uma importação fácil a partir do Evernote e notas de texto simples. [:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" } - [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute } + [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Política de privacidade" } + [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentação} + [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Código fonte" } + [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribua } ??? downloads @@ -34,21 +35,21 @@ If you are currently using an application like Evernote, Google Keep, or Microso - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek) -Joplin does not support password/PIN protection for the [application itself or individual notes and notebooks](https://github.com/laurent22/joplin/issues/289). However, your data is still encrypted in transit and at the sync location using your master key. Desde Janeiro de 2023, Joplin suporta bloqueio de aplicativo por biometria no [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) e [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). +O Joplin não suporta proteção por senha/PIN para o [próprio aplicativo ou notas e blocos de anotações individuais](https://github.com/laurent22/joplin/issues/289). No entanto, seus dados ainda são criptografados em trânsito e no local de sincronização usando sua chave mestra. Desde janeiro de 2023, Joplin suporta bloqueio de aplicativo por biometria no [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) e [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). ### Standard Notes !!! recommendation - ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } + ![Logotipo do Standard Notes](assets/img/notebooks/standard-notes.svg){ align=right } - **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). + **Standard Notes** é um aplicativo de notas simples e privado que torna suas notas fáceis e disponíveis em qualquer lugar que você esteja. Possui E2EE em todas as plataformas e uma poderosa experiência de desktop com temas e editores personalizados. Também foi [auditado independentemente (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" } - [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute } + [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Política de privacidade" } + [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentação} + [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Código fonte" } + [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribua } ??? downloads @@ -60,7 +61,7 @@ Joplin does not support password/PIN protection for the [application itself or i - [:simple-linux: Linux](https://standardnotes.com) - [:octicons-globe-16: Web](https://app.standardnotes.com/) -### Cryptee +### Criptee !!! recommendation @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/os/android-overview.md b/i18n/pt-BR/os/android-overview.md index 6b63bb451..d6eeef277 100644 --- a/i18n/pt-BR/os/android-overview.md +++ b/i18n/pt-BR/os/android-overview.md @@ -1,11 +1,12 @@ --- -title: Android Overview +title: Visão geral do Android icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. -## Choosing an Android Distribution +## Escolhendo uma Distribuição Android When you buy an Android phone, the device's default operating system often comes with invasive integration with apps and services that are not part of the [Android Open-Source Project](https://source.android.com/). An example of such is Google Play Services, which has irrevocable privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, hardware identifiers, and so on. These apps and services increase the attack surface of your device and are the source of various privacy concerns with Android. @@ -15,7 +16,7 @@ Ideally, when choosing a custom Android distribution, you should make sure that [Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button} -## Avoid Rooting +## Evite Roteamento [Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses. @@ -37,7 +38,7 @@ Unfortunately, OEMs are only obliged to support Verified Boot on their stock And Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage. -## Firmware Updates +## Atualizações de Firmware Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin). @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/os/linux-overview.md b/i18n/pt-BR/os/linux-overview.md index b9cef89c4..f2fc40aa6 100644 --- a/i18n/pt-BR/os/linux-overview.md +++ b/i18n/pt-BR/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/os/qubes-overview.md b/i18n/pt-BR/os/qubes-overview.md index e34dd3d68..ae4916dfb 100644 --- a/i18n/pt-BR/os/qubes-overview.md +++ b/i18n/pt-BR/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Artigos Relacionados*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/passwords.md b/i18n/pt-BR/passwords.md index ca2df2f23..e81f1186e 100644 --- a/i18n/pt-BR/passwords.md +++ b/i18n/pt-BR/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/productivity.md b/i18n/pt-BR/productivity.md index 21c49a05d..2fd0637ea 100644 --- a/i18n/pt-BR/productivity.md +++ b/i18n/pt-BR/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -153,5 +154,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/real-time-communication.md b/i18n/pt-BR/real-time-communication.md index 2c7cdbb36..68f9d767b 100644 --- a/i18n/pt-BR/real-time-communication.md +++ b/i18n/pt-BR/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/router.md b/i18n/pt-BR/router.md index 3931a5bcc..6fae038ad 100644 --- a/i18n/pt-BR/router.md +++ b/i18n/pt-BR/router.md @@ -1,6 +1,7 @@ --- title: "Firmware para Roteadores" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Abaixo estão alguns sistemas operacionais alternativos, que podem ser usados em roteadores, pontos de acesso Wi-Fi, etc. @@ -47,5 +48,3 @@ OPNsense foi originalmente desenvolvido como um fork do [pfSense](https://en.wik - Deve ser de código aberto. - Deve receber atualizações regulares. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/search-engines.md b/i18n/pt-BR/search-engines.md index edb2f30f8..392dd4db8 100644 --- a/i18n/pt-BR/search-engines.md +++ b/i18n/pt-BR/search-engines.md @@ -1,6 +1,7 @@ --- -title: "Search Engines" +title: "Motores de busca" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -13,9 +14,9 @@ Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your thr !!! recommendation - ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right } + [brave Search logo](assets/img/search-engines/brave-search.svg){ align=right } - **Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives. + **Brave Search*** é desenvolvido pela Brave e serve resultados principalmente a partir do seu próprio índice independente. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives. Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts. @@ -65,7 +66,7 @@ When self-hosting, it is important that you have other people using your instanc When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII. -## Startpage +## Página inicial !!! recommendation @@ -94,7 +95,7 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't b We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. -### Minimum Requirements +### Requisitos Mínimos - Must not collect personally identifiable information per their privacy policy. - Must not allow users to create an account with them. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/tools.md b/i18n/pt-BR/tools.md index b32bd2a1e..423204a4b 100644 --- a/i18n/pt-BR/tools.md +++ b/i18n/pt-BR/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Serviços Financeiros + +#### Serviços de Mascaramento de Pagamento + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Mercados de Cartões-Presente Online + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Criptomoedas + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -414,7 +448,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](productivity.md) +[Saiba mais :material-arrow-right-drop-circle:](productivity.md) ### Real-Time Communication @@ -428,7 +462,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](real-time-communication.md) +[Saiba mais :material-arrow-right-drop-circle:](real-time-communication.md) ### Video Streaming Clients @@ -438,6 +472,4 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.pt-BR.txt" +[Saiba mais :material-arrow-right-drop-circle:](video-streaming.md) diff --git a/i18n/pt-BR/tor.md b/i18n/pt-BR/tor.md index ead2daa56..e0599c65f 100644 --- a/i18n/pt-BR/tor.md +++ b/i18n/pt-BR/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detalhes do Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -127,5 +122,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/video-streaming.md b/i18n/pt-BR/video-streaming.md index a8f9b8686..8f8ebd0b8 100644 --- a/i18n/pt-BR/video-streaming.md +++ b/i18n/pt-BR/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/vpn.md b/i18n/pt-BR/vpn.md index 73d8afbe4..81faa5302 100644 --- a/i18n/pt-BR/vpn.md +++ b/i18n/pt-BR/vpn.md @@ -1,11 +1,20 @@ --- -title: "Serviços VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Encontre um operador de VPN sem rastreamento que não esteja fora para vender ou ler seu tráfego online. +Se você está procurando mais **privacidade** do seu ISP, em uma rede Wi-Fi pública, ou ao fazer torrent de arquivos, uma VPN pode ser a solução para você, desde que entenda os riscos envolvidos. We think these providers are a cut above the rest: -??? perigo "VPNs não fornecem anonimidade" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! perigo "VPNs não fornecem anonimidade" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Encontre um operador de VPN sem rastreamento que não esteja fora para vender ou [Baixar Tor Browser](https://www.torproject.org/){ .md-button .md-button--primary } [Mitos sobre o Tor Browser & FAQ](advanced/tor-overview.md){ .md-button } -??? pergunta "Quando VPNs são úteis?" - - Se estiver à procura de **privacidade** adicional do seu ISP, numa rede Wi-Fi pública, ou enquanto faça torrent de arquivos, uma VPN pode ser a solução, desde que entenda os riscos envolvidos. - - [Mais Informações](basics/vpn-overview.md){ .md-button } +[Detalhes sobre VPNs :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Provedores Recomendados -!!! resumo "Critérios" - - Nossos fornecedores recomendados usam encriptação, aceitam Monero, suportam WireGuard e OpenVPN, e têm uma política de não-rastreamento. Leia nossa [lista completa de critérios](#our-criteria) para mais informações. - -### Proton VPN - -!!! anotar recomendação - - ![Logomarca ProtonVPN](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** é um forte concorrente no espaço VPN, e estão em funcionamento desde 2016. Proton AG está sediada na Suíça e oferece um plano gratuito limitado, bem como uma opção paga com mais recursos. - - [:octicons-home-16: Página Inicial](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Política de Privacidade" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentação} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Código Fonte" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? verificar anotação "64 Países" - - ProtonVPN tem [servidores em 64 países](https://protonvpn.com/vpn-servers) (1). Escolher um fornecedor de VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você enviar. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Última verificação: 16-09-2022 - -??? verificar "Auditado Independentemente" - - Em Janeiro de 2020, ProtonVPN foi submetida a uma auditoria independente pela SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? verificar "Clientes Código-Aberto" - - Proton VPN fornece o código fonte para os seus clientes desktop e móveis na sua [organização GitHub](https://github.com/ProtonVPN). - -??? verificar "Aceita Dinheiro" - - ProtonVPN, além de aceitar cartões de crédito/débito e PayPal, aceita Bitcoin, e **dinheiro/moeda local** como formas de pagamento anônimas. - -??? verificar "Suporta WireGuard" - - Proton VPN suporta principalmente o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Nossos fornecedores recomendados usam encriptação, aceitam Monero, suportam WireGuard e OpenVPN, e têm uma política de não-rastreamento. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Encontre um operador de VPN sem rastreamento que não esteja fora para vender ou - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Escolher um fornecedor de VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você enviar. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. +{ .annotate } 1. Última verificação: 16-09-2022 -??? verificar "Auditado Independentemente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? verificar "Clientes Código-Aberto" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? verificar "Suporta WireGuard" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Encontre um operador de VPN sem rastreamento que não esteja fora para vender ou - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? verificar anotação "39 Países" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Escolher um fornecedor de VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você enviar. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. +{ .annotate } 1. Última verificação: 16-09-2022 -??? verificar "Auditado Independentemente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! anotar recomendação + + ![Logomarca ProtonVPN](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** é um forte concorrente no espaço VPN, e estão em funcionamento desde 2016. Proton AG está sediada na Suíça e oferece um plano gratuito limitado, bem como uma opção paga com mais recursos. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Página Inicial](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Política de Privacidade" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentação} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Código Fonte" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? verificar "Clientes Código-Aberto" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Última verificação: 16-09-2022 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? verificar "Suporta WireGuard" +#### :material-check:{ .pg-green } Independently Audited - Mullvad suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Em Janeiro de 2020, ProtonVPN foi submetida a uma auditoria independente pela SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? verificar "Suporte à IPv6" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN suporta principalmente o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -256,13 +262,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Criptomoeda anônima](cryptocurrency.md) **ou** opção de pagamento em dinheiro. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Aceita múltiplas [opções de pagamento anônimas](advanced/payments.md). +- Nenhuma informação pessoal é aceita (nome de usuário gerado automaticamente, nenhum e-mail necessário, etc.). ### Security @@ -320,5 +326,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt/404.md b/i18n/pt/404.md index 4ce56a664..cdd20ee4b 100644 --- a/i18n/pt/404.md +++ b/i18n/pt/404.md @@ -1,17 +1,19 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- -# 404 - Not Found +# 404 - Não Encontrado -We couldn't find the page you were looking for! Maybe you were looking for one of these? +Não conseguimos encontrar a página que procura! Talvez esteja à procura de alguma destas? -- [Introduction to Threat Modeling](basics/threat-modeling.md) -- [Recommended DNS Providers](dns.md) -- [Best Desktop Web Browsers](desktop-browsers.md) -- [Best VPN Providers](vpn.md) -- [Privacy Guides Forum](https://discuss.privacyguides.net) -- [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.pt.txt" +- [Introdução à Modelação de Ameaças](basics/threat-modeling.md) +- [Provedores de DNS Recomendados](dns.md) +- [Melhores Navegadores da Web para Computadores](desktop-browsers.md) +- [Melhores Provedores de VPN](vpn.md) +- [Fórum do Privacy Guides](https://discuss.privacyguides.net) +- [O Nosso Blogue](https://blog.privacyguides.org) diff --git a/i18n/pt/about/criteria.md b/i18n/pt/about/criteria.md index 67965b739..3084230bd 100644 --- a/i18n/pt/about/criteria.md +++ b/i18n/pt/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/donate.md b/i18n/pt/about/donate.md index c2ea2ae73..08986f13a 100644 --- a/i18n/pt/about/donate.md +++ b/i18n/pt/about/donate.md @@ -48,5 +48,3 @@ Nós alojamos [ serviços na internet ](https://privacyguides.net) para teste e Ocasionamente adquirimos produtos e serviços com o propósito de testar as nossas [ferramentas recomendadas](../tools.md). Ainda estamos a trabalhar com o nosso anfitrião fiscal (a Open Collective Foundation) para receber donativos em criptomoeda, neste momento a contabilidade não é viável para muitas transacções mais pequenas, mas isso deverá mudar no futuro. Entretanto, se desejar fazer um donativo considerável em criptomoeda (> 100 USD), por favor contacte [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/index.md b/i18n/pt/about/index.md index 77759cad0..ff510adc8 100644 --- a/i18n/pt/about/index.md +++ b/i18n/pt/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. Você **não pode** utilizar a marca Privacy Guides no seu próprio projecto sem a aprovação expressa deste projecto. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/notices.md b/i18n/pt/about/notices.md index 5a7d1bd1c..3da3d324e 100644 --- a/i18n/pt/about/notices.md +++ b/i18n/pt/about/notices.md @@ -41,5 +41,3 @@ Você não deve conduzir nenhuma atividade sistemática ou automatizada de colet * Raspagem * Mineração de dados * "Enquadramento" (IFrames) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/privacy-policy.md b/i18n/pt/about/privacy-policy.md index ee4ee0f21..7a165f696 100644 --- a/i18n/pt/about/privacy-policy.md +++ b/i18n/pt/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/privacytools.md b/i18n/pt/about/privacytools.md index 48c7f8743..515c21f59 100644 --- a/i18n/pt/about/privacytools.md +++ b/i18n/pt/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/services.md b/i18n/pt/about/services.md index aacf06557..71f2c95b7 100644 --- a/i18n/pt/about/services.md +++ b/i18n/pt/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/statistics.md b/i18n/pt/about/statistics.md index 92e0e9b73..8f17240c3 100644 --- a/i18n/pt/about/statistics.md +++ b/i18n/pt/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/advanced/communication-network-types.md b/i18n/pt/advanced/communication-network-types.md index d88cd343f..1f07a2c4c 100644 --- a/i18n/pt/advanced/communication-network-types.md +++ b/i18n/pt/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/advanced/dns-overview.md b/i18n/pt/advanced/dns-overview.md index 90a005f2e..1a63dc470 100644 --- a/i18n/pt/advanced/dns-overview.md +++ b/i18n/pt/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- O [Domain Name System (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System) é a 'lista telefónica da Internet'. DNS traduz nomes de domínio para [IP](https://en.wikipedia.org/wiki/Internet_Protocol) endereços para que os navegadores e outros serviços possam carregar recursos da Internet, através de uma rede descentralizada de servidores. @@ -303,5 +304,3 @@ O [subrede do cliente EDNS](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) é O objectivo é "acelerar" a entrega de dados, dando ao cliente uma resposta que pertence a um servidor que lhes está próximo, tal como um [content delivery network (CDN)](https://en.wikipedia.org/wiki/Content_delivery_network), que são frequentemente utilizados em streaming de vídeo e em aplicações web JavaScript. Este recurso tem um custo de privacidade, pois informa ao servidor DNS algumas informações sobre a localização do cliente. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/advanced/payments.md b/i18n/pt/advanced/payments.md new file mode 100644 index 000000000..9d974bff4 --- /dev/null +++ b/i18n/pt/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! Isto permite-nos fornecer recomendações completamente objectivas. Desenvolvemos um conjunto claro de requisitos para qualquer provedor de VPN que deseje ser recomendado, incluindo criptografia forte, auditorias de segurança independentes, tecnologia moderna, e muito mais. + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/pt/advanced/tor-overview.md b/i18n/pt/advanced/tor-overview.md index ec345059f..3fccb9a3b 100644 --- a/i18n/pt/advanced/tor-overview.md +++ b/i18n/pt/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.pt.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/pt/android.md b/i18n/pt/android.md index e32b11596..53bf09dbc 100644 --- a/i18n/pt/android.md +++ b/i18n/pt/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le Notavelmente, o GrapheneOS suporta [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play). Os Serviços Google Play podem ser executados como um aplicativo de usuário regular e contidos em um perfil de trabalho ou usuário [perfil](/android/#android-security-privacy) de sua escolha. -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Derivados AOSP @@ -42,7 +44,7 @@ We recommend installing one of these custom Android operating systems on your de [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } -Para acomodar usuários que precisam dos Serviços do Google Play, CalyxOS opcionalmente inclui [MicroG](https://microg.org/). Com o MicroG, CalyxOS também agrupa no [Mozilla](https://location.services.mozilla.com/) e [DejaVu](https://github.com/n76/DejaVu) serviços de localização. +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). @@ -65,9 +67,9 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS tem vulnerabilidade automática do kernel ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), menos blobs proprietários, um personalizado [hosts](https://divested.dev/index.php?page=dnsbl) arquivo, e [F-Droid](https://www.f-droid.org) como a loja de aplicativos. Inclui [UnifiedNlp](https://github.com/microg/UnifiedNlp) para localização da rede. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS também inclui correções do kernel do GrapheneOS e habilita todos os recursos de segurança do kernel disponíveis via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Todos os kernels mais novos que a versão 3.4 incluem página completa [sanitização](https://lwn.net/Articles/334747/) e todos os ~22 kernels compilados por Clang têm [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) activado. However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! Recomendamos que você verifique o [documentação](https://developers.yubico.com/SSH/) de Yubico sobre como configurar isso. @@ -79,13 +81,13 @@ DivestOS também inclui correções do kernel do GrapheneOS e habilita todos os When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Vários perfis de usuário (Configurações → Sistema → Vários usuários) são a maneira mais simples de isolar no Android. Com perfis de usuário você pode limitar um usuário de fazer chamadas, SMS ou instalar aplicativos no dispositivo. These phone variants will prevent you from installing any kind of alternative Android distribution. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. A few more tips regarding Android devices and operating system compatibility: -- Remoção automática de [Exif](https://en.wikipedia.org/wiki/Exif) metadados (ativados por padrão) +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. - Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. - In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! @@ -108,12 +110,12 @@ Secure Elements like the Titan M2 are more limited than the processor's Trusted Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -Os dados de cada usuário são criptografados usando sua própria chave de criptografia exclusiva, e os arquivos do sistema operacional são deixados não criptografados. O Boot Verificado garante a integridade dos arquivos do sistema operacional, impedindo que um adversário com acesso físico possa adulterar ou instalar malware no dispositivo. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. A few more tips for purchasing a Google Pixel: - If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. -- Apenas o Google e os aplicativos de terceiros verificados podem acessar os dados da conta +- Consider price beating options and specials offered at physical stores. - Look at online community bargain sites in your country. These can alert you to good sales. - Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. @@ -169,8 +171,8 @@ We recommend a wide variety of Android apps throughout this site. The apps liste Auditor performs attestation and intrusion detection by: -- ⚙️ Configurações → Google → Anúncios -- ⚙️ Configurações → Privacidade → Anúncios +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). - The *auditor* records the current state and configuration of the *auditee*. - Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. - You will be alerted to the change. @@ -202,7 +204,7 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co Main privacy features include: - Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) -- Considere as opções de preço e promoções oferecidas em [tijolo e argamassa](https://en.wikipedia.org/wiki/Brick_and_mortar) lojas. +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required - Microphone permission not required unless you want to record sound !!! note @@ -361,5 +363,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/account-creation.md b/i18n/pt/basics/account-creation.md index 65cb21489..87b8b03ad 100644 --- a/i18n/pt/basics/account-creation.md +++ b/i18n/pt/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -79,5 +80,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/account-deletion.md b/i18n/pt/basics/account-deletion.md index 8b5f315bb..aef13b8d1 100644 --- a/i18n/pt/basics/account-deletion.md +++ b/i18n/pt/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/common-misconceptions.md b/i18n/pt/basics/common-misconceptions.md index 3d4948262..14cc99fe8 100644 --- a/i18n/pt/basics/common-misconceptions.md +++ b/i18n/pt/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -57,6 +58,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.pt.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/pt/basics/common-threats.md b/i18n/pt/basics/common-threats.md index 70d894a12..bdb3b2de8 100644 --- a/i18n/pt/basics/common-threats.md +++ b/i18n/pt/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -143,8 +144,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.pt.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/pt/basics/email-security.md b/i18n/pt/basics/email-security.md index 72ce14ae1..f0c2fb579 100644 --- a/i18n/pt/basics/email-security.md +++ b/i18n/pt/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/multi-factor-authentication.md b/i18n/pt/basics/multi-factor-authentication.md index 8808043af..e9400dc17 100644 --- a/i18n/pt/basics/multi-factor-authentication.md +++ b/i18n/pt/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'O uso de AMF forte pode parar mais de 99% dos acessos não autorizados à conta, e é fácil de configurar nos serviços que você já usa.' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (e KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/passwords-overview.md b/i18n/pt/basics/passwords-overview.md index b6030899b..0c2c345f5 100644 --- a/i18n/pt/basics/passwords-overview.md +++ b/i18n/pt/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Cópias de segurança You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/threat-modeling.md b/i18n/pt/basics/threat-modeling.md index 5e6cbca52..c93feab94 100644 --- a/i18n/pt/basics/threat-modeling.md +++ b/i18n/pt/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "evergreen" icon: 'O que são modelos de ameaça?' +description: Equilibrar segurança, privacidade e usabilidade é uma das primeiras e mais difíceis tarefas que você enfrentará na sua jornada de privacidade. --- Equilibrar segurança, privacidade e usabilidade é uma das primeiras e mais difíceis tarefas que você enfrentará na sua jornada de privacidade. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Fontes - [Autodefesa de Vigilância EFF: Seu Plano de Segurança](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/vpn-overview.md b/i18n/pt/basics/vpn-overview.md index 06129b834..a1a007f52 100644 --- a/i18n/pt/basics/vpn-overview.md +++ b/i18n/pt/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/calendar.md b/i18n/pt/calendar.md index 8c4526bd4..de2f42e92 100644 --- a/i18n/pt/calendar.md +++ b/i18n/pt/calendar.md @@ -1,6 +1,7 @@ --- title: "Clientes de e-mail" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -85,5 +86,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/cloud.md b/i18n/pt/cloud.md index 380bf0ab5..83e1c4c8e 100644 --- a/i18n/pt/cloud.md +++ b/i18n/pt/cloud.md @@ -1,6 +1,7 @@ --- title: "Email" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -28,7 +29,6 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Framadate @@ -59,5 +59,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/cryptocurrency.md b/i18n/pt/cryptocurrency.md new file mode 100644 index 000000000..2566b5149 --- /dev/null +++ b/i18n/pt/cryptocurrency.md @@ -0,0 +1,56 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! Isto permite-nos fornecer recomendações completamente objectivas. Desenvolvemos um conjunto claro de requisitos para qualquer provedor de VPN que deseje ser recomendado, incluindo criptografia forte, auditorias de segurança independentes, tecnologia moderna, e muito mais. + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Considere o auto-hospedagem para mitigar esta ameaça. + + ![logo PrivateBin](/assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/pt/data-redaction.md b/i18n/pt/data-redaction.md index fae1a0dcf..fabc86012 100644 --- a/i18n/pt/data-redaction.md +++ b/i18n/pt/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Ferramentas de encriptação" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- Ao partilhar ficheiros, certifique-se de que remove os metadados associados. Os arquivos de imagem geralmente incluem [EXIF](https://en.wikipedia.org/wiki/Exif) dados. As fotos às vezes até incluem [GPS](https://en.wikipedia.org/wiki/Global_Positioning_System) coordenadas nos metadados do arquivo. @@ -160,5 +161,3 @@ The app offers multiple ways to erase metadata from images. 17.1 e 18.1 caracter - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/desktop-browsers.md b/i18n/pt/desktop-browsers.md index 1524707e2..02a2b7ab4 100644 --- a/i18n/pt/desktop-browsers.md +++ b/i18n/pt/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -254,6 +255,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.pt.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/pt/desktop.md b/i18n/pt/desktop.md index 0d2d0d16e..d77baa964 100644 --- a/i18n/pt/desktop.md +++ b/i18n/pt/desktop.md @@ -1,6 +1,7 @@ --- title: "Armazenamento em nuvem" icon: fontawesome/brands/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -178,5 +179,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/dns.md b/i18n/pt/dns.md index 357836168..7726e2cca 100644 --- a/i18n/pt/dns.md +++ b/i18n/pt/dns.md @@ -1,13 +1,12 @@ --- title: "Introdução ao DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! Devo utilizar DNS encriptado? +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. DNS criptografado não o ajudará a ocultar qualquer atividade de navegação. - DNS criptografado com uma terceira parte só deve ser usado para contornar redirecionamentos e bloqueio de DNS quando você pode ter certeza de que não haverá nenhuma consequência ou você está interessado em um provedor que faz alguma filtragem rudimentar. DNS criptografado não o ajudará a ocultar qualquer atividade de navegação. - - [Saiba mais sobre DNS](technology/dns.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Provedores recomendados @@ -137,8 +136,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.pt.txt" - [^1]: Armazenamos métricas agregadas de desempenho do nosso servidor DNS, nomeadamente o número de pedidos completos para um determinado servidor, o número de pedidos bloqueados, a velocidade de processamento dos pedidos. Nós mantemos e armazenamos a base de dados de domínios solicitados nas últimas 24 horas. Precisamos dessas informações para identificar e bloquear novos rastreadores e ameaças. Também registramos quantas vezes este ou aquele rastreador foi bloqueado. Precisamos desta informação para remover regras desactualizadas dos nossos filtros.[https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: O Cloudflare recolhe e armazena apenas os dados limitados da consulta DNS que são enviados para o resolvedor 1.1.1.1. O serviço resolver 1.1.1.1 não registra dados pessoais, e a maior parte dos dados de consulta limitados não identificáveis pessoalmente é armazenada apenas por 25 horas.[https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/pt/email-clients.md b/i18n/pt/email-clients.md index 2f6cfcdf2..49ff71355 100644 --- a/i18n/pt/email-clients.md +++ b/i18n/pt/email-clients.md @@ -1,6 +1,7 @@ --- title: "Partilha de ficheiros" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Nossa lista de recomendações contém clientes de e-mail que suportam tanto [OpenPGP](/encryption/#openpgp) e autenticação forte como [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth permite-lhe utilizar [Multi-Factor Authentication](/multi-factor-authentication) e prevenir o roubo de contas. @@ -266,5 +267,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/email.md b/i18n/pt/email.md index e3ab3eb97..9b797f846 100644 --- a/i18n/pt/email.md +++ b/i18n/pt/email.md @@ -1,6 +1,7 @@ --- -title: "Provedores de e-mail privados" +title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Encontre um provedor de e-mail seguro que manterá sua privacidade em mente. Não se contente com plataformas suportadas por anúncios. @@ -9,9 +10,21 @@ Encontre um provedor de e-mail seguro que manterá sua privacidade em mente. Nã Para tudo o resto, recomendamos uma variedade de fornecedores de e-mail baseados em modelos de negócio sustentáveis e que incorporem funcionalidades de segurança e de privacidade. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## Serviços de e-mail recomendados -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! Recomendamos que você verifique o [documentação](https://developers.yubico.com/SSH/) de Yubico sobre como configurar isso. @@ -42,43 +55,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. Verifique "Criptografia de E-mail". -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar ".onion Service" (Serviço de cebola) +#### :material-check:{ .pg-green } Custom Domains and Aliases - ![logo ProtonMail](/assets/img/email/protonmail.svg){ align=right } - - **ProtonMail** é um serviço de e-mail com foco em privacidade, criptografia, segurança e facilidade de uso. Eles estão em operação desde **2013***. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. nota Consulte a [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. +#### :material-check:{ .pg-green } Account Security - O ProtonMail suporta TOTP [autenticação de dois factores](https://protonmail.com/support/knowledge-base/two-factor-authentication/) apenas. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verifique "Domínios e Pseudônimos Personalizados". +#### :material-check:{ .pg-green } Data Security - ProtonMail suporta [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) [autenticação de dois fatores](https://protonmail.com/support/knowledge-base/two-factor-authentication/) apenas. O uso de uma chave de segurança [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) ainda não é suportado. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). O uso de uma chave de segurança \[U2F\](https://en.wikipedia.org/wiki/Universal_2nd_Factor) ainda não é suportado. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Formas de pagamento privadas +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - ProtonMail tem [criptografia de acesso zero](https://protonmail.com/blog/zero-access-encryption) em repouso para seus e-mails, [contatos do catálogo de endereços](https://protonmail.com/blog/encrypted-contacts-manager), e [calendars](https://protonmail.com/blog/protoncalendar-security-model). Isto significa que as mensagens e outros dados armazenados na sua conta só são legíveis por si. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - O ProtonMail também suporta a descoberta de chaves públicas via HTTP a partir do seu [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. aviso "Métodos de pagamento privados". +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Isto significa que as mensagens e outros dados armazenados na sua conta só são legíveis por si. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Segurança de Dados +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -97,46 +108,54 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:octicons-browser-16: Web](https://login.mailbox.org) -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar ".onion Service" (Serviço de cebola) +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org permite aos usuários usar seu próprio domínio e eles suportam [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using catch-all alias with own domain) endereços. Mailbox.org também suporta [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What é um pseudônimo e como utilizá-lo), o que é útil para usuários que não querem comprar um domínio. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Formas de pagamento privadas". +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org não aceita Bitcoin ou quaisquer outras moedas criptográficas como resultado de seu processador de pagamento BitPay suspender operações na Alemanha. No entanto, eles aceitam dinheiro pelo correio, pagamento em dinheiro para conta bancária, transferência bancária, cartão de crédito, PayPal e alguns processadores específicos da Alemanha: paydirekt e Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. No entanto, eles aceitam dinheiro pelo correio, pagamento em dinheiro para conta bancária, transferência bancária, cartão de crédito, PayPal e alguns processadores específicos da Alemanha: paydirekt e Sofortüberweisung. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. nota Consulte a [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. +#### :material-check:{ .pg-green } Account Security - Mailbox.org suporta [autenticação de dois fatores](https://kb.mailbox.org/display/MBOKBEN/How para usar autenticação de dois fatores - 2FA) apenas para o seu webmail. Você pode usar ou [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) ou um [Yubikey](https://en.wikipedia.org/wiki/YubiKey) através do [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Padrões web como [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) ainda não são suportados. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Formas de pagamento privadas". +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Formas de pagamento privadas +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org tem [criptografia integrada](https://kb.mailbox.org/display/MBOKBEN/Send e-mails criptografados com Guard) em seu webmail, o que simplifica o envio de mensagens aos usuários com chaves públicas OpenPGP. Eles também permitem que [destinatários remotos descriptografem um e-mail](https://kb.mailbox.org/display/MBOKBEN/My destinatário não usa PGP) nos servidores da Mailbox.org. Esta funcionalidade é útil quando o destinatário remoto não tem o OpenPGP e não consegue desencriptar uma cópia do e-mail na sua própria caixa de correio. - - Mailbox.org também suporta a descoberta de chaves públicas via HTTP a partir de seu [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. aviso "Segurança de Dados". +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. Esta funcionalidade é útil quando o destinatário remoto não tem o OpenPGP e não consegue desencriptar uma cópia do e-mail na sua própria caixa de correio. - Você pode acessar sua conta Mailbox.org via IMAP/SMTP usando seu [.onion service](https://kb.mailbox.org/display/MBOKBEN/The Tor exit node of mailbox.org). No entanto, a sua interface de webmail não pode ser acessada através do seu serviço .onion, e os usuários podem experimentar erros no certificado TLS. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Segurança de Dados +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Você pode acessar sua conta Mailbox.org via IMAP/SMTP usando seu \[.onion service\](https://kb.mailbox.org/display/MBOKBEN/The Tor exit node of mailbox.org). No entanto, a sua interface de webmail não pode ser acessada através do seu serviço .onion, e os usuários podem experimentar erros no certificado TLS. Alternatively, you can nominate a person by name and address. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +#### :material-information-outline:{ .pg-blue } Account Termination - ![Disroot logo](/assets/img/email/disroot.svg#only-light){ align=right } - ![Disroot logo](/assets/img/email/disroot-dark.svg#only-dark){ align=right } - - **Disroot** oferece e-mail entre [outros serviços](https://disroot.org/en/#services). O serviço é mantido por voluntários e sua comunidade. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). O serviço é mantido por voluntários e sua comunidade. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. aviso "Criptografia de e-mail". + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### Desarraigar @@ -153,43 +172,39 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:octicons-browser-16: Web](https://mail.startmail.com/login) -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar ".onion Service" (Serviço de cebola) +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Tutanota não tem planos de puxar e-mails de [contas de e-mail externas](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) usando o protocolo [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) . +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - Disroot suporta [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) autenticação de dois fatores apenas para webmail. Eles não permitem [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) autenticação da chave de segurança. +Disroot suporta \[TOTP\](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) autenticação de dois fatores apenas para webmail. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. nota Consulte a [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. +#### :material-check:{ .pg-green } Account Security - Disroot usa criptografia de disco completa. No entanto, não parece ser "acesso zero", o que significa que é tecnicamente possível para eles descriptografar os dados que têm se não forem adicionalmente encriptados com uma ferramenta como OpenPGP. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). No entanto, não parece ser "acesso zero", o que significa que é tecnicamente possível para eles descriptografar os dados que têm se não forem adicionalmente encriptados com uma ferramenta como OpenPGP. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Formas de pagamento privadas". +#### :material-information-outline:{ .pg-blue } Data Security - Disroot permite o envio de e-mails criptografados a partir de sua aplicação de webmail usando OpenPGP. No entanto, Disroot não integrou um Web Key Directory (WKD) para os utilizadores na sua plataforma. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. No entanto, Disroot não integrou um Web Key Directory (WKD) para os utilizadores na sua plataforma. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Formas de pagamento privadas +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. aviso "Métodos de pagamento privados". +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Segurança de Dados +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. aviso "Criptografia de e-mail". +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Software como um serviço (SaaS) apenas @@ -218,44 +233,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar ".onion Service" (Serviço de cebola) +#### :material-check:{ .pg-green } Custom Domains and Aliases - Tutanota suporta [autenticação de dois fatores](https://tutanota.com/faq#2fa). Os usuários podem usar [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) ou [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor). +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Tutanota não tem planos de puxar e-mails de [contas de e-mail externas](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) usando o protocolo [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) . +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. nota Consulte a [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verifique "Domínios e Pseudônimos Personalizados". +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). O serviço é mantido por voluntários e sua comunidade. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). O serviço é mantido por voluntários e sua comunidade. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. aviso "Métodos de pagamento privados". +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Segurança de Dados +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Visão Geral da Criptografia de E-mail An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![Joplin logo](/assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](https://joplinapp.org/) +- ![Standard Notes logo](/assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](https://standardnotes.org/) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -413,7 +435,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Privacidade @@ -430,7 +452,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -445,7 +467,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Programas de recompensa de bugs e/ou um processo coordenado de divulgação de vulnerabilidades. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Segurança @@ -483,5 +505,3 @@ Must not have any marketing which is irresponsible: ### Marketing While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/encryption.md b/i18n/pt/encryption.md index 7f3aeb763..237f56733 100644 --- a/i18n/pt/encryption.md +++ b/i18n/pt/encryption.md @@ -1,6 +1,7 @@ --- title: "Software de encriptação" icon: material/file-lock +description: A encriptação de dados é a única forma de controlar quem pode acessá-los. These tools allow you to encrypt your emails and any other files. --- A encriptação de dados é a única forma de controlar quem pode acessá-los. Se você não estiver usando software de criptografia para o seu disco rígido, e-mails ou arquivos, você deve escolher uma opção aqui. @@ -373,5 +374,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/file-sharing.md b/i18n/pt/file-sharing.md index 2c3f4ecf1..b60815214 100644 --- a/i18n/pt/file-sharing.md +++ b/i18n/pt/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Ferramentas de Autenticação Multi-Factor" icon: material/share-variant +description: Descubra como partilhar os seus ficheiros em privado entre os seus dispositivos, com os seus amigos e família, ou anonimamente online. --- Descubra como partilhar os seus ficheiros em privado entre os seus dispositivos, com os seus amigos e família, ou anonimamente online. @@ -165,5 +166,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/financial-services.md b/i18n/pt/financial-services.md new file mode 100644 index 000000000..73602ba2c --- /dev/null +++ b/i18n/pt/financial-services.md @@ -0,0 +1,102 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Considere o auto-hospedagem para mitigar esta ameaça. + + ![logo PrivateBin](/assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Considere o auto-hospedagem para mitigar esta ameaça. + + ![logo PrivateBin](/assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/pt/frontends.md b/i18n/pt/frontends.md index 9905b316c..08ba13934 100644 --- a/i18n/pt/frontends.md +++ b/i18n/pt/frontends.md @@ -1,6 +1,7 @@ --- title: "Gestores de senhas" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -279,5 +280,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/index.md b/i18n/pt/index.md index 6e4256735..f8eda1263 100644 --- a/i18n/pt/index.md +++ b/i18n/pt/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/kb-archive.md b/i18n/pt/kb-archive.md index 157666958..ffc1166d9 100644 --- a/i18n/pt/kb-archive.md +++ b/i18n/pt/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integração da Remoção de Metadados](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/meta/brand.md b/i18n/pt/meta/brand.md index 35a2225fd..53cb9ac42 100644 --- a/i18n/pt/meta/brand.md +++ b/i18n/pt/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/meta/git-recommendations.md b/i18n/pt/meta/git-recommendations.md index 8e02a1f8c..f59b5f81f 100644 --- a/i18n/pt/meta/git-recommendations.md +++ b/i18n/pt/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/meta/uploading-images.md b/i18n/pt/meta/uploading-images.md index 7d49049b3..55f136f8a 100644 --- a/i18n/pt/meta/uploading-images.md +++ b/i18n/pt/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/meta/writing-style.md b/i18n/pt/meta/writing-style.md index e1e044e0e..b9e47a716 100644 --- a/i18n/pt/meta/writing-style.md +++ b/i18n/pt/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/mobile-browsers.md b/i18n/pt/mobile-browsers.md index b855d61df..f07215219 100644 --- a/i18n/pt/mobile-browsers.md +++ b/i18n/pt/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -192,5 +193,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/multi-factor-authentication.md b/i18n/pt/multi-factor-authentication.md index efa783d14..f00d68a1f 100644 --- a/i18n/pt/multi-factor-authentication.md +++ b/i18n/pt/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticadores Multi-Factor" icon: 'O uso de AMF forte pode parar mais de 99% dos acessos não autorizados à conta, e é fácil de configurar nos serviços que você já usa.' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Chaves de Segurança de Hardware @@ -147,5 +148,3 @@ Recomendamos vivamente que utilize aplicações TOTP móveis em vez de alternati - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/news-aggregators.md b/i18n/pt/news-aggregators.md index d24307823..b28513ed2 100644 --- a/i18n/pt/news-aggregators.md +++ b/i18n/pt/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "Comunicação em Tempo Real" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [agregador de notícias](https://en.wikipedia.org/wiki/News_aggregator) é uma forma de acompanhar os seus blogs e sites de notícias favoritos. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Clientes agregadores @@ -181,5 +182,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/notebooks.md b/i18n/pt/notebooks.md index 7fb14c0c3..601d90635 100644 --- a/i18n/pt/notebooks.md +++ b/i18n/pt/notebooks.md @@ -1,6 +1,7 @@ --- title: "Cadernos de notas" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Mantenha um registo das suas notas e diários sem os entregar a terceiros. @@ -121,5 +122,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/os/android-overview.md b/i18n/pt/os/android-overview.md index 2d5c02540..941d7b811 100644 --- a/i18n/pt/os/android-overview.md +++ b/i18n/pt/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! Recomendamos que você verifique o [documentação](https://developers.yubico.com/SSH/) de Yubico sobre como configurar isso. + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/os/linux-overview.md b/i18n/pt/os/linux-overview.md index c548d2bb3..74d8025d5 100644 --- a/i18n/pt/os/linux-overview.md +++ b/i18n/pt/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Visão geral do Linux icon: fontawesome/brands/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -Existe uma crença comum que o *software* de [código aberto](https://pt. wikipedia. org/wiki/Software_de_c%C3%B3digo_aberto) é intrinsecamente seguro porque o código-fonte está disponível. Existe uma expectativa de que a verificação por parte da comunidade ocorre regularmente; contudo, esse nem sempre é [o caso](https://seirdy. one/2022/02/02/floss-security. html). A segurança do código está dependente de uma série de factores, tais como atividade do projecto, a experiência do programador, o nível de rigor aplicado em [revisões de código](https://en. wikipedia. org/wiki/Code_review) e a quantas vezes é dada atenção a partes específicas do [base de código](https://en. wikipedia. org/wiki/Codebase), que podem permanecer intocadas durante anos. +Existe uma crença comum que o *software* de [código aberto](https://pt. wikipedia. org/wiki/Software_de_c%C3%B3digo_aberto) é intrinsecamente seguro porque o código-fonte está disponível. Existe uma expectativa de que a verificação por parte da comunidade ocorre regularmente; contudo, esse nem sempre é [o caso](https://seirdy. one/2022/02/02/floss-security. html). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. Neste momento, a utilização de GNU/Linux em computadores pessoais tem algumas áreas que poderiam ser melhoradas quando comparadas com os seus equivalentes proprietários, por exemplo: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/os/qubes-overview.md b/i18n/pt/os/qubes-overview.md index 02c222219..06847aba5 100644 --- a/i18n/pt/os/qubes-overview.md +++ b/i18n/pt/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/passwords.md b/i18n/pt/passwords.md index 545ef14a1..ee59f1a24 100644 --- a/i18n/pt/passwords.md +++ b/i18n/pt/passwords.md @@ -1,6 +1,7 @@ --- title: "Redes Auto-Contidas" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Fique seguro e protegido on-line com um gerenciador de senhas criptografado e de código aberto. @@ -251,5 +252,3 @@ These products are minimal password managers that can be used within scripting a **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails. - Must be cross-platform. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/productivity.md b/i18n/pt/productivity.md index e611bf1e8..c00cc2643 100644 --- a/i18n/pt/productivity.md +++ b/i18n/pt/productivity.md @@ -1,6 +1,7 @@ --- title: "Clientes de streaming de vídeo" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -178,5 +179,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/real-time-communication.md b/i18n/pt/real-time-communication.md index a84734c24..df81180a8 100644 --- a/i18n/pt/real-time-communication.md +++ b/i18n/pt/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Clientes de streaming de vídeo" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -211,5 +212,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/router.md b/i18n/pt/router.md index 821649734..510b26a8a 100644 --- a/i18n/pt/router.md +++ b/i18n/pt/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Abaixo estão alguns sistemas operacionais alternativos, que podem ser usados em roteadores, pontos de acesso Wi-Fi, etc. @@ -49,5 +50,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/search-engines.md b/i18n/pt/search-engines.md index 5d8e01b9d..a09533853 100644 --- a/i18n/pt/search-engines.md +++ b/i18n/pt/search-engines.md @@ -1,6 +1,7 @@ --- title: "Motores de Busca" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use um motor de busca que não construa um perfil publicitário baseado nas suas pesquisas. @@ -107,5 +108,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/tools.md b/i18n/pt/tools.md index 63503b6b4..75d7b6e4b 100644 --- a/i18n/pt/tools.md +++ b/i18n/pt/tools.md @@ -3,6 +3,7 @@ title: "Ferramentas de Privacidade" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Se você está procurando uma solução específica para algo, estas são as ferramentas de hardware e software que recomendamos em uma variedade de categorias. Nossas ferramentas de privacidade recomendadas são escolhidas principalmente com base em recursos de segurança, com ênfase adicional em ferramentas descentralizadas e de código aberto. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -93,10 +94,11 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Nextcloud logo](/assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](https://nextcloud.com/) -- ![Proton Drive logo](/assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](https://drive.protonmail.com/) -- ![Cryptee logo](/assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Logotipo de Cryptee](/assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](https://crypt.ee/) -- ![Logotipo de Tahoe-LAFS](/assets/img/cloud/tahoe-lafs.svg#only-light){ .twemoji }![Logotipo Tahoe-LAFS](/assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ .twemoji } [Tahoe-LAFS (Avançado)](https://www.tahoe-lafs.org/) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
@@ -210,6 +212,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Saiba mais...](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Saiba mais...](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Saiba mais...](financial-services.md#gift-card-marketplaces) + ### Motores de Busca
@@ -239,10 +264,9 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v
-- ![logo GnuPG](/assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](https://gnupg.org) -- ![GPG4Win logo](/assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](https://gpg4win.org) -- ![GPG Suite logo](/assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](https://gpgtools.org) -- ![OpenKeychain logo](/assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](https://www.openkeychain.org/) +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -264,6 +288,16 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v [Saiba mais...](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Saiba mais...](cryptocurrency.md) + ### Ferramentas de encriptação
@@ -451,5 +485,3 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v
[Saiba mais...](video-streaming.md) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/tor.md b/i18n/pt/tor.md index 429ca5bfa..f46298ee9 100644 --- a/i18n/pt/tor.md +++ b/i18n/pt/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -129,5 +124,3 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/video-streaming.md b/i18n/pt/video-streaming.md index fac54af60..df2d5f54d 100644 --- a/i18n/pt/video-streaming.md +++ b/i18n/pt/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Transmissão de vídeo" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- A principal ameaça ao usar uma plataforma de streaming de vídeo é que os seus hábitos de streaming e listas de assinaturas podem ser usados para traçar o seu perfil. Você deve combinar estas ferramentas com um [VPN](/vpn) ou [Tor](https://www.torproject.org/) para tornar mais difícil o perfil do seu uso. @@ -49,5 +50,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/vpn.md b/i18n/pt/vpn.md index a5c3626cb..59b37a3ed 100644 --- a/i18n/pt/vpn.md +++ b/i18n/pt/vpn.md @@ -1,11 +1,20 @@ --- -title: "Serviços VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Encontre um operador VPN sem registo que não esteja a vender ou a ler o seu tráfego web. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. perigo "As VPNs não proporcionam anonimato". +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! perigo "As VPNs não proporcionam anonimato". Usando uma VPN **não*** manterá seus hábitos de navegação anônimos, nem adicionará segurança adicional ao tráfego não seguro (HTTP). @@ -15,78 +24,11 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v [Baixar Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mitos Tor & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button } -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Quando é que as VPNs são úteis?" - - Se você está procurando por **privacidade adicional** do seu provedor, em uma rede Wi-Fi pública, ou enquanto estiver torrentando arquivos, uma VPN pode ser a solução para você, desde que você entenda os riscos envolvidos. - - [Mais informações](#vpn-overview){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Provedores recomendados -!!! exemplo "Critérios". - - Nossos provedores recomendados estão fora dos EUA, usam criptografia, aceitam Monero, suportam WireGuard & OpenVPN, e têm uma política de não registro. Leia a nossa [lista completa de critérios](#nossos-critérios) para mais informações. - -### Mullvad - -!!! recommendation annotate - - ![logo Mullvad](/assets/img/vpn/mullvad.svg#only-light){ align=right } - ![Mullvad logo](/assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - - **Mullvad** é uma VPN rápida e barata com um foco sério na transparência e segurança. Eles estão em operação desde **2009***. - - Mullvad está sediada na Suécia e não tem um teste gratuito. downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "35 Países". - - Mullvad tem [servidores em 35 países](https://mullvad.net/en/servers/) no momento de escrever esta página. Escolher um provedor VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você envia. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. - - Também achamos que é melhor para a segurança das chaves privadas do provedor de VPN se ele usar [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), ao invés de soluções compartilhadas mais baratas (com outros clientes), como [servidores virtuais privados](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Ocultar o seu tráfego de **apenas** o seu fornecedor de serviços de Internet. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Auditado independentemente". - - Os clientes VPN da Mullvad foram auditados pela Cure53 e Assured AB num relatório de pentest [publicado na cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Os investigadores de segurança concluíram: - - > Cure53 e Assured AB estão satisfeitos com os resultados da auditoria e o software deixa uma impressão geral positiva. Com a dedicação da equipe interna do complexo Mullvad VPN, os testadores não têm dúvidas de que o projeto está no caminho certo do ponto de vista de segurança. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes de código aberto". - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Aceita Dinheiro". - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Suporte WireGuard". - - A Mullvad suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com)[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) o uso do WireGuard com o seu serviço. É o protocolo padrão ou único protocolo nos aplicativos Android, iOS, macOS e Linux da Mullvad, enquanto os usuários de Windows têm de [habilitar manualmente](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Suporte IPv6". - - A Mullvad suporta o futuro do networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Sua rede permite aos usuários [acessar serviços hospedados em IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) em oposição a outros provedores que bloqueiam conexões IPv6. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Remote Port Forwarding". - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". - - A Mullvad publicou clientes [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) e [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), ambos com suporte a uma interface fácil de usar, em vez de exigir que os usuários configurem manualmente suas conexões do WireGuard. O cliente móvel no Android também está disponível em [F-Droid](https://f-droid.org/packages/net.mullvad.mullvadvpn), o que garante que ele seja compilado com [builds reproduzíveis](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! info "Funcionalidade Adicional - - Mullvad é muito transparente sobre quais nós eles [possuem ou alugam](https://mullvad.net/en/servers/). Eles usam [ShadowSocks](https://shadowsocks.org/en/index.html) na sua configuração ShadowSocks OpenVPN, tornando-os mais resistentes contra firewalls com [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) tentando bloquear VPNs. +Nossos provedores recomendados estão fora dos EUA, usam criptografia, aceitam Monero, suportam WireGuard & OpenVPN, e têm uma política de não registro. Read our [full list of criteria](#criteria) for more information. ### ProtonVPN @@ -99,43 +41,44 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v Eles oferecem mais 14 iscount para a compra de uma assinatura de 2 anos. Também achamos que é melhor para a segurança das chaves privadas do provedor de VPN se ele usar [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), ao invés de soluções compartilhadas mais baratas (com outros clientes), como [servidores virtuais privados](https://en.wikipedia.org/wiki/Virtual_private_server). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "44 Países". +#### :material-check:{ .pg-green } 35 Countries - ProtonVPN tem [servidores em 44 países](https://protonvpn.com/vpn-servers) no momento de escrever esta página. Escolher um provedor VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você envia. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. - - Também achamos que é melhor para a segurança das chaves privadas do provedor de VPN se ele usar [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), ao invés de soluções compartilhadas mais baratas (com outros clientes), como [servidores virtuais privados](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. +{ .annotate } 1. Ocultar o seu tráfego de **apenas** o seu fornecedor de serviços de Internet. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Auditado independentemente". +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes de código aberto". +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Aceita Dinheiro". +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Suporte WireGuard". +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - ProtonVPN suporta principalmente o protocolo WireGuard®. [WireGuard](https://www.wireguard.com)[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Falta o "Remote Port Forwarding". +ProtonVPN suporta principalmente o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Remote Port Forwarding". +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +#### :material-check:{ .pg-green } Mobile Clients - ProtonVPN têm seus próprios servidores e datacenters na Suíça, Islândia e Suécia. Eles oferecem bloqueio de domínios malware conhecidos e de bloqueio com o seu serviço DNS. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +ProtonVPN têm seus próprios servidores e datacenters na Suíça, Islândia e Suécia. IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### IVPN @@ -157,55 +100,118 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "32 Países". +#### :material-check:{ .pg-green } 41 Countries - IVPN tem [servidores em 32 países](https://www.ivpn.net/server-locations) no momento de escrever esta página. Escolher um provedor VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você envia. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. - - Também achamos que é melhor para a segurança das chaves privadas do provedor de VPN se ele usar [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), ao invés de soluções compartilhadas mais baratas (com outros clientes), como [servidores virtuais privados](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. +{ .annotate } 1. Ocultar o seu tráfego de **apenas** o seu fornecedor de serviços de Internet. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Auditado independentemente". +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com)\[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography\](https://www.wireguard.com/protocol/). + +#### :material-check:{ .pg-green } WireGuard Support + +O IVPN suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. O cliente móvel no Android também está disponível em \[F-Droid\](https://f-droid.org/en/packages/net.ivpn.client), o que garante que ele seja compilado com \[builds reproduzíveis\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Mullvad + +!!! recommendation annotate + + ![logo Mullvad](/assets/img/vpn/mullvad.svg#only-light){ align=right } + ![Mullvad logo](/assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Mullvad** é uma VPN rápida e barata com um foco sério na transparência e segurança. Eles estão em operação desde **2009***. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + Mullvad está sediada na Suécia e não tem um teste gratuito. downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes de código aberto". +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. +{ .annotate } -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Aceita Dinheiro". +1. Ocultar o seu tráfego de **apenas** o seu fornecedor de serviços de Internet. - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. [WireGuard](https://www.wireguard.com)[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography](https://www.wireguard.com/protocol/). +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Suporte WireGuard". +#### :material-check:{ .pg-green } Independently Audited - O IVPN suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com)[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Os clientes VPN da Mullvad foram auditados pela Cure53 e Assured AB num relatório de pentest \[publicado na cure53.de\](https://cure53.de/pentest-report_mullvad_v2.pdf). Os investigadores de segurança concluíram: -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Remote Port Forwarding". +> Cure53 e Assured AB estão satisfeitos com os resultados da auditoria e o software deixa uma impressão geral positiva. Com a dedicação da equipe interna do complexo Mullvad VPN, os testadores não têm dúvidas de que o projeto está no caminho certo do ponto de vista de segurança. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - O envio remoto [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) é possível com um plano Pro. Port forwarding [pode ser ativado](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) através da área do cliente. +#### :material-check:{ .pg-green } Open-Source Clients -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Falta o "Remote Port Forwarding". +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - Além de fornecer arquivos de configuração padrão OpenVPN, o IVPN tem clientes móveis para [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683) e [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), permitindo fácil conexão com seus servidores. O cliente móvel no Android também está disponível em [F-Droid](https://f-droid.org/en/packages/net.ivpn.client), o que garante que ele seja compilado com [builds reproduzíveis](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +#### :material-check:{ .pg-green } Accepts Cash -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Remote Port Forwarding". +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. - Clientes IVPN suportam dois factores de autenticação (clientes Mullvad e ProtonVPN não suportam). IVPN também fornece a funcionalidade "[AntiTracker](https://www.ivpn.net/antitracker)", que bloqueia redes de publicidade e rastreadores a partir do nível da rede. +#### :material-check:{ .pg-green } WireGuard Support -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +A Mullvad suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - É importante notar que a utilização de um provedor VPN não o tornará anônimo, mas lhe dará melhor privacidade em certas situações. Uma VPN não é uma ferramenta para actividades ilegais. Não confies numa política de "sem registo". Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. + +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Sua rede permite aos usuários \[acessar serviços hospedados em IPv6\](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) em oposição a outros provedores que bloqueiam conexões IPv6. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +A Mullvad publicou clientes \[App Store\](https://apps.apple.com/app/mullvad-vpn/id1488466513) e \[Google Play\](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), ambos com suporte a uma interface fácil de usar, em vez de exigir que os usuários configurem manualmente suas conexões do WireGuard. O cliente móvel no Android também está disponível em \[F-Droid\](https://f-droid.org/packages/net.mullvad.mullvadvpn), o que garante que ele seja compilado com \[builds reproduzíveis\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Eles usam \[ShadowSocks\](https://shadowsocks.org/en/index.html) na sua configuração ShadowSocks OpenVPN, tornando-os mais resistentes contra firewalls com \[Deep Packet Inspection\](https://en.wikipedia.org/wiki/Deep_packet_inspection) tentando bloquear VPNs. ## Framadate @@ -240,13 +246,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **O melhor caso:** -- Suporte para protocolos fortes como o WireGuard & OpenVPN. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - Killswitch construído para os clientes. **Best Case:** -- Suporte WireGuard e OpenVPN. -- Killswitch com opções altamente configuráveis (ativar/desativar em certas redes, no boot, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Privacidade @@ -304,5 +310,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Marketing While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/ru/404.md b/i18n/ru/404.md index b10bd9acb..79accdfab 100644 --- a/i18n/ru/404.md +++ b/i18n/ru/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Страница Не Найдена @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/criteria.md b/i18n/ru/about/criteria.md index a633946e6..3084230bd 100644 --- a/i18n/ru/about/criteria.md +++ b/i18n/ru/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/donate.md b/i18n/ru/about/donate.md index 965414b8d..54eda3874 100644 --- a/i18n/ru/about/donate.md +++ b/i18n/ru/about/donate.md @@ -48,5 +48,3 @@ Privacy Guides - это **некоммерческая** организация. Иногда мы приобретаем продукты и услуги для тестирования [рекомендуемых нами инструментов](../tools.md). Мы всё ещё работаем над нашим фискальным хостом (Фонд Open Collective), чтобы получать пожертвования в криптовалюте, сейчас учёт множества мелких операций невозможен, но мы постараемся изменить это в будущем. А пока, если вы хотите сделать большое (> $100) пожертвование в криптовалюте, пожалуйста обратитесь по адресу [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/index.md b/i18n/ru/about/index.md index e86f19ae2..f695a0408 100644 --- a/i18n/ru/about/index.md +++ b/i18n/ru/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. Однако вы **не можете** использовать бренд PrivacyGuides в своем проекте без нашего специального разрешения. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/notices.md b/i18n/ru/about/notices.md index ce7b4b0f3..a53184312 100644 --- a/i18n/ru/about/notices.md +++ b/i18n/ru/about/notices.md @@ -41,5 +41,3 @@ PrivacyGuides - это проект с открытым исходным код * Скрейпинг * Data mining (просев информации, добыча данных, извлечение данных) * "Фрейминг" (IFrames) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/privacy-policy.md b/i18n/ru/about/privacy-policy.md index 9b0406300..7288aaca4 100644 --- a/i18n/ru/about/privacy-policy.md +++ b/i18n/ru/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). Мы можем изменить способ объявления изменений в будущих версиях политики. В то же время мы можем обновить контактные данные в любое время без объявления об изменениях. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/privacytools.md b/i18n/ru/about/privacytools.md index 74fe67e5b..515c21f59 100644 --- a/i18n/ru/about/privacytools.md +++ b/i18n/ru/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/services.md b/i18n/ru/about/services.md index 6997f3b37..7046475d9 100644 --- a/i18n/ru/about/services.md +++ b/i18n/ru/about/services.md @@ -36,5 +36,3 @@ - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/statistics.md b/i18n/ru/about/statistics.md index 8dbab7e93..efcec7bdf 100644 --- a/i18n/ru/about/statistics.md +++ b/i18n/ru/about/statistics.md @@ -59,5 +59,3 @@ title: Статистика посещений }) }) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/advanced/communication-network-types.md b/i18n/ru/advanced/communication-network-types.md index cd6b353e2..0b8003606 100644 --- a/i18n/ru/advanced/communication-network-types.md +++ b/i18n/ru/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/advanced/dns-overview.md b/i18n/ru/advanced/dns-overview.md index a31164bb2..63d85a911 100644 --- a/i18n/ru/advanced/dns-overview.md +++ b/i18n/ru/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/advanced/payments.md b/i18n/ru/advanced/payments.md new file mode 100644 index 000000000..0948c652f --- /dev/null +++ b/i18n/ru/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! recommendation + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/ru/advanced/tor-overview.md b/i18n/ru/advanced/tor-overview.md index 6b51d05a5..334fd28e4 100644 --- a/i18n/ru/advanced/tor-overview.md +++ b/i18n/ru/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.ru.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/ru/android.md b/i18n/ru/android.md index 969671aef..619e8bb0b 100644 --- a/i18n/ru/android.md +++ b/i18n/ru/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Деривативы AOSP @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/account-creation.md b/i18n/ru/basics/account-creation.md index 5599ad052..afa5d429f 100644 --- a/i18n/ru/basics/account-creation.md +++ b/i18n/ru/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/account-deletion.md b/i18n/ru/basics/account-deletion.md index 9b163e236..e32160b29 100644 --- a/i18n/ru/basics/account-deletion.md +++ b/i18n/ru/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/common-misconceptions.md b/i18n/ru/basics/common-misconceptions.md index a43975024..41997417f 100644 --- a/i18n/ru/basics/common-misconceptions.md +++ b/i18n/ru/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.ru.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/ru/basics/common-threats.md b/i18n/ru/basics/common-threats.md index 7a525ce76..e278c0cbf 100644 --- a/i18n/ru/basics/common-threats.md +++ b/i18n/ru/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.ru.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/ru/basics/email-security.md b/i18n/ru/basics/email-security.md index d7ce0046e..f0c2fb579 100644 --- a/i18n/ru/basics/email-security.md +++ b/i18n/ru/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/multi-factor-authentication.md b/i18n/ru/basics/multi-factor-authentication.md index 5a72547d9..9bae22632 100644 --- a/i18n/ru/basics/multi-factor-authentication.md +++ b/i18n/ru/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (и KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/passwords-overview.md b/i18n/ru/basics/passwords-overview.md index 482da401d..944921cf1 100644 --- a/i18n/ru/basics/passwords-overview.md +++ b/i18n/ru/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/threat-modeling.md b/i18n/ru/basics/threat-modeling.md index f32915b40..bd784b8f5 100644 --- a/i18n/ru/basics/threat-modeling.md +++ b/i18n/ru/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Моделирование угроз" icon: 'material/target-account' +description: Баланс между безопасностью, конфиденциальностью и удобством использования - одна из первых и самых сложных задач, с которыми вы столкнетесь на пути к конфиденциальности. --- Баланс между безопасностью, конфиденциальностью и удобством использования - одна из первых и самых сложных задач, с которыми вы столкнетесь на пути к конфиденциальности. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Источники - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/vpn-overview.md b/i18n/ru/basics/vpn-overview.md index 8da6876cd..a1a007f52 100644 --- a/i18n/ru/basics/vpn-overview.md +++ b/i18n/ru/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/calendar.md b/i18n/ru/calendar.md index 2480f51aa..eee936848 100644 --- a/i18n/ru/calendar.md +++ b/i18n/ru/calendar.md @@ -1,6 +1,7 @@ --- title: "Синхронизация календаря" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Ваши события в календаре - одни из самых конфиденциальных данных. Используйте продукты с поддержкой автоматического E2EE, чтобы предотвратить их чтение провайдером. @@ -67,5 +68,3 @@ icon: material/calendar Эти критерии представляют собой то, что мы хотели бы видеть от идеального проекта в этой категории. Наши рекомендации могут не соответствовать всем или нескольким из этих критериев, но проекты, которые им соответствуют, расположены выше остальных. - По возможности должна быть интеграция с родными приложениями "календарь" и "контакты" в операционной системе. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/cloud.md b/i18n/ru/cloud.md index 761404522..428e6ba82 100644 --- a/i18n/ru/cloud.md +++ b/i18n/ru/cloud.md @@ -1,6 +1,7 @@ --- title: "Облачное хранилище" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Многие сервисы облачного хранилища требуют от вас полного доверия, что они не будут просматривать ваши файлы. Альтернативы, перечисленные ниже, устраняют необходимость в доверии, либо предоставляя вам контроль над вашими данными, либо используя E2EE. @@ -29,7 +30,6 @@ icon: material/file-cloud - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Мобильные клиенты Proton Drive были выпущены в декабре 2022 года и пока не имеют открытого исходного кода. Исторически сложилось так, что компания "Proton" откладывает выпуск исходного кода до окончания выпуска первоначального продукта, и выпуск исходного кода [запланирован](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) на конец 2023 года. Клиенты Proton Drive для ПК все еще находятся в разработке. ## Критерии @@ -58,5 +58,3 @@ icon: material/file-cloud - Эти клиенты должны интегрироваться с собственными инструментами ОС для сервисов облачных хранилищ, такими как интеграция приложения Files на iOS или функциональность DocumentsProvider на Android. - Должны поддерживать простой обмен файлами с другими пользователями. - Должны предлагать, по крайней мере, базовые функции предварительного просмотра и редактирования файлов в веб-интерфейсе. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/cryptocurrency.md b/i18n/ru/cryptocurrency.md new file mode 100644 index 000000000..6616a28ee --- /dev/null +++ b/i18n/ru/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! recommendation + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Для уменьшения этой угрозы рассмотрите возможность самостоятельного хостинга. + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. Мы учитываем и обсуждаем много факторов, перед тем как рекомендовать какой-то проект, и документирование каждого из них ещё не завершено. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/ru/data-redaction.md b/i18n/ru/data-redaction.md index 7b74bfb6e..42ec0dcba 100644 --- a/i18n/ru/data-redaction.md +++ b/i18n/ru/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Инструменты для шифрования" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- Когда вы делитесь с кем-то файлами, то не забудьте удалить связанные с ними метаданные. Файлы изображений обычно содержат [данные EXIF](https://ru.wikipedia.org/wiki/Exif). Иногда фотографии даже включают ваши [GPS](https://ru.wikipedia.org/wiki/GPS) координаты в метаданные файла. @@ -136,5 +137,3 @@ The app offers multiple ways to erase metadata from images. recommendation - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/desktop-browsers.md b/i18n/ru/desktop-browsers.md index 5fc02de1e..8e31ef0ec 100644 --- a/i18n/ru/desktop-browsers.md +++ b/i18n/ru/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -248,6 +249,4 @@ These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashb - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.ru.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/ru/desktop.md b/i18n/ru/desktop.md index ba9950ca1..5b9320e44 100644 --- a/i18n/ru/desktop.md +++ b/i18n/ru/desktop.md @@ -1,6 +1,7 @@ --- title: "Облачные хранилища" icon: fontawesome/brands/linux +description: Дистрибутивы Linux часто рекомендуются для защиты конфиденциальности и свободы пользователей. --- Дистрибутивы Linux часто рекомендуются для защиты конфиденциальности и свободы пользователей. Если вы еще не используете Linux, ниже приведены некоторые дистрибутивы, которые мы рекомендуем попробовать, а также несколько общих советов по улучшению конфиденциальности и безопасности, которые применимы ко многим дистрибутивам Linux. @@ -176,5 +177,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/dns.md b/i18n/ru/dns.md index 1760375bc..b5dd0c019 100644 --- a/i18n/ru/dns.md +++ b/i18n/ru/dns.md @@ -1,13 +1,12 @@ --- title: "DNS-провайдеры" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! faq "Следует ли мне использовать зашифрованный DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Зашифрованный DNS не поможет вам скрыть какую-либо активность в интернете. - Зашифрованный DNS со сторонними серверами должен использоваться только для обхода базовой [DNS-блокировки](https://en.wikipedia.org/wiki/DNS_blocking) если вы уверены, что это не повлечет за собой никаких последствий. Зашифрованный DNS не поможет вам скрыть какую-либо активность в интернете. - - [Подробнее о DNS](technology/dns.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Рекомендованные провайдеры @@ -131,8 +130,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.ru.txt" - [^1]: AdGuard хранит показатели производительности их DNS серверов, содержащие в себе количество выполненных запросов к определенному серверу, количество заблокированных запросов и скорость обработки. Они также ведут и хранят базу данных доменов, запрошенных в течение последних 24 часов. "Нам нужна эта информация, чтобы выявлять и блокировать новые трекеры и угрозы." "Также мы храним информацию о том, сколько раз тот или иной трекер был заблокирован. Нам нужна эта информация, чтобы удалять устаревшие правила из наших фильтров." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare собирает и хранит только DNS-запросы, направленные на 1.1.1.1. Сервис не хранит персональные данные; большая часть неперсональных данных хранится только в течение 25 часов. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/ru/email-clients.md b/i18n/ru/email-clients.md index df60116fc..6c58ca505 100644 --- a/i18n/ru/email-clients.md +++ b/i18n/ru/email-clients.md @@ -1,6 +1,7 @@ --- title: "Обмен Файлами" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Наш список рекомендаций содержит только почтовые клиенты, которые поддерживают [OpenPGP](/encryption/#openpgp) и безопасную аутентификацию (например, [OAuth](https://ru.wikipedia.org/wiki/OAuth)). OAuth позволяет использовать [многофакторную аутентификацию](/multi-factor-authentication) и предотвратить кражу учетных записей. @@ -226,5 +227,3 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/email.md b/i18n/ru/email.md index 3efb21418..719f7df7e 100644 --- a/i18n/ru/email.md +++ b/i18n/ru/email.md @@ -1,6 +1,7 @@ --- -title: "Провайдеры приватной электронной почты" +title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Электронная почта практически необходима для использования любого онлайн-сервиса, однако мы не рекомендуем использовать её для общения с людьми. Вместо того чтобы использовать электронную почту для связи с другими людьми, советуем использовать мессенджеры, которые поддерживают прямую секретность. @@ -9,9 +10,21 @@ icon: material/email Для всего остального, мы рекомендуем различных провайдеров электронной почты, которые базируются на устойчивых бизнес-моделях и встроенных функциях безопасности и конфиденциальности. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! note @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,52 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![Логотип Proton VPN](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#protonvpn) +- ![Логотип IVPN](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Логотип Mullvad](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +439,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +456,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +471,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +509,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/encryption.md b/i18n/ru/encryption.md index 38139b8db..99d89405e 100644 --- a/i18n/ru/encryption.md +++ b/i18n/ru/encryption.md @@ -1,6 +1,7 @@ --- title: "Инструменты для шифрования" icon: material/file-lock +description: Шифрование данных - единственный способ контролировать доступ к ним. These tools allow you to encrypt your emails and any other files. --- Шифрование данных - единственный способ контролировать доступ к ним. Если вы еще не используете какие-либо инструменты шифрования диска, электронной почты или файлов, то вы можете выбрать один из них тут. @@ -320,5 +321,3 @@ When encrypting with PGP, you have the option to configure different options in - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/file-sharing.md b/i18n/ru/file-sharing.md index ea50c68f5..dab56bbf1 100644 --- a/i18n/ru/file-sharing.md +++ b/i18n/ru/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Синхронизация и обмен файлами" icon: material/share-variant +description: Узнайте, как конфиденциально обмениваться файлами между устройствами, с друзьями и родственниками или анонимно в Интернете. --- Узнайте, как конфиденциально обмениваться файлами между устройствами, с друзьями и родственниками или анонимно в Интернете. @@ -144,5 +145,3 @@ ffsend upload --host https://send.vis.ee/ FILE - Есть мобильные клиенты для iOS и Android, которые, как минимум, поддерживают предварительный просмотр документов. - Есть резервное копирование фотографий с iOS и Android, а также опциональная поддержка синхронизации файлов/папок на Android. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/financial-services.md b/i18n/ru/financial-services.md new file mode 100644 index 000000000..45becd749 --- /dev/null +++ b/i18n/ru/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Для уменьшения этой угрозы рассмотрите возможность самостоятельного хостинга. + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. Мы учитываем и обсуждаем много факторов, перед тем как рекомендовать какой-то проект, и документирование каждого из них ещё не завершено. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Для уменьшения этой угрозы рассмотрите возможность самостоятельного хостинга. + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. Мы учитываем и обсуждаем много факторов, перед тем как рекомендовать какой-то проект, и документирование каждого из них ещё не завершено. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/ru/frontends.md b/i18n/ru/frontends.md index 80b695ed8..d7df9bfc9 100644 --- a/i18n/ru/frontends.md +++ b/i18n/ru/frontends.md @@ -1,6 +1,7 @@ --- title: "Менеджеры паролей" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/index.md b/i18n/ru/index.md index 895f51885..8a06ee5ce 100644 --- a/i18n/ru/index.md +++ b/i18n/ru/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/kb-archive.md b/i18n/ru/kb-archive.md index fa8dd8884..92daee33b 100644 --- a/i18n/ru/kb-archive.md +++ b/i18n/ru/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/meta/brand.md b/i18n/ru/meta/brand.md index fa2593ef3..53cb9ac42 100644 --- a/i18n/ru/meta/brand.md +++ b/i18n/ru/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/meta/git-recommendations.md b/i18n/ru/meta/git-recommendations.md index 3d948addb..f59b5f81f 100644 --- a/i18n/ru/meta/git-recommendations.md +++ b/i18n/ru/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/meta/uploading-images.md b/i18n/ru/meta/uploading-images.md index e6d86017c..55f136f8a 100644 --- a/i18n/ru/meta/uploading-images.md +++ b/i18n/ru/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/meta/writing-style.md b/i18n/ru/meta/writing-style.md index b612615e1..b9e47a716 100644 --- a/i18n/ru/meta/writing-style.md +++ b/i18n/ru/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/mobile-browsers.md b/i18n/ru/mobile-browsers.md index ce09af5e9..9e52a55b5 100644 --- a/i18n/ru/mobile-browsers.md +++ b/i18n/ru/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -182,5 +183,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/multi-factor-authentication.md b/i18n/ru/multi-factor-authentication.md index f20cf937f..aa1abea8b 100644 --- a/i18n/ru/multi-factor-authentication.md +++ b/i18n/ru/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Многофакторная аутентификация" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Аппаратные ключи безопасности @@ -138,5 +139,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/news-aggregators.md b/i18n/ru/news-aggregators.md index c3881c18c..9b8a76223 100644 --- a/i18n/ru/news-aggregators.md +++ b/i18n/ru/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "Мессенджеры" icon: octicons/rss-24 +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -[Новостные агрегаторы](https://en.wikipedia.org/wiki/News_aggregator) - это простой способ следить за любимыми блогами и новостями. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Клиенты-агрегаторы @@ -174,5 +175,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/notebooks.md b/i18n/ru/notebooks.md index 15ce4e9cc..ba0137f74 100644 --- a/i18n/ru/notebooks.md +++ b/i18n/ru/notebooks.md @@ -1,6 +1,7 @@ --- title: "Заметки" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Сохраняйте свои заметки и дневники, не передавая их третьим лицам. @@ -111,5 +112,3 @@ Cryptee предлагает 100 МБ хранилища бесплатно, а - Функции локального резервного копирования/синхронизации должны поддерживать шифрование. - Облачные платформы должны поддерживать обмен документами. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/os/android-overview.md b/i18n/ru/os/android-overview.md index 5e279802c..97b44e98c 100644 --- a/i18n/ru/os/android-overview.md +++ b/i18n/ru/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! note + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/os/linux-overview.md b/i18n/ru/os/linux-overview.md index b5216b308..f7ed6c27f 100644 --- a/i18n/ru/os/linux-overview.md +++ b/i18n/ru/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: fontawesome/brands/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/os/qubes-overview.md b/i18n/ru/os/qubes-overview.md index c2c5edb29..0f51cc85b 100644 --- a/i18n/ru/os/qubes-overview.md +++ b/i18n/ru/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/passwords.md b/i18n/ru/passwords.md index 673abbdf1..eaf6cf4a7 100644 --- a/i18n/ru/passwords.md +++ b/i18n/ru/passwords.md @@ -1,6 +1,7 @@ --- title: "Менеджеры паролей" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Менеджеры паролей позволяют безопасно хранить и управлять паролями и другими данными с помощью мастер-пароля. @@ -226,5 +227,3 @@ KeePassXC хранит экспортированные данные в виде Мы пока работаем над установлением определенных критериев для каждого раздела нашего сайта, и они могут поменяться в будущем. Если у вас есть вопросы по поводу наших критериев, пожалуйста, [задавайте их на нашем форуме](https://discuss.privacyguides.net/latest) и не думайте, что мы не учли что-то при составлении наших рекомендаций, если это не указано здесь. Мы учитываем и обсуждаем много факторов, перед тем как рекомендовать какой-то проект, и документирование каждого из них ещё не завершено. - Программа должна быть кроссплатформенной. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/productivity.md b/i18n/ru/productivity.md index 978ff34e6..948919ce9 100644 --- a/i18n/ru/productivity.md +++ b/i18n/ru/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/real-time-communication.md b/i18n/ru/real-time-communication.md index 555abdffe..989f6799d 100644 --- a/i18n/ru/real-time-communication.md +++ b/i18n/ru/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Мессенджеры" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -188,5 +189,3 @@ Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/router.md b/i18n/ru/router.md index aec4bd01d..8fd062a26 100644 --- a/i18n/ru/router.md +++ b/i18n/ru/router.md @@ -1,6 +1,7 @@ --- title: "Прошивки для роутера" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Ниже приведены альтернативные операционные системы, которые могут использоваться на роутерах, точках доступа Wi-Fi и т. п. @@ -47,5 +48,3 @@ OPNsense был изначально разработан как форк [pfSen - Исходный код проекта должен быть открыт. - Проект должен регулярно обновляться. - Проект должен поддерживать широкий спектр устройств. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/search-engines.md b/i18n/ru/search-engines.md index d91197a1b..428281319 100644 --- a/i18n/ru/search-engines.md +++ b/i18n/ru/search-engines.md @@ -1,6 +1,7 @@ --- title: "Поисковые системы" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Используйте поисковую систему, которая не строит рекламный профиль на основе ваших запросов. @@ -101,5 +102,3 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't b - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/tools.md b/i18n/ru/tools.md index 67d18958e..c6db22057 100644 --- a/i18n/ru/tools.md +++ b/i18n/ru/tools.md @@ -3,6 +3,7 @@ title: "Инструменты обеспечения приватности" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Если вы ищете какое-либо решение, то в этом списке все аппаратные и программные средства, которые мы рекомендуем. Рекомендуемые инструменты для обеспечения приватности/конфиденциальности выбираются в первую очередь на основе функций безопасности с дополнительным акцентом на децентрализованные инструменты с открытым исходным кодом. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -99,9 +100,11 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Логотип Cryptee](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Логотип Cryptee](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](cloud.md#cryptee) -- ![Логотип Nextcloud](assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Самостоятельный хостинг)](cloud.md#nextcloud) -- ![Логотип Proton Drive](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
@@ -212,6 +215,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Подробнее :hero-arrow-circle-right-fill:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Подробнее :hero-arrow-circle-right-fill:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Подробнее :hero-arrow-circle-right-fill:](financial-services.md#gift-card-marketplaces) + ### Поисковые системы
@@ -239,9 +265,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -264,6 +290,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Подробнее :hero-arrow-circle-right-fill:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Подробнее :hero-arrow-circle-right-fill:](cryptocurrency.md) + ### Инструменты для шифрования
@@ -450,5 +486,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Подробнее :hero-arrow-circle-right-fill:](video-streaming.md) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/tor.md b/i18n/ru/tor.md index fdbb105d6..2b25df123 100644 --- a/i18n/ru/tor.md +++ b/i18n/ru/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -126,5 +121,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/video-streaming.md b/i18n/ru/video-streaming.md index 85a5d5139..99c85456f 100644 --- a/i18n/ru/video-streaming.md +++ b/i18n/ru/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Видеохостинги" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- Основная угроза при использовании платформ потокового видео заключается в том, что ваши интересы и списки подписчиков могут быть использованы чтобы отслеживать вас. Вам следует сочетать эти инструменты с [VPN](/vpn) или [Tor](https://www.torproject.org/), чтобы усложнить отслеживание вашего использования. @@ -46,5 +47,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/vpn.md b/i18n/ru/vpn.md index 65da3db39..8ca2e1a6f 100644 --- a/i18n/ru/vpn.md +++ b/i18n/ru/vpn.md @@ -1,11 +1,20 @@ --- -title: "VPN сервисы" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Найдите VPN-оператора, который не занимается продажей или чтением вашего веб-трафика. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPN не обеспечивает анонимность" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPN не обеспечивает анонимность" Использование VPN **не обеспечивает** анонимность ваших привычек при просмотре веб-страниц, а также **не прибавляет** безопасности при использовании незащищенного (HTTP) трафика. @@ -15,78 +24,11 @@ icon: material/vpn [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? info "Когда полезны VPN сервисы?" - - Если вам нужна дополнительная **приватность** от вашего провайдера, в публичных сетях Wi-Fi или во время скачивания торрентов, VPN может быть правильным решением для вас, если вы понимаете связанные с этим риски. - - [Подробнее](#vpn-overview){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Рекомендованные провайдеры -!!! example "Критерии" - - Рекомендуемые нами провайдеры находятся за пределами США, используют шифрование, принимают Monero, поддерживают WireGuard и OpenVPN и не сохраняют логи вашего трафика. Для дополнительной информации ознакомьтесь с нашим [полным списком критериев](#our-criteria). - -### Mullvad - -!!! recommendation annotate - - ![Логотип Mullvad](/assets/img/vpn/mullvad.svg#only-light){ align=right } - ![Логотип Mullvad](/assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - - **Mullvad** - это быстрый и недорогой VPN с серьезным акцентом на прозрачность и безопасность. Они работают с **2009 года**. - - Mullvad базируется в Швеции и не имеет бесплатной пробной версии. downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? check "35 Стран" - - На момент написания этой страницы Mullvad имеет [серверы в 35 странах](https://mullvad.net/en/servers/). Выбор VPN-провайдера с ближайшим к вам сервером позволит снизить задержку передаваемого вами сетевого трафика. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? check "Независимо проверены" - - VPN-клиенты Mullvad были проверены компаниями Cure53 и Assured AB в отчете по пентесту [опубликовано на сайте cure53.de] (https://cure53.de/pentest-report_mullvad_v2.pdf). Исследователи безопасности заключили: - - > Cure53 и Assured AB довольны результатами аудита, и программное обеспечение оставляет общее положительное впечатление. Учитывая преданность безопасности в команде Mullvad VPN, проверяющие не сомневаются, что проект находится на правильном пути с точки зрения безопасности. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? check "Клиенты с открытым исходным кодом" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? check "Принимает наличные" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? check "Поддержка WireGuard" - - Mullvad поддерживает протокол WireGuard®. [WireGuard](https://www.wireguard.com)[^1] - это более новый протокол, использующий самую современную [криптографию](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - - Mullvad [рекомендует](https://mullvad.net/en/help/why-wireguard/) использовать WireGuard в их продукте. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Рекомендуемые нами провайдеры находятся за пределами США, используют шифрование, принимают Monero, поддерживают WireGuard и OpenVPN и не сохраняют логи вашего трафика. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -104,43 +46,44 @@ icon: material/vpn - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? check "Независимо проверены" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Выбор VPN-провайдера с ближайшим к вам сервером позволит снизить задержку передаваемого вами сетевого трафика. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. +{ .annotate } 1. Last checked: 2022-09-16 -??? check "Независимо проверены" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? check "Клиенты с открытым исходным кодом" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? check "Принимает наличные" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? check "Поддержка WireGuard" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com)[^1] - это более новый протокол, использующий самую современную [криптографию](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -165,55 +108,118 @@ icon: material/vpn - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? check "Независимо проверены" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Выбор VPN-провайдера с ближайшим к вам сервером позволит снизить задержку передаваемого вами сетевого трафика. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. +{ .annotate } 1. Last checked: 2023-01-19 -??? check "Независимо проверены" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com)\[^1] - это более новый протокол, использующий самую современную [криптографию\](https://www.wireguard.com/protocol/). + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Mullvad + +!!! recommendation annotate + + ![Логотип Mullvad](/assets/img/vpn/mullvad.svg#only-light){ align=right } + ![Логотип Mullvad](/assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Mullvad** - это быстрый и недорогой VPN с серьезным акцентом на прозрачность и безопасность. Они работают с **2009 года**. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + Mullvad базируется в Швеции и не имеет бесплатной пробной версии. downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? check "Клиенты с открытым исходным кодом" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. +{ .annotate } -??? check "Принимает наличные" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. [WireGuard](https://www.wireguard.com)[^1] - это более новый протокол, использующий самую современную [криптографию](https://www.wireguard.com/protocol/). +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? check "Поддержка WireGuard" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com)[^1] - это более новый протокол, использующий самую современную [криптографию](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +VPN-клиенты Mullvad были проверены компаниями Cure53 и Assured AB в отчете по пентесту \[опубликовано на сайте cure53.de\] (https://cure53.de/pentest-report_mullvad_v2.pdf). Исследователи безопасности заключили: -??? check "Поддержка WireGuard" +> Cure53 и Assured AB довольны результатами аудита, и программное обеспечение оставляет общее положительное впечатление. Учитывая преданность безопасности в команде Mullvad VPN, проверяющие не сомневаются, что проект находится на правильном пути с точки зрения безопасности. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Remote Port Forwarding" +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +#### :material-check:{ .pg-green } Accepts Cash -??? success "Mobile Clients" +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +#### :material-check:{ .pg-green } WireGuard Support -??? info "Additional Functionality" +Mullvad поддерживает протокол WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. + +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -248,13 +254,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -312,5 +318,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/sv/404.md b/i18n/sv/404.md index 9b7b31984..25c1c7805 100644 --- a/i18n/sv/404.md +++ b/i18n/sv/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/CODE_OF_CONDUCT.md b/i18n/sv/CODE_OF_CONDUCT.md index 88a0e9100..e7f92a8b9 100644 --- a/i18n/sv/CODE_OF_CONDUCT.md +++ b/i18n/sv/CODE_OF_CONDUCT.md @@ -1,53 +1,53 @@ -# Community Code of Conduct +# Gemenskapens uppförandekod -**We pledge** to make our community a harassment-free experience for everyone. +**Vi lovar** att göra vår community till en upplevelse utan trakasserier för alla. -**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others. +**Vi strävar** efter att skapa en positiv miljö genom att använda ett välkomnande och inkluderande språk och genom att respektera andras åsikter. -**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment. +**Vi tillåter inte** olämpligt eller på annat sätt oacceptabelt beteende, t. ex. sexualiserat språk, trollande och förolämpande kommentarer eller annat som främjar intolerans eller trakasserier. -## Community Standards +## Gemenskapsnormer -What we expect from members of our communities: +Vad vi förväntar oss av medlemmarna i våra samhällen: -1. **Don't spread misinformation** +1. **Sprid inte felaktig information** - We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. + Vi skapar en evidensbaserad utbildningsgemenskap kring sekretess och säkerhet, inte ett hem för konspirationsteorier. Om du till exempel hävdar att en viss programvara är skadlig eller att vissa telemetriuppgifter inkräktar på privatlivet, förklara i detalj vad som samlas in och hur det sker. Påståenden av detta slag måste stödjas av tekniska bevis. -1. **Don't abuse our willingness to help** +1. **Missbruka inte vår vilja att hjälpa till** - Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). + Våra medlemmar är inte gratis teknisk support. Vi hjälper dig gärna med specifika steg på din integritetsresa om du är villig att anstränga dig från din sida. Vi är inte villiga att svara på oändligt upprepade frågor om generiska datorproblem som du skulle ha kunnat besvara själv med en 30-sekunders sökning på internet. Var inte en [hjälp vampyr](https://slash7.com/2006/12/22/vampires/). -1. **Behave in a positive and constructive manner** +1. **Uppför dig på ett positivt och konstruktivt sätt** - Examples of behavior that contributes to a positive environment for our community include: + Exempel på beteende som bidrar till en positiv miljö för vårt samhälle är: - - Demonstrating empathy and kindness toward other people - - Being respectful of differing opinions, viewpoints, and experiences - - Giving and gracefully accepting constructive feedback - - Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience - - Focusing on what is best not just for us as individuals, but for the overall community + - Visa empati och vänlighet mot andra människor + - Respektera olika åsikter, synpunkter och erfarenheter + - Ge och acceptera konstruktiv feedback på ett elegant sätt + - Att ta ansvar och be om ursäkt till dem som drabbats av våra misstag och lära sig av erfarenheten + - Fokusera på vad som är bäst, inte bara för oss som individer utan för hela samhället -### Unacceptable Behavior +### Oacceptabelt beteende -The following behaviors are considered harassment and are unacceptable within our community: +Följande beteenden betraktas som trakasserier och är oacceptabla inom vår community: -- The use of sexualized language or imagery, and sexual attention or advances of any kind -- Trolling, insulting or derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or email address, without their explicit permission -- Other conduct which could reasonably be considered inappropriate in a professional setting +- Användning av sexualiserat språk eller bildspråk, och sexuell uppmärksamhet eller framsteg av något slag +- Trolling, förolämpande eller nedsättande kommentarer och personliga eller politiska attacker +- Offentliga eller privata trakasserier +- Publicera andras privata information, till exempel en fysisk eller e-postadress, utan deras uttryckliga tillstånd +- Annan handling som rimligen kan anses vara olämplig i en professionell tillställning -## Scope +## Omfattning -Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities. +Vår uppförandekod gäller inom alla projektutrymmen, samt när en individ representerar Privacy Guides-projektet i andra samhällen. -We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion. +Vi är ansvariga för att klargöra normerna för vår community och har rätt att ta bort eller ändra kommentarerna från dem som deltar i vår community, efter behov och efter eget gottfinnande. -### Contact +### Kontakt -If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system. +Om du observerar ett problem på en plattform som Matrix eller Reddit kan du kontakta våra moderatorer på den plattformen i chatt, via DM eller genom ett särskilt "Modmail"-system. -If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`. +Om du har ett problem någon annanstans, eller ett problem som våra moderatorer inte kan lösa, kan du vända dig till `jonah@privacyguides.org` och/eller `dngray@privacyguides.org`. -All community leaders are obligated to respect the privacy and security of the reporter of any incident. +Alla samhällsledare är skyldiga att respektera privatlivet och säkerheten för reportern för varje incident. diff --git a/i18n/sv/about/criteria.md b/i18n/sv/about/criteria.md index ec789f806..c0c833010 100644 --- a/i18n/sv/about/criteria.md +++ b/i18n/sv/about/criteria.md @@ -1,42 +1,40 @@ --- -title: General Criteria +title: Allmänna kriterier --- -!!! example "Work in Progress" +!!! exempel "Pågående arbete" - The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24) + Följande sida är ett pågående arbete och återspeglar för närvarande inte alla kriterier för våra rekommendationer. Tidigare diskussion om detta ämne: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24) -Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion. +Nedan följer några saker som måste gälla för alla inlagor till integritetsguider. Varje kategori kommer att ha ytterligare krav för inkludering. -## Financial Disclosure +## Finansiell information -We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors. +Vi tjänar inga pengar på att rekommendera vissa produkter, vi använder inga affiliate-länkar och vi ger inga särskilda överväganden till projektdonatorer. -## General Guidelines +## Allmänna riktlinjer -We apply these priorities when considering new recommendations: +Vi tillämpar dessa prioriteringar när vi överväger nya rekommendationer: -- **Secure**: Tools should follow security best-practices wherever applicable. -- **Source Availability**: Open source projects are generally preferred over equivalent proprietary alternatives. -- **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in. -- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases. -- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required. -- **Documented**: Tools should have clear and extensive documentation for use. +- **Säker**: Verktyg bör följa bästa säkerhetspraxis där det är tillämpligt. +- **Källa Tillgänglighet**: Projekt med öppen källkod föredras i allmänhet framför likvärdiga proprietära alternativ. +- **Plattformsoberoende**: Vi föredrar vanligtvis att rekommendationerna är plattformsoberoende för att undvika leverantörslåsning. +- **Aktiv utveckling**: De verktyg som vi rekommenderar bör vara aktivt utvecklade, ounderhållna projekt kommer i de flesta fall att tas bort. +- **Användbarhet**: Verktyg bör vara tillgängliga för de flesta datoranvändare, en alltför teknisk bakgrund bör inte krävas. +- **Dokumenterad**: Verktyg ska ha tydlig och omfattande dokumentation för användning. -## Developer Self-Submissions +## Utvecklarens självinlämningar -We have these requirements in regard to developers which wish to submit their project or software for consideration. +Vi har dessa krav på utvecklare som vill lämna in sitt projekt eller sin programvara för bedömning. -- Must disclose affiliation, i.e. your position within the project being submitted. +- Måste uppge tillhörighet, det vill säga din position inom projektet som lämnas in. -- Must have a security whitepaper if it is a project that involves handling of sensitive information like a messenger, password manager, encrypted cloud storage etc. - - Third party audit status. We want to know if you have one, or have one planned. If possible please mention who will be conducting the audit. +- Måste ha ett säkerhetsdokument om det är ett projekt som innebär hantering av känslig information som en budbärare, lösenordshanterare, krypterad molnlagring etc. + - Tredje parts revisionsstatus. Vi vill veta om du har en sådan, eller om du har en planerad sådan. Om möjligt, ange vem som kommer att genomföra revisionen. -- Must explain what the project brings to the table in regard to privacy. - - Does it solve any new problem? - - Why should anyone use it over the alternatives? +- Måste förklara vad projektet tillför när det gäller integritetsskydd. + - Löser det något nytt problem? + - Varför skulle någon använda det framför alternativen? -- Must state what the exact threat model is with their project. - - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.sv.txt" +- Måste ange vilken exakt hotmodell som gäller för deras projekt. + - Det bör vara tydligt för potentiella användare vad projektet kan erbjuda och vad det inte kan erbjuda. diff --git a/i18n/sv/about/donate.md b/i18n/sv/about/donate.md index 155097abc..8accd67a1 100644 --- a/i18n/sv/about/donate.md +++ b/i18n/sv/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/index.md b/i18n/sv/about/index.md index b91ba857f..f7bec6c2c 100644 --- a/i18n/sv/about/index.md +++ b/i18n/sv/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides är en socialt motiverad webbplats som ger information om hur du skyddar din datasäkerhet och integritet. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides-logotyp](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** är en socialt motiverad webbplats som tillhandahåller [information](/kb) för att skydda din datasäkerhet och integritet. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Vår webbplats är fri från reklam och är inte ansluten till någon av de listade leverantörerna. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Källkod" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +Syftet med Privacy Guides är att utbilda vårt samhälle om vikten av integritet på nätet och om regeringsprogram internationellt som är utformade för att övervaka alla dina aktiviteter på nätet. + +> För att hitta [integritetsfokuserade alternativ] appar, kolla in sajter som Goda Rapporter och **integritetsguider**, som lista sekretessfokuserade appar i en mängd olika kategorier, särskilt inklusive e-postleverantörer (vanligtvis på betalda planer) som inte drivs av de stora teknikföretag. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) [Översatt från engelska] + +> Om du letar efter en ny VPN kan du gå till rabattkoden för nästan alla poddar. Om du letar efter en **bra** VPN behöver du professionell hjälp. Samma sak gäller för e-postklienter, webbläsare, operativsystem och lösenordshanterare. Hur vet du vilket av dessa alternativ som är det bästa och mest integritetsvänliga? För det finns **Sekretessguider**, en plattform där ett antal volontärer söker dag i, dag ut för de bästa integritetsvänliga verktyg att använda på internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Översatt från nederländska] + +Finns även på: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], och [trådbunden](https://www.wired.com/story/firefox-mozilla-2022/). + +## Historik + +Privacy Guides lanserades i september 2021 som en fortsättning på [nedlagda](privacytools.md) "PrivacyTools" projekt med öppen källkod. Vi insåg vikten av oberoende, kriteriefokuserade produktrekommendationer och allmän kunskap inom integritetsområdet, och därför behövde vi bevara det arbete som skapats av så många bidragsgivare sedan 2015 och se till att informationen hade ett stabilt hem på webben på obestämd tid. + +År 2022, avslutade vi övergången av vår huvudsakliga webbplats ramverk från Jekyll till MkDocs, med `mkdocs-material` dokumentation programvara. Den här ändringen gjorde det betydligt enklare för utomstående att bidra med öppen källkod till vår webbplats, eftersom det nu är lika enkelt att bidra som att skriva ett standarddokument i Markdown som att kunna en komplicerad syntax för att skriva inlägg på ett effektivt sätt. + +Dessutom lanserade vi vårt nya diskussionsforum på [discuss.privacyguides.net](https://discuss.privacyguides.net/) som en gemenskapsplattform för att dela idéer och ställa frågor om vårt uppdrag. Detta förstärker vår befintliga gemenskap på Matrix, och ersatte vår tidigare GitHub diskussionsplattform, vilket minskar vårt beroende av egna diskussionsplattformar. + +Hittills i 2023 har vi lanserat internationella översättningar av vår webbplats i [Franska](/fr/), [Hebreiska](/he/), och [Holländska](/nl/), med fler språk på vägen, möjliggörs av vår utmärkta översättningsteam på [Crowdin](https://crowdin.com/project/privacyguides). Vi planerar att fortsätta vårt uppdrag att sprida och utbilda och hitta sätt att tydligare belysa farorna med bristande medvetenhet om integritet i den moderna digitala tidsåldern, samt förekomsten och skadorna av säkerhetsöverträdelser i hela teknikbranschen. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. Du kan också göra det, vi har öppen källkod på GitHub och tar emot översättningsförslag på [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donationer till Privacy Guides är i allmänhet avdragsgilla i USA. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/notices.md b/i18n/sv/about/notices.md index 035d43a11..bb32edd50 100644 --- a/i18n/sv/about/notices.md +++ b/i18n/sv/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/privacy-policy.md b/i18n/sv/about/privacy-policy.md index 629e87f65..26c668d1a 100644 --- a/i18n/sv/about/privacy-policy.md +++ b/i18n/sv/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/privacytools.md b/i18n/sv/about/privacytools.md index c308bf63c..35d4ce421 100644 --- a/i18n/sv/about/privacytools.md +++ b/i18n/sv/about/privacytools.md @@ -1,10 +1,10 @@ --- -title: "PrivacyTools FAQ" +title: "Vanliga frågor om PrivacyTools" --- -# Why we moved on from PrivacyTools +# Varför vi gick vidare från PrivacyTools -In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. +I september 2021 kom alla aktiva medarbetare enhälligt överens om att flytta från PrivacyTools till den här webbplatsen: Sekretessguider. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition. @@ -56,32 +56,32 @@ This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/r - Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). - Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site. -- Posting announcements to our subreddit and various other communities informing people of the official change. -- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible. +- Publicera meddelanden på vår subreddit och i andra forum för att informera om den officiella ändringen. +- Formellt stänga tjänsterna på privacytools.io, som Matrix och Mastodon, och uppmana befintliga användare att flytta över så snart som möjligt. -Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped. +Allt verkade gå smidigt och de flesta av våra aktiva medlemmar gick över till vårt nya projekt precis som vi hoppades. -## Following Events +## Följande händelser -Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project. +Ungefär en vecka efter övergången återkom BurungHantu online för första gången på nästan ett år, men ingen i vårt team var villig att återvända till PrivacyTools på grund av hans historiska opålitlighet. Istället för att be om ursäkt för sin långa frånvaro gick han omedelbart till offensiv och såg övergången till Privacy Guides som ett angrepp mot honom och hans projekt. Därefter raderade han [](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) många av dessa inlägg när gemenskapen påpekade att han hade varit frånvarande och övergivit projektet. -At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible). +BurungHantu hävdade att han ville fortsätta att arbeta med privacytools.io på egen hand och bad oss ta bort omdirigeringen från www.privacytools.io till [www.privacyguides.org](https://www.privacyguides.org). Vi gick med på det och bad honom att hålla subdomänerna för Matrix, Mastodon och PeerTube aktiva så att vi kan köra dem som en offentlig tjänst för vår gemenskap under åtminstone några månader, så att användare på dessa plattformar enkelt kan flytta över till andra konton. På grund av den federerade karaktären hos de tjänster vi tillhandahöll var de bundna till specifika domännamn, vilket gjorde det mycket svårt att migrera (och i vissa fall omöjligt). -Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services. +Eftersom BurungHantu inte fick tillbaka kontrollen över underreddit r/privacytoolsIO när han begärde det (mer information nedan), stängdes dessa underdomäner tyvärr av från [](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) i början av oktober, vilket innebar att alla användare som fortfarande använde dessa tjänster inte längre hade möjlighet att flytta. -Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so. +BurungHantu gjorde därefter falska anklagelser om att Jonah skulle ha stulit donationer från projektet. BurungHantu hade över ett år på nacken sedan den påstådda händelsen inträffade, men han informerade aldrig någon om den förrän efter att Privacy Guides migration hade genomförts. BurungHantu har upprepade gånger ombetts av teamet [och gemenskapen](https://twitter.com/TommyTran732/status/1526153536962281474)att lämna bevis och att kommentera orsaken till sin tystnad, men han har inte gjort det. -BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim. +BurungHantu gjorde också ett twitterinlägg på [](https://twitter.com/privacytoolsIO/status/1510560676967710728) där han påstod att en "advokat" hade kontaktat honom på Twitter och gav honom råd, i ett annat försök att tvinga oss att ge honom kontroll över vår subreddit, och som en del av hans smutskastningskampanj för att fördunkla vattnet kring lanseringen av Privacy Guides samtidigt som han låtsas vara ett offer. -## PrivacyTools.io Now +## PrivacyTools.io nu -As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs. +Sedan den 25 september 2022 ser vi hur BurungHantus övergripande planer förverkligas på privacytools.io, och det är just därför som vi beslutade att skapa den här förklarande sidan idag. Den webbplats som han driver verkar vara en starkt SEO-optimerad version av den webbplats som rekommenderar verktyg i utbyte mot ekonomisk ersättning. Nyligen togs IVPN och Mullvad, två VPN-leverantörer som nästan alla rekommenderar [](../vpn.md) av integritetsgruppen och som är kända för sin inställning till affiliateprogram, bort från PrivacyTools. I deras ställe? NordVPN, Surfshark, ExpressVPN och hide.me: Stora VPN-företag med opålitliga plattformar och affärsmetoder som är ökända för sin aggressiva marknadsföring och sina affiliateprogram. -==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder. +==**PrivacyTools har blivit exakt den typ av webbplats som vi [varnade för](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) på bloggen PrivacyTools 2019.**== Vi har försökt att hålla oss på avstånd från PrivacyTools sedan övergången, men deras fortsatta trakasserier mot vårt projekt och nu deras absurda missbruk av den trovärdighet som deras varumärke har fått under 6 år av bidrag till öppen källkod är extremt oroande för oss. De av oss som faktiskt kämpar för integritet kämpar inte mot varandra och får inte råd från den högstbjudande. -## r/privacytoolsIO Now +## privacyTools. io nu -After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021: +Efter lanseringen av [r/PrivacyGuides](https://www.reddit.com/r/privacyguides)blev det opraktiskt för u/trai_dep att fortsätta moderera båda underredaktionerna, och eftersom gemenskapen var med på övergången gjordes r/privacytoolsIO [till](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) en begränsad underredaktion i ett inlägg den 1 november 2021: > [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you. > @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/services.md b/i18n/sv/about/services.md index 373bdf6ab..71f2c95b7 100644 --- a/i18n/sv/about/services.md +++ b/i18n/sv/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/statistics.md b/i18n/sv/about/statistics.md index 6ec66006b..8f17240c3 100644 --- a/i18n/sv/about/statistics.md +++ b/i18n/sv/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/advanced/communication-network-types.md b/i18n/sv/advanced/communication-network-types.md index 5dbefe14b..1f07a2c4c 100644 --- a/i18n/sv/advanced/communication-network-types.md +++ b/i18n/sv/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/advanced/dns-overview.md b/i18n/sv/advanced/dns-overview.md index 5c63c5504..b47af2809 100644 --- a/i18n/sv/advanced/dns-overview.md +++ b/i18n/sv/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/advanced/payments.md b/i18n/sv/advanced/payments.md new file mode 100644 index 000000000..6758c2a2a --- /dev/null +++ b/i18n/sv/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! fara + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/sv/advanced/tor-overview.md b/i18n/sv/advanced/tor-overview.md index d28cfc70d..77f2ebfef 100644 --- a/i18n/sv/advanced/tor-overview.md +++ b/i18n/sv/advanced/tor-overview.md @@ -1,29 +1,30 @@ --- -title: "Tor Overview" +title: "Tor Översikt" icon: 'simple/torproject' +description: Tor är ett decentraliserat nätverk som är gratis att använda och som är utformat för att använda internet med så mycket integritet som möjligt. --- -Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. +Tor är ett decentraliserat nätverk som är gratis att använda och som är utformat för att använda internet med så mycket integritet som möjligt. Om nätverket används på rätt sätt möjliggör det privat och anonym surfning och kommunikation. -## Path Building +## Vägbyggnad -Tor works by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays). +Tor fungerar genom att din trafik dirigeras genom ett nätverk bestående av tusentals servrar som drivs av frivilliga och som kallas noder (eller reläer). -Every time you connect to Tor, it will choose three nodes to build a path to the internet—this path is called a "circuit." Each of these nodes has its own function: +Varje gång du ansluter till Tor kommer det att välja tre noder för att bygga en väg till internet - denna väg kallas en "krets" Var och en av dessa noder har sin egen funktion: -### The Entry Node +### Entrénod -The entry node, often called the guard node, is the first node to which your Tor client connects. The entry node is able to see your IP address, however it is unable to see what you are connecting to. +Ingångsnoden, ofta kallad guard-noden, är den första noden som din Tor-klient ansluter till. Ingångsnoden kan se din IP-adress, men den kan inte se vad du ansluter till. -Unlike the other nodes, the Tor client will randomly select an entry node and stick with it for two to three months to protect you from certain attacks.[^1] +Till skillnad från andra noder väljer Tor-klienten slumpmässigt en ingångsnod och håller sig till den i två till tre månader för att skydda dig mot vissa attacker.[^1] -### The Middle Node +### Den mellersta noden -The middle node is the second node to which your Tor client connects. It can see which node the traffic came from—the entry node—and to which node it goes to next. The middle node cannot, see your IP address or the domain you are connecting to. +Den mellersta noden är den andra noden som din Tor-klient ansluter till. Den kan se vilken nod trafiken kom från - ingångsnoden - och vilken nod den går vidare till härnäst. Mellannoden kan inte se din IP-adress eller den domän du ansluter till. -For each new circuit, the middle node is randomly selected out of all available Tor nodes. +För varje ny krets väljs mittnoden slumpmässigt ut av alla tillgängliga Tor-noder. -### The Exit Node +### Entrénod The exit node is the point in which your web traffic leaves the Tor network and is forwarded to your desired destination. The exit node is unable to see your IP address, but it does know what site it's connecting to. @@ -61,21 +62,19 @@ Tor allows us to connect to a server without any single party knowing the entire Though Tor does provide strong privacy guarantees, one must be aware that Tor is not perfect: -- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis. Nor does Tor protect you from exposing yourself by mistake, such as if you share too much information about your real identity. -- Tor exit nodes can also monitor traffic that passes through them. This means traffic which is not encrypted, such as plain HTTP traffic, can be recorded and monitored. If such traffic contains personally identifiable information, then it can deanonymize you to that exit node. Thus, we recommend using HTTPS over Tor where possible. +- Välfinansierade motståndare som har möjlighet att passivt övervaka den mesta nätverkstrafiken över hela världen har en chans att avanonymisera Tor-användare med hjälp av avancerad trafikanalys. Tor skyddar dig inte heller från att avslöja dig själv av misstag, till exempel om du delar för mycket information om din verkliga identitet. +- Tor-utgångsnoderna kan också övervaka trafiken som passerar genom dem. Detta innebär att trafik som inte är krypterad, såsom vanlig HTTP-trafik, kan registreras och övervakas. Om sådan trafik innehåller personligt identifierbar information kan den avanonymisera dig till den utgångsnoden. Därför rekommenderar vi att du använder https över Tor där det är möjligt. -If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting. +Om du vill använda Tor för att surfa på webben rekommenderar vi endast den officiella **** Tor Browser - den är utformad för att förhindra fingeravtryck. -- [Tor Browser :material-arrow-right-drop-circle:](../tor.md#tor-browser) +- [Läs mer :material-arrow-right-drop-circle:](../tor.md#tor-browser) -## Additional Resources +## Ytterligare resurser -- [Tor Browser User Manual](https://tb-manual.torproject.org) -- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) -- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) +- [Användarhandbok för Tor Browser](https://tb-manual.torproject.org) +- [Hur Tor fungerar - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) +- [Tor Lök Tjänster - Datorfil](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.sv.txt" +[^1]: Det första reläet i din krets kallas "entry guard" eller "guard". Det är ett snabbt och stabilt relä som förblir det första i din krets i 2-3 månader för att skydda mot en känd attack som bryter anonymiteten. Resten av din krets ändras med varje ny webbplats du besöker, och alla dessa reläer ger Tor: s fullständiga integritetsskydd. För mer information om hur skyddsreläer fungerar, se detta [blogginlägg](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) och [papper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) på ingångsvakter. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) -[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) - -[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) +[^2]: Reläflagga: en särskild (diskvalificering) av reläer för kretslägen (t.ex. "Guard", "Exit", "BadExit"), kretsegenskaper (t.ex. "Fast", "Stable") eller roller (t.ex. "Authority", "HSDir") som tilldelats av katalogmyndigheterna och som definieras ytterligare i specifikationen för katalogprotokollet. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/sv/android.md b/i18n/sv/android.md index 47be1987e..9e5e839cc 100644 --- a/i18n/sv/android.md +++ b/i18n/sv/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,14 +14,15 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. -!!! note +!!! anmärkning End-of-life devices (such as GrapheneOS or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software. @@ -67,7 +69,7 @@ DivestOS implements some system hardening patches originally developed for Graph DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. -!!! warning +!!! varning DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. @@ -136,7 +138,7 @@ We recommend a wide variety of Android apps throughout this site. The apps liste - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter) -!!! warning +!!! varning Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). @@ -201,7 +203,7 @@ Main privacy features include: - Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required - Microphone permission not required unless you want to record sound -!!! note +!!! anmärkning Metadata is not currently deleted from video files but that is planned. @@ -314,21 +316,21 @@ Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysof That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. -!!! note +!!! anmärkning In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Operating Systems +### Operativsystem -- Must be open-source software. +- Måste vara programvara med öppen källkod. - Must support bootloader locking with custom AVB key support. - Must receive major Android updates within 0-1 months of release. - Must receive Android feature updates (minor version) within 0-14 days of release. @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/assets/img/how-tor-works/tor-path-dark.svg b/i18n/sv/assets/img/how-tor-works/tor-path-dark.svg index 9002c9b16..7747be797 100644 --- a/i18n/sv/assets/img/how-tor-works/tor-path-dark.svg +++ b/i18n/sv/assets/img/how-tor-works/tor-path-dark.svg @@ -24,8 +24,8 @@ - Your - Device + Din + -enhet diff --git a/i18n/sv/assets/img/how-tor-works/tor-path.svg b/i18n/sv/assets/img/how-tor-works/tor-path.svg index cb53d8b13..c06121310 100644 --- a/i18n/sv/assets/img/how-tor-works/tor-path.svg +++ b/i18n/sv/assets/img/how-tor-works/tor-path.svg @@ -24,27 +24,27 @@ - Your - Device + Din + -enhet - Entry + Inträde - Middle + Inträde - Exit + Inträde - PrivacyGuides.org + Inträde diff --git a/i18n/sv/basics/account-creation.md b/i18n/sv/basics/account-creation.md index 903449813..522e43632 100644 --- a/i18n/sv/basics/account-creation.md +++ b/i18n/sv/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -27,7 +28,7 @@ There are usually multiple ways to sign up for an account, each with their own b The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords. -!!! tip +!!! tips You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key. @@ -45,7 +46,7 @@ Should a service get hacked, you might start receiving phishing or spam emails t ### Single sign-on -!!! note +!!! anmärkning We are discussing Single sign-on for personal use, not enterprise users. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/basics/account-deletion.md b/i18n/sv/basics/account-deletion.md index 04e64ab61..15faba7d7 100644 --- a/i18n/sv/basics/account-deletion.md +++ b/i18n/sv/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -24,7 +25,7 @@ Desktop platforms also often have a password manager which may help you recover - iOS [Passwords](https://support.apple.com/en-us/HT211146) - Linux, Gnome Keyring, which can be accessed through [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager) -### Email +### E-postadress If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts. @@ -38,26 +39,24 @@ When attempting to regain access, if the site returns an error message saying th ### GDPR (EEA residents only) -Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://www.gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation. +Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://www.gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. Om tjänsten inte respekterar din rätt till radering kan du kontakta din nationella dataskyddsmyndighet [](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) och du kan ha rätt till ekonomisk kompensation. -### Overwriting Account information +### Överskrivning av kontoinformation -In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information. +I vissa situationer där du planerar att överge ett konto kan det vara klokt att skriva över kontoinformationen med falska uppgifter. När du har sett till att du kan logga in kan du ändra all information i ditt konto till förfalskad information. Anledningen till detta är att många webbplatser kommer att behålla information som du tidigare hade även efter att kontot raderats. Förhoppningen är att de kommer att skriva över den tidigare informationen med de senaste uppgifterna du angav. Det finns dock ingen garanti för att det inte kommer att finnas säkerhetskopior med den tidigare informationen. -For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails. +För e-postkontot skapar du antingen ett nytt alternativt e-postkonto via din valfria leverantör eller skapar ett alias med hjälp av en e-postaliaseringstjänst på [](../email.md#email-aliasing-services). Du kan sedan ta bort din alternativa e-postadress när du är klar. Vi rekommenderar att du inte använder tillfälliga e-postleverantörer, eftersom det ofta är möjligt att återaktivera tillfälliga e-postmeddelanden. -### Delete +### Radera -You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some. +Du kan kontrollera [JustDeleteMe](https://justdeleteme.xyz) för instruktioner om hur du tar bort kontot för en specifik tjänst. Vissa webbplatser har ett alternativ för att ta bort kontot, medan andra går så långt som att tvinga dig att prata med en supportmedarbetare. Raderingen kan variera från webbplats till webbplats, och på vissa webbplatser är det omöjligt att radera konton. -For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../passwords.md) can be useful for this). +För tjänster som inte tillåter radering av konton är det bästa du kan göra att förfalska all din information som tidigare nämnts och stärka kontosäkerheten. För att göra det, aktivera [MFA](multi-factor-authentication.md) och eventuella extra säkerhetsfunktioner som erbjuds. Ändra också lösenordet till ett slumpmässigt genererat lösenord som har den högsta tillåtna storleken (en lösenordshanterare [](../passwords.md) kan vara användbar för detta). -If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password. +Om du är nöjd med att all information du bryr dig om tas bort kan du säkert glömma det här kontot. Om inte kan det vara en bra idé att spara uppgifterna tillsammans med dina andra lösenord och ibland logga in igen för att återställa lösenordet. -Even when you are able to delete an account, there is no guarantee that all your information will be removed. In fact, some companies are required by law to keep certain information, particularly when related to financial transactions. It's mostly out of your control what happens to your data when it comes to websites and cloud services. +Även om du kan radera ett konto finns det ingen garanti för att all din information tas bort. Vissa företag är faktiskt skyldiga enligt lag att spara viss information, särskilt när det gäller finansiella transaktioner. Det är mestadels utom din kontroll vad som händer med dina data när det gäller webbplatser och molntjänster. -## Avoid New Accounts +## Undvik nya konton -As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.sv.txt" +Som det gamla talesättet säger: "Ett uns av förebyggande åtgärder är värt ett pund av botemedel" När du känner dig frestad att registrera dig för ett nytt konto, fråga dig själv, "Behöver jag verkligen det här? Kan jag uppnå det jag behöver utan ett konto?" Det kan ofta vara mycket svårare att radera ett konto än att skapa ett. Och även efter att du har raderat eller ändrat informationen på ditt konto kan det finnas en cachad version från en tredje part, till exempel [Internet Archive](https://archive.org/). Undvik frestelsen när du kan - ditt framtida jag kommer att tacka dig! diff --git a/i18n/sv/basics/common-misconceptions.md b/i18n/sv/basics/common-misconceptions.md index d9e4bd157..87fce017f 100644 --- a/i18n/sv/basics/common-misconceptions.md +++ b/i18n/sv/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -44,7 +45,7 @@ One of the clearest threat models is one where people *know who you are* and one We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means. - !!! tip + !!! tips When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private. @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.sv.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/sv/basics/common-threats.md b/i18n/sv/basics/common-threats.md index 0e6a456b3..d01dc0004 100644 --- a/i18n/sv/basics/common-threats.md +++ b/i18n/sv/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -22,128 +23,126 @@ Some of these threats may be more important to you than others, depending on you Anonymity is often confused with privacy, but they're distinct concepts. While privacy is a set of choices you make about how your data is used and shared, anonymity is the complete disassociation of your online activities from your real identity. -Whistleblowers and journalists, for example, can have a much more extreme threat model which requires total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by malicious actors or governments, but also hiding who they are entirely. They will often sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, because their lives could depend on it. Most people don't need to go so far. +Whistleblowers and journalists, for example, can have a much more extreme threat model which requires total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by malicious actors or governments, but also hiding who they are entirely. They will often sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, because their lives could depend on it. De flesta behöver inte gå så långt. -## Security and Privacy +## Säkerhet och sekretess -:material-bug-outline: Passive Attacks +:material-bug-outline: Passiva attacker -Security and privacy are also often confused, because you need security to obtain any semblance of privacy: Using tools—even if they're private by design—is futile if they could be easily exploited by attackers who later release your data. However, the inverse isn't necessarily true: The most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google who, given their scale, have had few security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides very secure services, very few people would consider their data private in Google's free consumer products (Gmail, YouTube, etc.) +Säkerhet och integritet förväxlas också ofta, eftersom man behöver säkerhet för att få ett sken av integritet: Det är meningslöst att använda verktyg - även om de är privata till sin utformning - om de lätt kan utnyttjas av angripare som senare släpper ut dina uppgifter. Men det omvända är inte nödvändigtvis sant: Den säkraste tjänsten i världen *är inte nödvändigtvis* privat. Det bästa exemplet på detta är att lita på data till Google som, med tanke på deras skala, har haft få säkerhetsincidenter genom att anställa branschledande säkerhetsexperter för att säkra sin infrastruktur. Även om Google tillhandahåller mycket säkra tjänster, skulle mycket få människor betrakta sina data privat i Googles gratis konsumentprodukter (Gmail, YouTube, etc.) -When it comes to application security, we generally don't (and sometimes can't) know if the software we use is malicious, or might one day become malicious. Even with the most trustworthy developers, there's generally no guarantee that their software doesn't have a serious vulnerability that could later be exploited. +När det gäller applikationssäkerhet vet vi i allmänhet inte (och kan ibland inte) om programvaran vi använder är skadlig, eller kanske en dag blir skadlig. Även med de mest pålitliga utvecklarna finns det i allmänhet ingen garanti för att deras programvara inte har en allvarlig sårbarhet som senare kan utnyttjas. -To minimize the damage that a malicious piece of software *could* do, you should employ security by compartmentalization. For example, this could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control. +För att minimera den skada som en skadlig programvara ** kan orsaka bör du använda säkerhet genom uppdelning. Det kan till exempel handla om att använda olika datorer för olika jobb, att använda virtuella maskiner för att separera olika grupper av relaterade program eller att använda ett säkert operativsystem med starkt fokus på sandlåda för program och obligatorisk åtkomstkontroll. -!!! tip +!!! tips - Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources. + Mobila operativsystem har i allmänhet bättre applikationssandlåda än stationära operativsystem: Appar kan inte få root-åtkomst och kräver tillstånd för åtkomst till systemresurser. - Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../desktop/#qubes-os). + Skrivbordsoperativsystem släpar i allmänhet efter vid korrekt sandlåda. ChromeOS har liknande sandlådor som Android och macOS har fullständig kontroll över systembehörigheter (och utvecklare kan välja att sandlådor ska användas för program). Dessa operativsystem överför dock identifieringsinformation till sina respektive OEM-tillverkare. Linux tenderar att inte lämna information till systemleverantörer, men har dåligt skydd mot exploateringar och skadliga program. Detta kan mildras något med specialiserade distributioner som i stor utsträckning använder sig av virtuella maskiner eller behållare, såsom [Qubes OS](../../desktop/#qubes-os). -:material-target-account: Targeted Attacks +:material-target-account: Riktade attacker -Targeted attacks against a specific person are more problematic to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If this is a concern for you, you should employ more advanced threat mitigation strategies. +Riktade attacker mot en specifik person är mer problematiska att hantera. Vanliga attacker är att skicka skadliga dokument via e-post, utnyttja sårbarheter (t.ex. i webbläsare och operativsystem) och fysiska attacker. Om detta är ett problem för dig bör du använda mer avancerade strategier för att minska hoten. -!!! tip +!!! tips - By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this. + I **webbläsare**, **emailklienter** och **kontorsprogram** körs vanligtvis kod som inte är tillförlitlig och som skickas till dig från tredje part. Att köra flera virtuella maskiner för att separera sådana här program från värdsystemet och från varandra är en teknik som du kan använda för att minska risken för att en exploatering i dessa program ska kunna äventyra resten av systemet. Tekniker som Qubes OS eller Microsoft Defender Application Guard på Windows ger till exempel praktiska metoder för att göra detta. -If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user. +Om du är orolig för **fysiska attacker** bör du använda ett operativsystem med en säker verifierad uppstart, t.ex. Android, iOS, macOS eller [Windows (med TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). Du bör också se till att enheten är krypterad och att operativsystemet använder en TPM eller Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) eller [Element](https://developers.google.com/android/security/android-ready-se) för att begränsa försöken att ange krypteringsfrasen. Du bör undvika att dela din dator med personer du inte litar på, eftersom de flesta stationära operativsystem inte krypterar data separat per användare. -## Privacy From Service Providers +## Sekretess från tjänsteleverantörer -:material-server-network: Service Providers +:material-server-network: Tjänsteleverantörer -We live in a world where almost everything is connected to the internet. Our "private" messages, emails, and social interactions are typically stored on a server, somewhere. Generally, when you send someone a message it's stored on a server, and when your friend wants to read the message the server will show it to them. +Vi lever i en värld där nästan allt är anslutet till internet. Våra "privata" meddelanden, e-postmeddelanden och sociala interaktioner lagras vanligtvis på en server, någonstans. I allmänhet, när du skickar ett meddelande till någon lagras det på en server, och när din vän vill läsa meddelandet kommer servern att visa det för dem. -The obvious problem with this is that the service provider (or a hacker who has compromised the server) can access your conversations whenever and however they want, without you ever knowing. This applies to many common services, like SMS messaging, Telegram, and Discord. +Det uppenbara problemet med detta är att tjänsteleverantören (eller en hackare som har äventyrat servern) kan komma åt dina konversationer när och hur de vill, utan att du någonsin vet. Detta gäller många vanliga tjänster, som SMS-meddelanden, Telegram och Discord. -Thankfully, E2EE can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, assuming the service provider doesn't have access to the private keys of either party. +Tack och lov kan E2EE lindra detta problem genom att kryptera kommunikationen mellan dig och dina önskade mottagare innan den ens skickas till servern. Sekretessen för dina meddelanden garanteras, förutsatt att tjänsteleverantören inte har tillgång till någon av parternas privata nycklar. -!!! note "Note on Web-based Encryption" +!!! anmärkning "Anmärkning om webbaserad kryptering" - In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). + I praktiken varierar effektiviteten i olika E2EE-genomföranden. Applikationer, till exempel [Signal](../real-time-communication.md#signal), körs naturligt på din enhet, och varje kopia av applikationen är densamma över olika installationer. Om tjänsteleverantören skulle införa en [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) i sitt program - i ett försök att stjäla dina privata nycklar - skulle det senare kunna upptäckas med [reverse engineering] (https://en.wikipedia.org/wiki/Reverse_engineering). - On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt. + Å andra sidan är webbaserade E2EE-implementationer, som Proton Mail-webmail eller Bitwardens *Web Vault*, beroende av att servern dynamiskt serverar JavaScript-kod till webbläsaren för att hantera kryptografi. En skadlig server kan rikta dig och skicka skadlig JavaScript-kod för att stjäla din krypteringsnyckel (och det skulle vara extremt svårt att märka). Eftersom servern kan välja att betjäna olika webbklienter till olika människor - även om du märkte attacken - skulle det vara otroligt svårt att bevisa leverantörens skuld. - Therefore, you should use native applications over web clients whenever possible. + Därför bör du använda inbyggda applikationer över webbklienter när det är möjligt. -Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all. +Även med E2EE kan tjänsteleverantörer fortfarande profilera dig utifrån **metadata**, som vanligtvis inte är skyddade. Medan tjänsteleverantören inte kan läsa dina meddelanden kan de fortfarande observera viktiga saker, till exempel vem du pratar med, hur ofta du skickar meddelanden till dem och när du vanligtvis är aktiv. Skydd av metadata är ganska ovanligt, och om det ingår i din hotmodell [](threat-modeling.md)- bör du vara uppmärksam på den tekniska dokumentationen för den programvara du använder för att se om det finns någon minimering eller något skydd av metadata överhuvudtaget. -## Mass Surveillance Programs +## Massövervakningsprogram -:material-eye-outline: Mass Surveillance +:material-eye-outline: Massövervakning -Mass surveillance is the intricate effort to monitor the "behavior, many activities, or information" of an entire (or substantial fraction of a) population.[^1] It often refers to government programs, such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative. +Massövervakning är ett komplicerat försök att övervaka "beteende, många aktiviteter eller information" hos en hel (eller en stor del av en) befolkning.[^1] Det hänvisar ofta till statliga program, t.ex. de [som Edward Snowden avslöjade 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). Det kan dock också utföras av företag, antingen på uppdrag av myndigheter eller på eget initiativ. -!!! abstract "Atlas of Surveillance" +!!! sammanfattning av "Atlas of Surveillance" - If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/). + Om du vill veta mer om övervakningsmetoder och hur de tillämpas i din stad kan du också ta en titt på [Atlas of Surveillance] (https://atlasofsurveillance.org/) från [Electronic Frontier Foundation] (https://www.eff.org/). - In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net. + I Frankrike kan du ta en titt på [Technolopolices webbplats](https://technopolice.fr/villes/) som upprätthålls av den ideella föreningen La Quadrature du Net. -Governments often justify mass surveillance programs as necessary means to combat terrorism and prevent crime. However, breaching human rights, it's most often used to disproportionately target minority groups and political dissidents, among others. +Regeringar rättfärdigar ofta massövervakningsprogram som nödvändiga medel för att bekämpa terrorism och förebygga brottslighet. Men kränker de mänskliga rättigheterna, är det oftast används för att oproportionerligt rikta minoritetsgrupper och politiska dissidenter, bland annat. -!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" +!!! citat "ACLU: [*Det är en viktig fråga för den personliga integriteten: Massövervakning är inte vägen framåt*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" - In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline. + Med anledning av [Edward Snowdens avslöjanden om regeringsprogram som [PRISM](https://en.wikipedia.org/wiki/PRISM) och [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)] erkände underrättelsetjänstemännen också att NSA i åratal i hemlighet hade samlat in uppgifter om praktiskt taget alla amerikaners telefonsamtal - vem som ringer till vem, när samtalen görs och hur länge de varar. Den här typen av information kan, när den samlas in av NSA dag efter dag, avslöja otroligt känsliga detaljer om människors liv och umgänge, t. ex. om de har ringt till en pastor, en abortvårdare, en missbruksrådgivare eller en självmordshotline. -Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] +Trots den ökande massövervakningen i USA har regeringen konstaterat att massövervakningsprogram som avsnitt 215 har haft "litet unikt värde" när det gäller att stoppa faktiska brott eller terroristplaner, och att insatserna i stort sett har varit en kopia av FBI:s egna riktade övervakningsprogram.[^2] -Online, you can be tracked via a variety of methods: +På nätet kan du spåras på olika sätt: -- Your IP address -- Browser cookies -- The data you submit to websites -- Your browser or device fingerprint -- Payment method correlation +- Din IP adress +- Webbläsarcookies +- Uppgifter som du skickar till webbplatser +- Fingeravtryck från din webbläsare eller enhet +- Betalningsmetod korrelation -\[This list isn't exhaustive]. +\[Denna lista är inte uttömmande]. -If you're concerned about mass surveillance programs, you can use strategues like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +Om du är orolig för massövervakningsprogram kan du använda strategier som att dela upp din identitet på nätet, smälta in bland andra användare eller, när det är möjligt, helt enkelt undvika att lämna ut identifieringsuppgifter. -:material-account-cash: Surveillance Capitalism +:material-account-cash: Övervakningskapitalism -> Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] +> Övervakningskapitalism är ett ekonomiskt system som är centrerat kring insamling och kommersialisering av personuppgifter i syfte att skapa vinst.[^3] -For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4] +För många människor är spårning och övervakning av privata företag ett växande problem. Genomgripande annonsnätverk, som de som drivs av Google och Facebook, spänner över internet långt bortom bara de webbplatser de kontrollerar och spårar dina handlingar längs vägen. Genom att använda verktyg som innehållsblockerare för att begränsa nätverksförfrågningar till deras servrar och läsa sekretesspolicyn för de tjänster du använder kan du undvika många grundläggande motståndare (även om det inte helt kan förhindra spårning).[^4] -Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you. +Dessutom kan även företag utanför *AdTech* eller spårningsbranschen dela din information med [datamäklare](https://en.wikipedia.org/wiki/Information_broker) (t.ex. Cambridge Analytica, Experian eller Datalogix) eller andra parter. Du kan inte automatiskt anta att dina data är säkra bara för att den tjänst du använder inte faller inom den typiska AdTech- eller spårningsaffärsmodellen. Det starkaste skyddet mot företags datainsamling är att kryptera eller dölja dina data när det är möjligt, vilket gör det svårt för olika leverantörer att korrelera data med varandra och bygga en profil på dig. -## Limiting Public Information +## Begränsning av offentlig information -:material-account-search: Public Exposure +:material-account-search: Offentlig exponering -The best way to keep your data private is simply not making it public in the first place. Deleting unwanted information you find about yourself online is one of the best first steps you can take to regain your privacy. +Det bästa sättet att hålla dina uppgifter hemliga är att helt enkelt inte offentliggöra dem från början. Att ta bort oönskad information du hittar om dig själv online är ett av de bästa första stegen du kan ta för att återfå din integritet. -- [View our guide on account deletion :material-arrow-right-drop-circle:](account-deletion.md) +- [Se vår guide om radering av konto :material-arrow-right-drop-circle:](account-deletion.md) -On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, enable "private mode" on your accounts if given the option: This ensures that your account isn't being indexed by search engines, and that it can't be viewed without your permission. +På webbplatser där du delar med dig av information är det mycket viktigt att du kontrollerar sekretessinställningarna för ditt konto för att begränsa hur mycket informationen sprids. Aktivera till exempel "privat läge" på dina konton om du får alternativet: Detta säkerställer att ditt konto inte indexeras av sökmotorer och att det inte kan visas utan ditt tillstånd. -If you've already submitted your real information to sites which shouldn't have it, consider using disinformation tactics, like submitting fictitious information related to that online identity. This makes your real information indistinguishable from the false information. +Om du redan har skickat in din riktiga information till webbplatser som inte borde ha den, kan du överväga att använda en taktik för desinformation, som att skicka in fiktiv information om din identitet på nätet. Detta gör att din riktiga information inte kan särskiljas från den falska informationen. -## Avoiding Censorship +## Undvik censur -:material-close-outline: Censorship +:material-close-outline: Censur -Censorship online can be carried out (to varying degrees) by actors including totalitarian governments, network administrators, and service providers. These efforts to control communication and restrict access to information will always be incompatible with the human right to Freedom of Expression.[^5] +Censur på nätet kan utföras (i varierande grad) av aktörer som totalitära regeringar, nätverksadministratörer och tjänsteleverantörer. Dessa försök att kontrollera kommunikation och begränsa tillgången till information kommer alltid att vara oförenliga med den mänskliga rätten till yttrandefrihet.[^5] -Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. +Censur på företagsplattformar blir allt vanligare, eftersom plattformar som Twitter och Facebook ger efter för allmänhetens efterfrågan, marknadstryck och påtryckningar från myndigheter. Statliga påtryckningar kan vara dolda förfrågningar till företag, till exempel när Vita huset [begär att en provocerande YouTube-video ska tas bort](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html), eller öppna förfrågningar, till exempel när den kinesiska regeringen kräver att företag ska följa en strikt censurregim. -People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. +Människor som oroar sig för hotet om censur kan använda teknik som [Tor](../advanced/tor-overview.md) för att kringgå den och stödja censurresistenta kommunikationsplattformar som [Matrix](../real-time-communication.md#element), som inte har någon centraliserad kontoinspektion som kan stänga konton godtyckligt. -!!! tip +!!! tips - While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. + Även om det kan vara lätt att undvika censur, kan det vara mycket problematiskt att dölja det faktum att du gör det. - You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection). + Du bör överväga vilka aspekter av nätverket din motståndare kan observera, och om du har trovärdigt förnekande för dina handlingar. Om du till exempel använder [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) kan det hjälpa dig att kringgå rudimentära DNS-baserade censursystem, men det kan inte dölja vad du besöker för din internetleverantör. En VPN eller Tor kan hjälpa till att dölja vad du besöker för nätverksadministratörer, men kan inte dölja att du använder nätverken överhuvudtaget. Pluggable transports (t.ex. Obfs4proxy, Meek eller Shadowsocks) kan hjälpa dig att undvika brandväggar som blockerar vanliga VPN-protokoll eller Tor, men dina försök att kringgå dem kan fortfarande upptäckas med metoder som probing eller [deep packet inspection] (https://en.wikipedia.org/wiki/Deep_packet_inspection). -You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. +Du måste alltid överväga riskerna med att försöka kringgå censur, de potentiella konsekvenserna och hur sofistikerad din motståndare kan vara. Du bör vara försiktig när du väljer programvara och ha en backup-plan om du skulle bli upptäckt. ---8<-- "includes/abbreviations.sv.txt" - -[^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). -[^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) -[^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) -[^4]: "[Enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (or, "listing all the bad things that we know about"), as many adblockers and antivirus programs do, fails to adequately protect you from new and unknown threats because they have not yet been added to the filter list. You should also employ other mitigation techniques. -[^5]: United Nations: [*Universal Declaration of Human Rights*](https://www.un.org/en/about-us/universal-declaration-of-human-rights). +[^1]: Wikipedia: [*Massövervakning*](https://en.wikipedia.org/wiki/Mass_surveillance) och [*Övervakning*](https://en.wikipedia.org/wiki/Surveillance). +[^2]: Usa: s tillsynsnämnd för integritet och medborgerliga fri- och rättigheter: [*Rapport om telefonregistreringsprogrammet som genomförts enligt avsnitt 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) +[^3]: Wikipedia: [*Övervakningskapitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) +[^4]: "[Räkna badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (eller "lista alla de dåliga saker som vi vet om"), som många adblockers och antivirusprogram gör, misslyckas med att tillräckligt skydda dig från nya och okända hot eftersom de ännu inte har lagts till i filterlistan. Du bör också använda andra metoder för att minska risken. +[^5]: Förenta nationerna: [*Universella förklaringen om de mänskliga rättigheterna*](https://www.un.org/en/about-us/universal-declaration-of-human-rights). diff --git a/i18n/sv/basics/email-security.md b/i18n/sv/basics/email-security.md index 747078429..59f59b3d5 100644 --- a/i18n/sv/basics/email-security.md +++ b/i18n/sv/basics/email-security.md @@ -1,42 +1,41 @@ --- -title: Email Security +title: E-postsäkerhet icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- -Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. +E-post är som standard en osäker kommunikationsform. Du kan förbättra din e-postsäkerhet med verktyg som OpenPGP, som lägger till End-to-End-kryptering till dina meddelanden, men OpenPGP har fortfarande ett antal nackdelar jämfört med kryptering i andra meddelandeprogram, och vissa e-postdata kan aldrig krypteras av naturliga skäl på grund av hur e-post är utformad. -As a result, email is best used for receiving transactional emails (like notifications, verification emails, password resets, etc.) from the services you sign up for online, not for communicating with others. +E-post används därför bäst för att ta emot transaktionsmeddelanden (t. ex. meddelanden, verifieringsmeddelanden, lösenordsåterställning osv.) från de tjänster du registrerar dig för online, inte för att kommunicera med andra. -## Email Encryption Overview +## E-post-krypteringsnycklar -The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org). +Standardmetoden för att lägga till E2EE i e-postmeddelanden mellan olika e-postleverantörer är att använda OpenPGP. Det finns olika implementeringar av OpenPGP-standarden, de vanligaste är [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) och [OpenPGP.js](https://openpgpjs.org). -There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however, it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). +Det finns en annan standard som är populär bland företag och som heter [S/MIME](https://en.wikipedia.org/wiki/S/MIME), men den kräver ett certifikat som utfärdats av en [Certifikatmyndighet](https://en.wikipedia.org/wiki/Certificate_authority) (alla utfärdar inte S/MIME-certifikat). Den har stöd för [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) och [Outlook for Web eller Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). -Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible. +Även om du använder OpenPGP har det inte stöd för [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), vilket innebär att om antingen din eller mottagarens privata nyckel någonsin stjäls kommer alla tidigare meddelanden som krypterats med den att avslöjas. Det är därför vi rekommenderar [snabbmeddelanden](../real-time-communication.md) som implementerar vidarebefordran av sekretess via e-post för person-till-person-kommunikation när det är möjligt. -### What Email Clients Support E2EE? +### Vilka e-postklienter stöder E2EE? -Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication. +E-postleverantörer som tillåter dig att använda standardprotokoll som IMAP och SMTP kan användas med någon av de e-postklienter på [som vi rekommenderar](../email-clients.md). Beroende på autentiseringsmetoden kan detta leda till sämre säkerhet om leverantören eller e-postklienten inte stöder OATH eller en bryggapplikation, eftersom [multi-faktorautentisering](multi-factor-authentication.md) inte är möjlig med vanlig lösenordsautentisering. -### How Do I Protect My Private Keys? +### Hur skyddar jag mina privata nycklar? -A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device. +Ett smartkort (t.ex. [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) eller [Nitrokey](https://www.nitrokey.com)) fungerar genom att ta emot ett krypterat e-postmeddelande från en enhet (telefon, surfplatta, dator osv.) som kör en e-post-/webbmail-klient. Meddelandet dekrypteras sedan av smartkortet och det dekrypterade innehållet skickas tillbaka till enheten. -It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device. +Det är fördelaktigt att dekrypteringen sker på smartkortet för att undvika att den privata nyckeln exponeras för en komprometterad enhet. -## Email Metadata Overview +## Översikt över metadata för e-post -Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message and includes some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account. +E-postmetadata lagras i e-postmeddelandets [meddelandehuvud](https://en.wikipedia.org/wiki/Email#Message_header) och innehåller några synliga rubriker som du kanske har sett, t.ex: `To`, `From`, `Cc`, `Date`, `Subject`. Det finns också ett antal dolda rubriker som ingår i många e-postklienter och e-postleverantörer och som kan avslöja information om ditt konto. -Client software may use email metadata to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent. +Klientprogram kan använda metadata för e-post för att visa vem ett meddelande är från och när det togs emot. Servrar kan använda den för att avgöra var ett e-postmeddelande måste skickas, bland [andra ändamål](https://en.wikipedia.org/wiki/Email#Message_header) som inte alltid är transparenta. -### Who Can View Email Metadata? +### Vem kan se metadata för e-post? -Email metadata is protected from outside observers with [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) protecting it from outside observers, but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages. +E-postmetadata skyddas från utomstående observatörer med [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) som skyddar dem från utomstående observatörer, men de kan fortfarande ses av din e-postklientprogramvara (eller webbmail) och alla servrar som vidarebefordrar meddelandet från dig till mottagare, inklusive din e-postleverantör. Ibland använder e-postservrar också tjänster från tredje part för att skydda sig mot skräppost, som i allmänhet också har tillgång till dina meddelanden. -### Why Can't Metadata be E2EE? +### Varför kan metadata inte vara E2EE? -Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.sv.txt" +Metadata för e-post är avgörande för e-postens mest grundläggande funktionalitet (varifrån den kom och vart den ska ta vägen). E2EE var ursprungligen inte inbyggt i e-postprotokollen, utan krävde istället tilläggsprogram som OpenPGP. Eftersom OpenPGP-meddelanden fortfarande måste fungera med traditionella e-postleverantörer kan de inte kryptera metadata, utan endast själva meddelandet. Det innebär att även om du använder OpenPGP kan utomstående observatörer se mycket information om dina meddelanden, t. ex. vem du skickar e-post till, ämnesraden, när du skickar e-post osv. diff --git a/i18n/sv/basics/multi-factor-authentication.md b/i18n/sv/basics/multi-factor-authentication.md index ac6602c28..ac27dacff 100644 --- a/i18n/sv/basics/multi-factor-authentication.md +++ b/i18n/sv/basics/multi-factor-authentication.md @@ -1,25 +1,26 @@ --- -title: "Multi-Factor Authentication" +title: "Multi-Faktor Autentisering" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- -**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. +**Flerfaktorsautentisering** (**MFA**) är en säkerhetsmekanism som kräver ytterligare steg utöver att ange användarnamn (eller e-post) och lösenord. Den vanligaste metoden är tidsbegränsade koder som du kan få från SMS eller en app. -Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone. +Om en hackare (eller motståndare) kan ta reda på ditt lösenord får han eller hon normalt sett tillgång till det konto som lösenordet tillhör. Ett konto med MFA tvingar hackaren att ha både lösenordet (något som du *känner till*) och en enhet som du äger (något som du *har*), t. ex. din telefon. -MFA methods vary in security, but are based on the premise that the more difficult it is for an attacker to gain access to your MFA method, the better. Examples of MFA methods (from weakest to strongest) include SMS, Email codes, app push notifications, TOTP, Yubico OTP and FIDO. +MFA-metoder varierar i säkerhet, men bygger på förutsättningen att ju svårare det är för en angripare att få tillgång till din MFA-metod, desto bättre. Exempel på MFA-metoder (från svagaste till starkaste) inkluderar SMS, e-postkoder, app push-meddelanden, TOTP, Yubico OTP och FIDO. -## MFA Method Comparison +## Jämförelse av MFA-metod -### SMS or Email MFA +### SMS eller e-post MFA -Receiving OTP codes via SMS or email are one of the weaker ways to secure your accounts with MFA. Obtaining a code by email or SMS takes away from the "something you *have*" idea, because there are a variety of ways a hacker could [take over your phone number](https://en.wikipedia.org/wiki/SIM_swap_scam) or gain access to your email without having physical access to any of your devices at all. If an unauthorized person gained access to your email, they would be able to use that access to both reset your password and receive the authentication code, giving them full access to your account. +Att ta emot OTP-koder via SMS eller e-post är ett av de svagare sätten att säkra dina konton med MFA. Att få en kod via e-post eller sms är inte längre något som du *har*", eftersom det finns många olika sätt för en hackare att [ta över ditt telefonnummer](https://en.wikipedia.org/wiki/SIM_swap_scam) eller få tillgång till din e-post utan att ha fysisk tillgång till någon av dina enheter överhuvudtaget. Om en obehörig person får tillgång till din e-post kan han eller hon använda den för att både återställa ditt lösenord och få autentiseringskoden, vilket ger honom eller henne full tillgång till ditt konto. -### Push Notifications +### Pushnotiser -Push notification MFA takes the form of a message being sent to an app on your phone asking you to confirm new account logins. This method is a lot better than SMS or email, since an attacker typically wouldn't be able to get these push notifications without having an already logged-in device, which means they would need to compromise one of your other devices first. +MFA med push-notiser är ett meddelande som skickas till en app på din telefon där du uppmanas att bekräfta nya kontoinloggningar. Den här metoden är mycket bättre än SMS eller e-post, eftersom en angripare vanligtvis inte kan få dessa push-notiser utan att ha en redan inloggad enhet, vilket innebär att de måste äventyra en av dina andra enheter först. -We all make mistakes, and there is the risk that you might accept the login attempt by accident. Push notification login authorizations are typically sent to *all* your devices at once, widening the availability of the MFA code if you have many devices. +Vi gör alla misstag, och det finns risk för att du kan acceptera inloggningsförsöket av misstag. Push notification login authorizations are typically sent to *all* your devices at once, widening the availability of the MFA code if you have many devices. The security of push notification MFA is dependent on both the quality of the app, the server component and the trust of the developer who produces it. Installing an app may also require you to accept invasive privileges that grant access to other data on your device. An individual app also requires that you have a specific app for each service which may not require a password to open, unlike a good TOTP generator app. @@ -83,84 +84,82 @@ This presentation discusses the history of password authentication, the pitfalls FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods. -Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy. +För webbtjänster används det vanligtvis tillsammans med WebAuthn som är en del av [W3C:s rekommendationer](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Det använder autentisering med offentliga nycklar och är säkrare än delade hemligheter som används i Yubico OTP- och TOTP-metoder, eftersom det innehåller ursprungsnamnet (vanligtvis domännamnet) under autentisering. Intyg tillhandahålls för att skydda dig från nätfiskeattacker, eftersom det hjälper dig att avgöra att du använder den autentiska tjänsten och inte en falsk kopia. -Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys. +Till skillnad från Yubico OTP använder WebAuthn inget offentligt ID, så nyckeln är **inte** identifierbar på olika webbplatser. Det använder inte heller någon tredje parts molnserver för autentisering. All kommunikation sker mellan nyckeln och den webbplats du loggar in på. FIDO använder också en räknare som ökas vid användning för att förhindra återanvändning av sessioner och klonade tangenter. -If a website or service supports WebAuthn for the authentication, it is highly recommended that you use it over any other form of MFA. +Om en webbplats eller tjänst stöder WebAuthn för autentisering rekommenderas det starkt att du använder den över alla andra former av MFA. -## General Recommendations +## Allmänna rekommendationer -We have these general recommendations: +Vi har dessa allmänna rekommendationer: -### Which Method Should I Use? +### Vilken metod ska jag använda? -When configuring your MFA method, keep in mind that it is only as secure as your weakest authentication method you use. This means it is important that you only use the best MFA method available. For instance, if you are already using TOTP, you should disable email and SMS MFA. If you are already using FIDO2/WebAuthn, you should not be using Yubico OTP or TOTP on your account. +När du konfigurerar din MFA-metod, kom ihåg att den bara är lika säker som den svagaste autentiseringsmetoden du använder. Det är därför viktigt att du endast använder den bästa MFA-metoden som finns tillgänglig. Om du till exempel redan använder TOTP bör du inaktivera MFA för e-post och SMS. Om du redan använder FIDO2/WebAuthn bör du inte använda Yubico OTP eller TOTP på ditt konto. -### Backups +### Säkerhetskopior -You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one. +Du bör alltid ha säkerhetskopior av din MFA-metod. Säkerhetsnycklar för maskinvara kan förloras, stjälas eller helt enkelt sluta fungera med tiden. Det rekommenderas att du har ett par hårdvarusäkerhetsnycklar med samma åtkomst till dina konton istället för bara en. -When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt)). +När du använder TOTP med en autentiseringsapp ska du se till att säkerhetskopiera dina återställningsnycklar eller själva appen, eller kopiera de "delade hemligheterna" till en annan instans av appen på en annan telefon eller till en krypterad behållare (t.ex. [VeraCrypt](../encryption.md#veracrypt)). -### Initial Set Up +### Inledande inställning -When buying a security key, it is important that you change the default credentials, set up password protection for the key, and enable touch confirmation if your key supports it. Products such as the YubiKey have multiple interfaces with separate credentials for each one of them, so you should go over each interface and set up protection as well. +När du köper en säkerhetsnyckel är det viktigt att du ändrar standardinloggningsuppgifterna, ställer in lösenordsskydd för nyckeln och aktiverar touchbekräftelse om nyckeln stöder det. Produkter som YubiKey har flera gränssnitt med separata referenser för var och en av dem, så du bör gå över varje gränssnitt och ställa in skydd också. -### Email and SMS +### E-post och SMS -If you have to use email for MFA, make sure that the email account itself is secured with a proper MFA method. +Om du måste använda e-post för MFA ska du se till att e-postkontot i sig är skyddat med en lämplig MFA-metod. -If you use SMS MFA, use a carrier who will not switch your phone number to a new SIM card without account access, or use a dedicated VoIP number from a provider with similar security to avoid a [SIM swap attack](https://en.wikipedia.org/wiki/SIM_swap_scam). +Om du använder SMS MFA, använd en operatör som inte byter ditt telefonnummer till ett nytt SIM-kort utan tillgång till kontot, eller använd ett dedikerat VoIP-nummer från en leverantör med liknande säkerhet för att undvika en [SIM swap-attack](https://en.wikipedia.org/wiki/SIM_swap_scam). -[MFA tools we recommend](../multi-factor-authentication.md ""){.md-button} +[MFA-verktyg som vi rekommenderar](../multi-factor-authentication.md ""){.md-button} -## More Places to Set Up MFA +## Fler ställen att inrätta MFA -Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well. +Flerfaktorsautentisering kan användas för att säkra lokala inloggningar, SSH-nycklar eller till och med lösenordsdatabaser. ### Windows -Yubico has a dedicated [Credential Provider](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) that adds Challenge-Response authentication for the username + password login flow for local Windows accounts. If you have a YubiKey with Challenge-Response authentication support, take a look at the [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), which will allow you to set up MFA on your Windows computer. +Yubico har en dedikerad [Credential Provider](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) som lägger till Challenge-Response-autentisering för inloggningsflödet med användarnamn och lösenord för lokala Windows-konton. Om du har en YubiKey med stöd för autentisering med utmaningssvar kan du ta en titt på [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), där du kan konfigurera MFA på din Windows-dator. ### macOS -macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer. +macOS har [inbyggt stöd](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) för autentisering med smarta kort (PIV). Om du har ett smartkort eller en hårdvarunyckel som stöder PIV-gränssnittet, till exempel YubiKey, rekommenderar vi att du följer dokumentationen från leverantören av smartkortet eller hårdvarunyckeln och konfigurerar andrafaktorsautentisering för din macOS-dator. -Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/en-us/articles/360016649059) which can help you set up your YubiKey on macOS. +[Använda din YubiKey som ett smartkort i macOS](https://support.yubico.com/hc/en-us/articles/360016649059) som kan hjälpa dig att ställa in din YubiKey på macOS. -After your smartcard/security key is set up, we recommend running this command in the Terminal: +När din smartkort/säkerhetsnyckel har ställts in rekommenderar vi att du kör det här kommandot i terminalen: ```text sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES ``` -The command will prevent an adversary from bypassing MFA when the computer boots. +Kommandot förhindrar att en motståndare kringgår MFA när datorn startar. ### Linux -!!! warning +!!! varning - If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide. + Om värdnamnet på ditt system ändras (till exempel på grund av DHCP), skulle du inte kunna logga in. Det är viktigt att du skapar ett korrekt värdnamn för din dator innan du följer den här guiden. -The `pam_u2f` module on Linux can provide two-factor authentication for logging in on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS. +Modulen `pam_u2f` på Linux kan ge tvåfaktorsautentisering för inloggning på de flesta populära Linuxdistributioner. Om du har en maskinvarusäkerhetsnyckel som stöder U2F kan du konfigurera MFA-autentisering för inloggning. Yubico har en guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) som borde fungera för alla distributioner. Pakethanteraren kommandon-såsom `apt-get`-och paketnamn kan dock skilja sig. Den här guiden gäller **inte** för Qubes OS. ### Qubes OS -Qubes OS has support for Challenge-Response authentication with YubiKeys. If you have a YubiKey with Challenge-Response authentication support, take a look at the Qubes OS [YubiKey documentation](https://www.qubes-os.org/doc/yubikey/) if you want to set up MFA on Qubes OS. +Qubes OS har stöd för autentisering med Challenge-Response-autentisering med YubiKeys. Om du har en YubiKey med stöd för autentisering med utmaningssvar kan du ta en titt på dokumentationen för Qubes OS [YubiKey](https://www.qubes-os.org/doc/yubikey/) om du vill konfigurera MFA på Qubes OS. ### SSH -#### Hardware Security Keys +#### Hårdvarusäkerhetsnycklar -SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH/) on how to set this up. +SSH MFA kan konfigureras med flera olika autentiseringsmetoder som är populära med hårdvarusäkerhetsnycklar. Vi rekommenderar att du läser Yubicos dokumentation på [](https://developers.yubico.com/SSH/) om hur du ställer in detta. -#### Time-based One-time Password (TOTP) +#### Tidsbaserat engångslösenord (TOTP) -SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ. +SSH MFA kan också ställas in med TOTP. DigitalOcean har tillhandahållit en handledning [Hur man ställer in flerfaktorsautentisering för SSH på Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Det mesta bör vara likadant oavsett distribution, men kommandona för pakethanteraren - t. ex. `apt-get`- och paketnamnen kan skilja sig åt. -### KeePass (and KeePassXC) +### KeePass (och KeePassXC) -KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.sv.txt" +KeePass- och KeePassXC-databaser kan säkras med hjälp av Challenge-Response eller HOTP som andrafaktorsautentisering. Yubico har tillhandahållit ett dokument för KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) och det finns också ett dokument på webbplatsen [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa). diff --git a/i18n/sv/basics/passwords-overview.md b/i18n/sv/basics/passwords-overview.md index 9f0d3b054..00a211791 100644 --- a/i18n/sv/basics/passwords-overview.md +++ b/i18n/sv/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -47,7 +48,7 @@ An example of a diceware passphrase is `viewable fastness reluctant squishy seve To generate a diceware passphrase using real dice, follow these steps: -!!! note +!!! anmärkning These instructions assume that you are using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy. @@ -89,7 +90,7 @@ To sum it up, diceware passphrases are your best option when you need something ## Storing Passwords -### Password Managers +### Lösenordshanterare The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them. @@ -105,8 +106,6 @@ There are many good options to choose from, both cloud-based and local. Choose o Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device. -### Backups +### Säkerhetskopior You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/basics/threat-modeling.md b/i18n/sv/basics/threat-modeling.md index c07860416..fc1b3b411 100644 --- a/i18n/sv/basics/threat-modeling.md +++ b/i18n/sv/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/basics/vpn-overview.md b/i18n/sv/basics/vpn-overview.md index abcc36dae..28f43bbae 100644 --- a/i18n/sv/basics/vpn-overview.md +++ b/i18n/sv/basics/vpn-overview.md @@ -1,78 +1,77 @@ --- -title: VPN Overview +title: VPN-översikt icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- -Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). +Virtuella privata nätverk är ett sätt att förlänga slutet av ditt nätverk till en utgång någon annanstans i världen. En internetleverantör kan se flödet av internettrafik som kommer in i och ut ur din nätverksavslutningsenhet (dvs. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). -A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. +En VPN kan hjälpa dig eftersom den kan flytta förtroendet till en server någon annanstans i världen. ISP: n ser då bara att du är ansluten till en VPN och ingenting om den aktivitet som du skickar in i den. -## Should I use a VPN? +## Ska jag använda en VPN? -**Yes**, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service. +**Ja**, om du inte redan använder Tor. En VPN gör två saker: den flyttar riskerna från din Internetleverantör till sig själv och döljer din IP för en tredjepartstjänst. -VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way. +VPN-tjänster kan inte kryptera data utanför anslutningen mellan din enhet och VPN-servern. VPN-leverantörer kan se och ändra din trafik på samma sätt som din internetleverantör. Och det finns inget sätt att verifiera en VPN-leverantörs policy om "ingen loggning" på något sätt. -However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking. +De döljer dock din faktiska IP-adress för en tredjepartstjänst, förutsatt att det inte finns några IP-läckor. De hjälper dig att smälta in bland andra och minskar IP-baserad spårning. -## When shouldn't I use a VPN? +## När ska jag inte använda en VPN? -Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful. +Att använda en VPN i fall där du använder din [kända identitet](common-threats.md#common-misconceptions) är sannolikt inte användbart. -Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website. +Om du gör det kan det utlösa system för att upptäcka skräppost och bedrägerier, till exempel om du skulle logga in på din banks webbplats. -## What about encryption? +## Hur är det med kryptering? -Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption. +Den kryptering som erbjuds av VPN-leverantörer sker mellan dina enheter och deras servrar. Det garanterar att den specifika länken är säker. Detta är ett steg upp från att använda okrypterade proxies där en motståndare i nätverket kan avlyssna kommunikationen mellan dina enheter och proxies och ändra den. Kryptering mellan dina appar eller webbläsare och tjänsteleverantörerna hanteras dock inte av denna kryptering. -In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf). +För att det du gör på de webbplatser du besöker ska vara privat och säkert måste du använda HTTPS. Detta kommer att hålla dina lösenord, sessionstoken och frågor säkra från VPN-leverantören. Överväg att aktivera "HTTPS everywhere" i webbläsaren för att förhindra nedgraderingsattacker som [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf). -## Should I use encrypted DNS with a VPN? +## Ska jag använda krypterad DNS med en VPN? -Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third-party servers will simply add more entities to trust and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider. +Om inte din VPN-leverantör är värd för de krypterade DNS-servrarna finns **ingen**. Att använda DOH/DOT (eller någon annan form av krypterad DNS) med servrar från tredje part innebär helt enkelt att fler enheter måste lita på och gör **absolut ingenting** för att förbättra din integritet/säkerhet. Din VPN-leverantör kan fortfarande se vilka webbplatser du besöker baserat på IP-adresser och andra metoder. I stället för att bara lita på din VPN-leverantör litar du nu på både VPN-leverantören och DNSleverantören. -A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different. +Ett vanligt skäl att rekommendera krypterad DNS är att det hjälper mot DNS-spoofing. Din webbläsare bör dock redan kontrollera om [TLS-certifikat](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) med **HTTPS** och varna dig för det. Om du inte använder **HTTPS**kan en motståndare fortfarande ändra allt annat än dina DNS-frågor och slutresultatet blir inte mycket annorlunda. -Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit and would allow the encrypted DNS provider to deanonymize you. +Självfallet bör du **inte använda krypterad DNS med Tor**. Detta skulle leda alla dina DNS-förfrågningar genom en enda krets och göra det möjligt för den krypterade DNS-leverantören att avanonymisera dig. -## Should I use Tor *and* a VPN? +## Ska jag använda Tor *och* en VPN? -By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md). +Genom att använda en VPN med Tor skapar du i princip en permanent ingångsnod, ofta med en pengastig kopplad till den. Detta ger inga ytterligare fördelar för dig, samtidigt som angreppsytan för din anslutning ökar dramatiskt. Om du vill dölja din användning av Tor för din internetleverantör eller din regering har Tor en inbyggd lösning för detta: Tor bridges. [Läs mer om Tor bridges och varför det inte är nödvändigt att använda en VPN](../advanced/tor-overview.md). -## What if I need anonymity? +## Vad händer om jag behöver anonymitet? -VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead. +VPN-tjänster kan inte ge anonymitet. Din VPN-leverantör ser fortfarande din riktiga IP-adress och har ofta ett pengaspår som kan kopplas direkt till dig. Du kan inte förlita dig på att policyer för "ingen loggning" skyddar dina uppgifter. Använd istället [Tor](https://www.torproject.org/). -## What about VPN providers that provide Tor nodes? +## Hur är det med VPN-leverantörer som tillhandahåller Tor-noder? -Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). +Använd inte den här funktionen. Poängen med att använda Tor är att du inte litar på din VPN-leverantör. För närvarande stöder Tor endast [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) -protokollet. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (används i [WebRTC](https://en.wikipedia.org/wiki/WebRTC) för röst- och videodelning, det nya [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) -protokollet etc.), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) och andra paket kommer att tappas. För att kompensera för detta dirigerar VPN-leverantörer vanligtvis alla paket som inte är TCP-paket genom sin VPN-server (ditt första hopp). Detta är fallet med [ProtonVPN](https://protonvpn.com/support/tor-vpn/). När du använder denna Tor-över-VPN-inställning har du inte heller kontroll över andra viktiga Tor-funktioner, t.ex. [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (använder en annan Tor-krets för varje domän du besöker). -The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway. +Funktionen bör ses som ett bekvämt sätt att komma åt Tor-nätverket, inte att vara anonym. För riktig anonymitet ska du använda Tor Browser, TorSocks eller en Tor-gateway. -## When are VPNs useful? +## När är VPN-tjänster användbara? -A VPN may still be useful to you in a variety of scenarios, such as: +En VPN kan fortfarande vara användbar för dig i en rad olika situationer, till exempel: -1. Hiding your traffic from **only** your Internet Service Provider. -1. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations. -1. Hiding your IP from third-party websites and services, preventing IP based tracking. +1. Om du döljer din trafik från **kan du bara** din Internetleverantör. +1. Dölja dina nedladdningar (t. ex. torrents) för din internetleverantör och organisationer som bekämpar piratkopiering. +1. Dölja din IP-adress från webbplatser och tjänster från tredje part och förhindra IP-baserad spårning. -For situations like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor. +I sådana situationer, eller om du har en annan övertygande anledning, är de VPN-leverantörer som vi listat ovan de som vi anser vara mest pålitliga. Att använda en VPN-leverantör innebär dock fortfarande att du *litar på* leverantören. I nästan alla andra situationer bör du använda ett säkert**-by-design** verktyg som Tor. -## Sources and Further Reading +## Källor och vidare läsning -1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert -1. [Tor Network Overview](../advanced/tor-overview.md) -1. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides) -1. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them. +1. [VPN - en mycket osäker berättelse](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) av Dennis Schubert +1. [Översikt över Tor-nätverket](../advanced/tor-overview.md) +1. [IVPN sekretessguider](https://www.ivpn.net/privacy-guides) +1. ["Behöver jag en VPN?"](https://www.doineedavpn.com), ett verktyg som utvecklats av IVPN för att utmana aggressiv VPN-marknadsföring genom att hjälpa enskilda personer att avgöra om en VPN är rätt för dem. -## Related VPN Information +## Relevant information -- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) -- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) -- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) -- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.sv.txt" +- [Problemet med VPN- och integritetsgranskningswebbplatser](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) +- [Undersökning av gratis VPN-app](https://www.top10vpn.com/free-vpn-app-investigation/) +- [Dolda VPN-ägare avslöjas: 101 VPN-produkter som drivs av endast 23 företag](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) +- [Det här kinesiska företaget ligger i hemlighet bakom 24 populära appar som kräver farliga behörigheter](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) diff --git a/i18n/sv/calendar.md b/i18n/sv/calendar.md index 2b6b77f13..da7f6ca7c 100644 --- a/i18n/sv/calendar.md +++ b/i18n/sv/calendar.md @@ -1,6 +1,7 @@ --- -title: "Calendar Sync" +title: "Kalendersynkronisering" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -50,22 +51,20 @@ Calendars contain some of your most sensitive data; use products that implement - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar) - [:octicons-browser-16: Web](https://calendar.proton.me) -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Qualifications +### Minimikrav - Must sync and store information with E2EE to ensure data is not visible to the service provider. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/cloud.md b/i18n/sv/cloud.md index 8fc5e00fc..c1456903e 100644 --- a/i18n/sv/cloud.md +++ b/i18n/sv/cloud.md @@ -1,62 +1,60 @@ --- -title: "Cloud Storage" +title: "Molnlagring" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- -Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. +Många molnlagringsleverantörer kräver ditt fulla förtroende för att de inte kommer att titta på dina filer. Alternativen nedan eliminerar behovet av förtroende genom att antingen ge dig kontroll över dina data eller genom att implementera E2EE. -If these alternatives do not fit your needs, we suggest you look into [Encryption Software](encryption.md). +Om dessa alternativ inte passar dina behov föreslår vi att du tittar på [Encryption Software](encryption.md). -??? question "Looking for Nextcloud?" +??? fråga "Letar du efter Nextcloud?" - Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do not recommend Nextcloud's built-in E2EE functionality for home users. + Nextcloud är [fortfarande ett rekommenderat verktyg](productivity.md) för att själv hosta en filhanteringssvit, men vi rekommenderar inte tredjepartsleverantörer av Nextcloud-lagring för tillfället, eftersom vi inte rekommenderar Nextclouds inbyggda E2EE-funktionalitet för hemanvändare. ## Proton Drive !!! recommendation - ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } + ![Proton Drive-logotyp](assets/img/cloud/protondrive.svg){ align=right } - **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail). + **Proton Drive** är en E2EE-tjänst för allmän fillagring från den populära leverantören av krypterad e-post [Proton Mail] (https://proton.me/mail). - [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://proton.me/support/drive/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Requirements +### Minimikrav -- Must enforce end-to-end encryption. -- Must offer a free plan or trial period for testing. -- Must support TOTP or FIDO2 multi-factor authentication, or Passkey logins. -- Must offer a web interface which supports basic file management functionality. -- Must allow for easy exports of all files/documents. -- Must use standard, audited encryption. +- Måste genomdriva end-to-end-kryptering. +- Måste erbjuda en gratis plan eller provperiod för testning. +- Måste stödja TOTP- eller FIDO2-multifaktorautentisering eller inloggning med lösenord. +- Måste erbjuda ett webbgränssnitt som stöder grundläggande filhanteringsfunktioner. +- Måste möjliggöra enkel export av alla filer/dokument. +- Måste använda standard, granskad kryptering. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. -- Clients should be open-source. -- Clients should be audited in their entirety by an independent third-party. -- Should offer native clients for Linux, Android, Windows, macOS, and iOS. - - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. -- Should support easy file-sharing with other users. -- Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.sv.txt" +- Klienterna bör ha öppen källkod. +- Klienterna bör granskas i sin helhet av en oberoende tredje part. +- De bör erbjuda inhemska klienter för Linux, Android, Windows, macOS och iOS. + - Dessa klienter bör integreras med operativsystemets verktyg för leverantörer av molnlagring, t. ex. integrering av Files-appen i iOS eller DocumentsProvider-funktionen i Android. +- Det bör vara enkelt att dela filer med andra användare. +- Bör erbjuda åtminstone grundläggande funktioner för förhandsgranskning och redigering av filer i webbgränssnittet. diff --git a/i18n/sv/cryptocurrency.md b/i18n/sv/cryptocurrency.md new file mode 100644 index 000000000..25efd8389 --- /dev/null +++ b/i18n/sv/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! fara + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Kriterier + +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. + +!!! exempel "Det här avsnittet är nytt" + + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/sv/data-redaction.md b/i18n/sv/data-redaction.md index 54972d37b..40f4450e0 100644 --- a/i18n/sv/data-redaction.md +++ b/i18n/sv/data-redaction.md @@ -1,34 +1,35 @@ --- -title: "Data and Metadata Redaction" +title: "Redigering av data och metadata" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- -When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. +När du delar filer ska du se till att ta bort tillhörande metadata. Bildfiler innehåller vanligtvis [Exif](https://en.wikipedia.org/wiki/Exif) data. Foton innehåller ibland även GPS-koordinater i filmetadata. -## Desktop +## Skrivbord ### MAT2 !!! recommendation - ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right } + ![MAT2-logotyp](assets/img/data-redaction/mat2.svg){ align=right } - **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org). + **MAT2** är en gratis programvara som gör det möjligt att ta bort metadata från bild-, ljud-, torrent- och dokumentfiler. Den tillhandahåller både ett kommandoradsverktyg och ett grafiskt användargränssnitt via ett [tillägg för Nautilus] (https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), standardfilhanteraren för [GNOME](https://www.gnome.org), och [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), standardfilhanteraren för [KDE](https://kde.org). - On Linux, a third-party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). + På Linux finns ett grafiskt verktyg från tredje part [Metadata Cleaner] (https://gitlab.com/rmnvgr/metadata-cleaner) som drivs av MAT2 och är [tillgängligt på Flathub] (https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). [:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary } [:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation} [:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" } - ??? downloads + ??? nedladdningar - [:simple-windows11: Windows](https://pypi.org/project/mat2) - [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew) - [:simple-linux: Linux](https://pypi.org/project/mat2) - [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface) -## Mobile +## Mobil ### ExifEraser (Android) @@ -36,48 +37,48 @@ When sharing files, be sure to remove associated metadata. Image files commonly ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right } - **ExifEraser** is a modern, permissionless image metadata erasing application for Android. + **ExifEraser** är ett modernt program för radering av bildmetadata för Android, utan behörighet. - It currently supports JPEG, PNG and WebP files. + För närvarande stöds JPEG-, PNG- och WebP-filer. - [:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" } + [:octicons-repo-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser) - [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser) - [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases) -The metadata that is erased depends on the image's file type: +Vilka metadata som raderas beror på bildens filtyp: -* **JPEG**: ICC Profile, Exif, Photoshop Image Resources and XMP/ExtendedXMP metadata will be erased if it exists. -* **PNG**: ICC Profile, Exif and XMP metadata will be erased if it exists. -* **WebP**: ICC Profile, Exif and XMP metadata will be erased if it exists. +* **JPEG**: ICC-profil, Exif, Photoshop Image Resources och XMP/ExtendedXMP-metadata raderas om de finns. +* **PNG**: ICC-profil, Exif- och XMP-metadata raderas om de finns. +* **PNG**: ICC-profil, Exif- och XMP-metadata raderas om de finns. -After processing the images, ExifEraser provides you with a full report about what exactly was removed from each image. +Efter att ha behandlat bilderna ger ExifEraser dig en fullständig rapport om exakt vad som togs bort från varje bild. -The app offers multiple ways to erase metadata from images. Namely: +Appen erbjuder flera sätt att radera metadata från bilder. Namn: -* You can share an image from another application with ExifEraser. -* Through the app itself, you can select a single image, multiple images at once, or even an entire directory. -* It features a "Camera" option, which uses your operating system's camera app to take a photo, and then it removes the metadata from it. -* It allows you to drag photos from another app into ExifEraser when they are both open in split-screen mode. -* Lastly, it allows you to paste an image from your clipboard. +* Du kan dela en bild från ett annat program med ExifEraser. +* I appen kan du välja en enda bild, flera bilder samtidigt eller till och med en hel katalog. +* Den har ett "kamera"-alternativ som använder operativsystemets kameraapp för att ta ett foto och sedan tar bort metadata från det. +* Du kan dra foton från en annan app till ExifEraser när båda är öppna i delad skärm. +* Slutligen kan du klistra in en bild från klippbordet. ### Metapho (iOS) !!! recommendation - ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right } + ![Metapho logotyp](assets/img/data-redaction/metapho.jpg){ align=right } - **Metapho** is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location. + **Metapho** är en enkel och ren visare för fotometadata som datum, filnamn, storlek, kameramodell, slutartid och plats. [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary } - [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" } + [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Sekretesspolicy" } - ??? downloads + ??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/us/app/metapho/id914457352) @@ -85,25 +86,25 @@ The app offers multiple ways to erase metadata from images. Namely: !!! recommendation - ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right } + ![PrivacyBlur-logotyp](assets/img/data-redaction/privacyblur.svg){ align=right } - **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online. + **PrivacyBlur** är en gratis app som kan sudda ut känsliga delar av bilder innan de delas på nätet. - [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur) - [:simple-appstore: App Store](https://apps.apple.com/us/app/privacyblur/id1536274106) -!!! warning +!!! varning - You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid). + Du bör **aldrig** använda oskärpa för att redigera [text i bilder] (https://bishopfox.com/blog/unredacter-tool-never-pixelation). Om du vill redigera text i en bild ritar du en ruta över texten. För detta föreslår vi appar som [Pocket Paint] (https://github.com/Catrobat/Paintroid). -## Command-line +## Kommandorad ### ExifTool @@ -111,36 +112,32 @@ The app offers multiple ways to erase metadata from images. Namely: ![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right } - **ExifTool** is the original perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more). + **ExifTool** är det ursprungliga perl-biblioteket och kommandoradstillämpningen för att läsa, skriva och redigera metainformation (Exif, IPTC, XMP med mera) i en mängd olika filformat (JPEG, TIFF, PNG, PDF, RAW med mera). - It's often a component of other Exif removal applications and is in most Linux distribution repositories. + Det är ofta en del av andra program för att ta bort Exif-filer och finns i de flesta Linuxdistributioners arkiv. - [:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" } - [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute } - - ??? downloads + [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://exiftool.org) - [:simple-apple: macOS](https://exiftool.org) - [:simple-linux: Linux](https://exiftool.org) -!!! example "Deleting data from a directory of files" +!!! exempel "Radera data från en katalog med filer" ```bash exiftool -all= *.file_extension ``` -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Apps developed for open-source operating systems must be open-source. -- Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.sv.txt" +- Appar som utvecklas för operativsystem med öppen källkod måste vara med öppen källkod. +- Apparna måste vara gratis och får inte innehålla annonser eller andra begränsningar. diff --git a/i18n/sv/desktop-browsers.md b/i18n/sv/desktop-browsers.md index 56f3b0ccf..38492bd14 100644 --- a/i18n/sv/desktop-browsers.md +++ b/i18n/sv/desktop-browsers.md @@ -1,9 +1,10 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- -These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. +These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. Om du vill surfa anonymt på internet bör du använda [Tor](tor.md) i stället. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. ## Firefox @@ -29,9 +30,9 @@ These are our currently recommended desktop web browsers and configurations for !!! warning Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/). -### Recommended Configuration +### Rekommenderad konfiguration -Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. +Tor Browser är det enda sättet att verkligen surfa anonymt på internet. When you use Firefox, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. These options can be found in :material-menu: → **Settings** → **Privacy & Security**. @@ -90,17 +91,16 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca ![Brave logo](assets/img/browsers/brave.svg){ align=right } - **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default. + **Brave Browser** innehåller en inbyggd innehållsblockerare och [integritetsfunktioner] (https://brave.com/privacy-features/), varav många är aktiverade som standard. - Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues. + Brave bygger på webbläsarprojektet Chromium, så den bör kännas bekant och ha minimala problem med webbkompatibilitet. - [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary } - [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads annotate + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://lbry.com/faq/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? downloads annotate - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) - [:simple-windows11: Windows](https://brave.com/download/) @@ -109,36 +109,36 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca 1. We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc. -### Recommended Configuration +### Rekommenderad konfiguration -Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. +Tor Browser är det enda sättet att verkligen surfa anonymt på internet. När du använder Brave rekommenderar vi att du ändrar följande inställningar för att skydda din integritet från vissa parter, men alla andra webbläsare än [Tor Browser](tor.md#tor-browser) kommer att kunna spåras av *någon* i något avseende. These options can be found in :material-menu: → **Settings**. -##### Shields +##### Sköldar -Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit. +Brave har några åtgärder mot fingeravtryck i sin funktion [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-). Vi föreslår att du konfigurerar dessa alternativ [globalt](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) på alla sidor som du besöker. -Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: +Shields alternativ kan nedgraderas vid behov för varje enskild plats, men som standard rekommenderar vi att du ställer in följande:
- [x] Select **Prevent sites from fingerprinting me based on my language preferences** - [x] Select **Aggressive** under Trackers & ads blocking - ??? warning "Use default filter lists" - Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. + ??? varning "Use default filter lists" + Brave låter dig välja ytterligare innehållsfilter på den interna sidan `brave://adblock`. Vi avråder från att använda den här funktionen; behåll istället standardfilterlistorna. Om du använder extra listor sticker du ut från andra Brave-användare och kan också öka angreppsytan om det finns en exploit i Brave och en skadlig regel läggs till i en av de listor du använder. - [x] (Optional) Select **Block Scripts** (1) - [x] Select **Strict, may break sites** under Block fingerprinting
-1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension. +1. Det här alternativet ger funktioner som liknar uBlock Origin avancerade blockeringslägen för [](https://github.com/gorhill/uBlock/wiki/Blocking-mode) eller tillägget [NoScript](https://noscript.net/). ##### Social media blocking -- [ ] Uncheck all social media components +- [ ] Avmarkera alla komponenter för sociala medier ##### Privacy and security @@ -170,7 +170,7 @@ Disable built-in extensions you do not use in **Extensions** ##### IPFS -InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. +InterPlanetary File System (IPFS) är ett decentraliserat peer-to-peer-nätverk för lagring och delning av data i ett distribuerat filsystem. Om du inte använder funktionen, inaktivera den. - [x] Select **Disabled** on Method to resolve IPFS resources @@ -188,9 +188,9 @@ Under the *System* menu ### Brave Sync -[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. +[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) gör det möjligt att få tillgång till dina webbläsardata (historik, bokmärken osv.) på alla dina enheter utan att du behöver ett konto och skyddar dem med E2EE. -## Additional Resources +## Ytterligare resurser We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin may prove useful if you value content blocking functionality. @@ -222,27 +222,27 @@ These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashb - [x] Check **Privacy** > **AdGuard URL Tracking Protection** - Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt) -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Requirements +### Minimikrav -- Must be open-source software. +- Måste vara programvara med öppen källkod. - Supports automatic updates. - Receives engine updates in 0-1 days from upstream release. - Available on Linux, macOS, and Windows. -- Any changes required to make the browser more privacy-respecting should not negatively impact user experience. +- Eventuella ändringar som krävs för att göra webbläsaren mer integritetsvänlig bör inte påverka användarupplevelsen negativt. - Blocks third-party cookies by default. - Supports [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1] -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Includes built-in content blocking functionality. - Supports cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers)). @@ -253,11 +253,9 @@ Our best-case criteria represents what we would like to see from the perfect pro - Provides open-source sync server implementation. - Defaults to a [private search engine](search-engines.md). -### Extension Criteria +### Kriterier för förlängning -- Must not replicate built-in browser or OS functionality. -- Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.sv.txt" +- Får inte replikera inbyggda webbläsar- eller OS-funktioner. +- Måste direkt påverka användarens integritet, det vill säga får inte bara ge information. [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/sv/desktop.md b/i18n/sv/desktop.md index 7361cc698..265ab5036 100644 --- a/i18n/sv/desktop.md +++ b/i18n/sv/desktop.md @@ -1,6 +1,7 @@ --- -title: "Desktop/PC" +title: "Skrivbord" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -164,13 +165,13 @@ Qubes OS is a Xen-based operating system meant to provide strong security for de The Qubes OS operating system secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate VMs. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the system. For further details see the Qubes [FAQ](https://www.qubes-os.org/faq/). -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. Our recommended operating systems: @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/dns.md b/i18n/sv/dns.md index ae3b912cc..01ba9e718 100644 --- a/i18n/sv/dns.md +++ b/i18n/sv/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -20,13 +19,13 @@ icon: material/dns | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Based on server choice. | | [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. - Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). - [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). @@ -53,7 +52,7 @@ Apple does not provide a native interface for creating encrypted DNS profiles. [ `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. -## Encrypted DNS Proxies +## Krypterade DNS-proxyservrar Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). @@ -97,7 +96,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) -## Self-hosted Solutions +## Egenstyrda lösningar A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.sv.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/sv/email-clients.md b/i18n/sv/email-clients.md index c6469a706..cae032da9 100644 --- a/i18n/sv/email-clients.md +++ b/i18n/sv/email-clients.md @@ -1,6 +1,7 @@ --- -title: "Email Clients" +title: "E-postklienter" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -35,7 +36,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry - [:simple-linux: Linux](https://www.thunderbird.net) - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.Thunderbird) -#### Recommended Configuration +#### Rekommenderad konfiguration We recommend changing some of these settings to make Thunderbird a little more private. @@ -86,7 +87,7 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S - [:simple-appstore: App Store](https://apps.apple.com/app/id1236045954) - [:simple-windows11: Windows](https://canarymail.io/downloads.html) -!!! warning +!!! varning Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts. @@ -150,7 +151,7 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9) - [:simple-github: GitHub](https://github.com/k9mail/k-9/releases) -!!! warning +!!! varning When replying to someone on a mailing list the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738). @@ -212,28 +213,26 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f - [:simple-apple: macOS](https://neomutt.org/distro) - [:simple-linux: Linux](https://neomutt.org/distro) -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Qualifications +### Minimikrav -- Apps developed for open-source operating systems must be open-source. +- Appar som utvecklas för operativsystem med öppen källkod måste vara med öppen källkod. - Must not collect telemetry, or have an easy way to disable all telemetry. - Must support OpenPGP message encryption. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should be open-source. - Should be cross-platform. - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/email.md b/i18n/sv/email.md index 1977815d4..2333d74a9 100644 --- a/i18n/sv/email.md +++ b/i18n/sv/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,11 +10,23 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. -!!! warning +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
+ +!!! varning When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. -## Email Aliasing Services +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. + +## E-postaliaseringstjänster An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -340,7 +367,7 @@ Notable free features: - [x] Unlimited Replies - [x] 1 Recipient Mailbox -## Self-Hosting Email +## Självhanterande e-post Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. @@ -372,7 +399,7 @@ For a more manual approach we've picked out these two articles: - [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) - [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017) -## Criteria +## Kriterier **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/encryption.md b/i18n/sv/encryption.md index 5019a63cc..38e6c936c 100644 --- a/i18n/sv/encryption.md +++ b/i18n/sv/encryption.md @@ -1,6 +1,7 @@ --- title: "Programvara för kryptering" icon: material/file-lock +description: Kryptering av data är det enda sättet att kontrollera vem som har tillgång till dem. These tools allow you to encrypt your emails and any other files. --- Kryptering av data är det enda sättet att kontrollera vem som har tillgång till dem. Om du för närvarande inte använder krypteringsprogram för din hårddisk, e-post eller filer bör du välja ett alternativ här. @@ -66,66 +67,64 @@ I Cryptomators dokumentation beskrivs närmare det avsedda [säkerhetsmålet](ht **VeraCrypt** är ett källkod-tillgängligt freeware-verktyg som används för on-the-fly kryptering. Det kan skapa en virtuell krypterad disk i en fil, kryptera en partition eller kryptera hela lagringsenheten med autentisering före start. - [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary } - [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation} - [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" } - [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute } - - ??? downloads + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} + [:octicons-code-16:](https://veracrypt.fr/code){ .card-link title="Source Code" } + [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html) - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html) - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html) -VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed. +VeraCrypt är en gaffel i det nedlagda TrueCrypt-projektet. Enligt utvecklarna har säkerhetsförbättringar genomförts och problem som togs upp vid den första TrueCrypt-kodgranskningen har åtgärdats. -When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher. +När du krypterar med VeraCrypt kan du välja mellan olika hashfunktioner [](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). Vi föreslår att du **endast** väljer [SHA-512](https://en.wikipedia.org/wiki/SHA-512) och håller dig till [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) blockchiffer. -Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). +Truecrypt har granskats [ett antal gånger](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), och VeraCrypt har också granskats [separat](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). -## OS Full Disk Encryption +## Fullständig diskkryptering -Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor). +Moderna operativsystem inkluderar [FDE](https://en.wikipedia.org/wiki/Disk_encryption) och har en [säker kryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor). ### BitLocker !!! recommendation - ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } + ![BitLocker-logotyp](assets/img/encryption-software/bitlocker.png){ align=right } - **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). + **BitLocker** är den lösning för fullständig volymkryptering som ingår i Microsoft Windows. Den främsta anledningen till att vi rekommenderar den är att den [använder TPM] (https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), ett företag som arbetar med kriminalteknik, har skrivit om det i [Understanding BitLocker TPM Protection] (https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation} -BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites. +BitLocker stöds endast av [](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) i Windows utgåvorna Pro, Enterprise och Education. Den kan aktiveras i Home-utgåvorna om de uppfyller förutsättningarna. -??? example "Enabling BitLocker on Windows Home" +??? exempel "Aktivering av BitLocker på Windows Home" - To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. + För att aktivera BitLocker i Windows Home-utgåvor måste du ha partitioner som är formaterade med en [GUID Partition Table] (https://en.wikipedia.org/wiki/GUID_Partition_Table) och ha en dedikerad TPM-modul (v1.2, 2.0+). - 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style": + 1. Öppna en kommandotolk och kontrollera enhetens partitionstabellformat med följande kommando. Du bör se "**GPT**" listad under "Partition Style": ``` powershell Get-Disk ``` - 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`: + 2. Kör det här kommandot (i en administratörskommandotolk) för att kontrollera din TPM-version. Du bör se `2.0` eller `1.2` bredvid `SpecVersion`: ``` powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm ``` - 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**. + 3. Access [Avancerade startalternativ](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Du måste starta om och samtidigt trycka på F8-tangenten innan Windows startar och gå in i kommandotolken ** i **Felsökning** → **Avancerade alternativ** → **Kommandotolk**. - 4. Login with your admin account and type this in the command prompt to start encryption: + 4. Logga in med ditt administratörskonto och skriv detta i kommandotolken för att starta kryptering: ``` manage-bde -on c: -used ``` - 5. Close the command prompt and continue booting to regular Windows. + 5. Stäng kommandotolken och fortsätt att starta upp till vanligt Windows. - 6. Open an admin command prompt and run the following commands: + 6. Öppna en administratörskommandotolk och kör följande kommandon: ``` manage-bde c: -protectors -add -rp -tpm @@ -133,35 +132,35 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt ``` - !!! tip + !!! tips - Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data. + Säkerhetskopiera `BitLocker-Recovery-Key.txt` på skrivbordet till en separat lagringsenhet. Förlust av denna återställningskod kan leda till förlust av data. ### FileVault !!! recommendation - ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } + ![FileVaults logotyp](assets/img/encryption-software/filevault.png){ align=right } - **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. + **FileVault** är en lösning för volymkryptering i farten som är inbyggd i macOS. FileVault rekommenderas eftersom det finns [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) maskinvarusäkerhetsfunktioner på ett Apple Silicon SoC- eller T2-säkerhetschip. [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation} -We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. +Vi rekommenderar att du lagrar en lokal återställningsnyckel på en säker plats i stället för att använda ditt iCloud-konto för återställning. ### Linux Unified Key Setup !!! recommendation - ![LUKS logo](assets/img/encryption-software/luks.png){ align=right } + ![LUKS-logotyp](assets/img/encryption-software/luks.png){ align=right } - **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. + **LUKS** är standardmetoden för FDE för Linux. Den kan användas för att kryptera hela volymer, partitioner eller skapa krypterade behållare. - [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary } - [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation} - [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" } + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup){ .card-link title=Contribute } -??? example "Creating and opening encrypted containers" +??? exempel "Skapa och öppna krypterade behållare" ``` dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress @@ -169,59 +168,59 @@ We recommend storing a local recovery key in a secure place as opposed to using ``` - #### Opening encrypted containers - We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface. + #### Öppna krypterade behållare + Vi rekommenderar att du öppnar behållare och volymer med `udisksctl` eftersom detta använder [Polkit](https://en.wikipedia.org/wiki/Polkit). De flesta filhanterare, t. ex. de som ingår i populära skrivbordsmiljöer, kan låsa upp krypterade filer. Verktyg som [udiskie](https://github.com/coldfix/udiskie) kan köras i systemfältet och ge ett användbart användargränssnitt. ``` udisksctl loop-setup -f /path-to-file - udisksctl unlock -b /dev/loop0 + udisksctl låsa upp -b /dev/loop0 ``` -!!! note "Remember to back up volume headers" +!!! note "Kom ihåg att säkerhetskopiera volymrubriker" - We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: + Vi rekommenderar att du alltid [säkerhetskopierar dina LUKS-rubriker] (https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) om en del av enheten skulle gå sönder. Detta kan göras genom att: ``` cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img ``` -## Browser-based +## Webbläsarbaserad -Browser-based encryption can be useful when you need to encrypt a file but cannot install software or apps on your device. +Webbläsarbaserad kryptering kan vara användbar när du behöver kryptera en fil men inte kan installera programvara eller appar på enheten. ### hat.sh !!! recommendation - ![hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ align=right } - ![hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ align=right } + ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right } + ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right } - **Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies. + **VeraCrypt** är ett källkod-tillgängligt freeware-verktyg som används för on-the-fly kryptering. Det kan också vara värd för sig själv och är användbart om du behöver kryptera en fil men inte kan installera någon programvara på din enhet på grund av organisationspolicyer. - [:octicons-globe-16: Website](https://hat.sh){ .md-button .md-button--primary } - [:octicons-eye-16:](https://hat.sh/about/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://hat.sh/about/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" } + [:octicons-globe-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://hat.sh/about/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Källkod" } + [:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations/){ .card-link title=Contribute" } -## Command-line +## Kommandorad -Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script). +Verktyg med kommandoradsgränssnitt är användbara för att integrera [skalskript](https://en.wikipedia.org/wiki/Shell_script). ### Kryptor !!! recommendation - ![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right } + ![Kryptor-logotyp](assets/img/encryption-software/kryptor.png){ align=right } - **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG. + ** Kryptor** är ett gratis och öppet källkodsverktyg för filkryptering och signering som använder moderna och säkra kryptografiska algoritmer. Det syftar till att vara en bättre version av [age](https://github.com/FiloSottile/age) och [Minisign](https://jedisct1.github.io/minisign/) för att ge ett enkelt, enklare alternativ till GPG. - [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.kryptor.co.uk/tutorial/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Källkod" } + [:octicons-heart-16:](https://www.kryptor.co.uk/#donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-windows11: Windows](https://www.kryptor.co.uk) - [:simple-apple: macOS](https://www.kryptor.co.uk) @@ -231,24 +230,24 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht !!! recommendation - ![Tomb logo](assets/img/encryption-software/tomb.png){ align=right } + ![Tomb-logotyp](assets/img/encryption-software/tomb.png){ align=right } - **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work). + * * Tomb * * är ett kommandoradsskal för LUKS. Den stöder steganografi via [verktyg från tredje part] (https://github.com/dyne/Tomb#how-does-it-work). - [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" } [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute } ## OpenPGP -OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options. +OpenPGP behövs ibland för specifika uppgifter som digital signering och kryptering av e-post. PGP har många funktioner och är [komplext](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) eftersom det har funnits länge. För uppgifter som signering eller kryptering av filer föreslår vi ovanstående alternativ. -When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf). +Vid kryptering med PGP har du möjlighet att konfigurera olika alternativ i din `gpg.conf` -fil. Vi rekommenderar att du använder de standardalternativ som anges i [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf). -!!! tip "Use future defaults when generating a key" +!!! tips "Använd framtida standardvärden när du skapar en nyckel" - When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/): + När du [genererar nycklar] (https://www.gnupg.org/gph/en/manual/c14.html) föreslår vi att du använder kommandot `future-default`, eftersom detta kommer att instruera GnuPG att använda modern kryptografi som [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) och [Ed25519](https://ed25519.cr.yp.to/): ```bash gpg --quick-gen-key alice@example.com future-default @@ -258,100 +257,98 @@ When encrypting with PGP, you have the option to configure different options in !!! recommendation - ![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right } + ![GNU Privacy Guard-logotypen](assets/img/encryption-software/gnupg.svg){ align=right } - **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government. + **GnuPG * * är ett GPL-licensierat alternativ till PGP-paketet med kryptografisk programvara. GnuPG är kompatibel med [RFC 4880](https://tools.ietf.org/html/rfc4880), som är den aktuella IETF-specifikationen för OpenPGP. GnuPG-projektet har arbetat med ett [uppdaterat utkast](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) i ett försök att modernisera OpenPGP. GnuPG är en del av Free Software Foundations GNU-programvaruprojekt och har fått stora [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) från den tyska regeringen. - [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation} - [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) - - [:simple-windows11: Windows](https://gpg4win.org/download.html) - - [:simple-apple: macOS](https://gpgtools.org) - - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary) + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gnupg.org/documentation/index.html/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) - [:simple-windows11: App Store](download.html) + - [:simple-apple: Android]() + - [:simple-linux: Windows]() + - [ macOS]() + - [ Linux]() + - [ Flathub) ### GPG4win !!! recommendation - ![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right } + ![GPG4win-logotyp](assets/img/enkrypteringsprogram/gpg4win.svg){ align=right } - **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005. + **GPG4win** är ett paket för Windows från [Intevation and g10 Code] (https://gpg4win.org/impressum.html). Den innehåller [olika verktyg] (https://gpg4win.org/about.html) som kan hjälpa dig att använda GPG i Microsoft Windows. Projektet initierades och finansierades ursprungligen [av](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Tysklands federala kontor för informationssäkerhet (BSI) 2005. - [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation} - [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" } - [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](documentation.html/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Källkod" } + [:octicons-heart-16:](donate.html/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-windows11: Windows](https://gpg4win.org/download.html) ### GPG Suite -!!! note +!!! anmärkning - We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices. + Vi rekommenderar [Canary Mail](email-clients.md#canary-mail) för att använda PGP med e-post på iOS-enheter. !!! recommendation ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } - **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. + **GPG Suite** ger OpenPGP-stöd för [Apple Mail](email-clients.md#apple-mail) och macOS. - We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support. + Vi rekommenderar att du tar en titt på deras [First steps] (https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) och [Knowledge base] (https://gpgtools.tenderapp.com/kb) för stöd. - [:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gpgtools.tenderapp.com/kb/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - - [:simple-apple: macOS](https://gpgtools.org) + - [:simple-apple: Flathub](https://gpgtools.org) ### OpenKeychain !!! recommendation - ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } + ![OpenKeychain-logotyp](assets/img/encryption-software/openkeychain.svg){ align=right } - **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). + **OpenKeychain** är en Android-implementering av GnuPG. Det krävs vanligtvis av e-postklienter som [K-9 Mail](email-clients.md#k-9-mail) och [FairEmail](email-clients.md#fairemail) och andra Android-appar för att ge krypteringsstöd. Cure53 genomförde en [säkerhetsrevision] (https://www.openkeychain.org/openkeychain-3-6) av OpenKeychain 3.6 i oktober 2015. Tekniska detaljer om granskningen och OpenKeychains lösningar finns på [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). - [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) + - [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Qualifications +### Minimikrav - Cross-platform encryption apps must be open-source. - File encryption apps must support decryption on Linux, macOS, and Windows. - External disk encryption apps must support decryption on Linux, macOS, and Windows. - Internal (OS) disk encryption apps must be cross-platform or built in to the operating system natively. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/file-sharing.md b/i18n/sv/file-sharing.md index a61427d11..34218aa34 100644 --- a/i18n/sv/file-sharing.md +++ b/i18n/sv/file-sharing.md @@ -1,27 +1,28 @@ --- -title: "File Sharing and Sync" +title: "Fildelning och synkronisering" icon: material/share-variant +description: Upptäck hur du kan dela dina filer privat mellan dina enheter, med vänner och familj eller anonymt på nätet. --- -Discover how to privately share your files between your devices, with your friends and family, or anonymously online. +Upptäck hur du kan dela dina filer privat mellan dina enheter, med vänner och familj eller anonymt på nätet. -## File Sharing +## Fildelningsprogram -### Send +### Skicka !!! recommendation ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right } - **Send** is a fork of Mozilla’s discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee/). You can use other public instances, or you can host Send yourself. + **Send** är en förgrening av Mozillas nedlagda Firefox Send-tjänst som låter dig skicka filer till andra med en länk. Filerna krypteras på din enhet så att de inte kan läsas av servern, och de kan också skyddas med lösenord. Den som upprätthåller Send är värd för en [offentlig instans] (https://send.vis.ee/). Du kan använda andra offentliga instanser, eller du kan vara värd för Skicka själv. - [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary } - [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"} - [:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-server-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/timvisee/send#readme/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Källkod" } + [:octicons-heart-16:](https://github.com/sponsors/timvisee/){ .card-link title=Contribute } -Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server: +Send kan användas via webbgränssnittet eller via [ffsend](https://github.com/timvisee/ffsend) CLI. Om du känner till kommandoraden och skickar filer ofta rekommenderar vi att du använder CLI-klienten för att undvika JavaScript-baserad kryptering. Du kan ange flaggan `- värd` för att använda en specifik server: ```bash ffsend upload --host https://send.vis.ee/ FILE @@ -31,63 +32,63 @@ ffsend upload --host https://send.vis.ee/ FILE !!! recommendation - ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ align=right } + ![OnionShare-logotyp](assets/img/file-sharing-sync/onionshare.svg){ align=right } - **OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files. + **OnionShare** är ett verktyg med öppen källkod som låter dig dela en fil av valfri storlek på ett säkert och anonymt sätt. Det fungerar genom att starta en webbserver som är tillgänglig som en Tor onion-tjänst, med en oigenkännlig URL som du kan dela med mottagarna för att ladda ner eller skicka filer. - [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary } - [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" } - [:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:simple-torbrowser:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.onionshare.org/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://onionshare.org/#download) - [:simple-apple: macOS](https://onionshare.org/#download) - [:simple-linux: Linux](https://onionshare.org/#download) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must not store decrypted data on a remote server. -- Must be open-source software. -- Must either have clients for Linux, macOS, and Windows; or have a web interface. +- Får inte lagra dekrypterade data på en fjärrserver. +- Måste vara programvara med öppen källkod. +- Måste antingen ha klienter för Linux, macOS och Windows eller ha ett webbgränssnitt. ## FreedomBox !!! recommendation - ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right } + ![FreedomBox-logotyp](assets/img/file-sharing-sync/freedombox.svg){ align=right } - **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host. + **FreedomBox** är ett operativsystem som är utformat för att köras på en [single-board computer (SBC)] (https://en.wikipedia.org/wiki/Single-board_computer). Syftet är att göra det enkelt att konfigurera serverprogram som du kanske vill vara värd för själv. - [:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" } - [:octicons-heart-16:](https://freedomboxfoundation.org/donate/){ .card-link title=Contribute } + [:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title=Contribute } -## File Sync +## Filsynkronisering -### Nextcloud (Client-Server) +### Nextcloud (klient-server) !!! recommendation - ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } + ![Nextcloud-logotyp](assets/img/productivity/nextcloud.svg){ align=right } - **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + **Nextcloud** är en svit med gratis klient-serverprogramvara med öppen källkod för att skapa egna filhostingtjänster på en privat server som du kontrollerar. - [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Källkod" } [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) @@ -97,24 +98,22 @@ ffsend upload --host https://send.vis.ee/ FILE - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud) -!!! danger +!!! fara - We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. + Vi rekommenderar inte att du använder [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) för Nextcloud eftersom det kan leda till dataförluster; det är mycket experimentellt och inte av produktionskvalitet. -### Syncthing (P2P) +### Synkronisering (P2P) !!! recommendation - ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right } + ![Synkronisera logotyp](assets/img/file-sharing-sync/syncthing.svg){ align=right } - **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS. + **Syncthing** är ett verktyg för kontinuerlig filsynkronisering med öppen källkod. Det används för att synkronisera filer mellan två eller flera enheter över det lokala nätverket eller internet. Synkronisering använder inte en centraliserad server; den använder [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html #bep-v1) för att överföra data mellan enheter. All data krypteras med TLS. - [:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary } - [:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" } - [:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute } - - ??? downloads + [:octicons-heart-16:](https://syncthing.net/donations){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid) - [:simple-windows11: Windows](https://syncthing.net/downloads/) @@ -124,25 +123,23 @@ ffsend upload --host https://send.vis.ee/ FILE - [:simple-openbsd: OpenBSD](https://syncthing.net/downloads/) - [:simple-netbsd: NetBSD](https://syncthing.net/downloads/) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -#### Minimum Requirements +#### Minimikrav -- Must not require a third-party remote/cloud server. -- Must be open-source software. -- Must either have clients for Linux, macOS, and Windows; or have a web interface. +- Får inte kräva en fjärr-/molnserver från tredje part. +- Måste vara programvara med öppen källkod. +- Måste antingen ha klienter för Linux, macOS och Windows eller ha ett webbgränssnitt. -#### Best-Case +#### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. -- Has mobile clients for iOS and Android, which at least support document previews. -- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.sv.txt" +- Har mobila klienter för iOS och Android, som åtminstone stöder förhandsgranskning av dokument. +- Stöder säkerhetskopiering av foton från iOS och Android, och stöder som tillval synkronisering av filer och mappar på Android. diff --git a/i18n/sv/financial-services.md b/i18n/sv/financial-services.md new file mode 100644 index 000000000..030c6f9ae --- /dev/null +++ b/i18n/sv/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Kriterier + +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. + +!!! exempel "Det här avsnittet är nytt" + + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Kriterier + +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. + +!!! exempel "Det här avsnittet är nytt" + + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/sv/frontends.md b/i18n/sv/frontends.md index 3cab5e22a..c8889a93f 100644 --- a/i18n/sv/frontends.md +++ b/i18n/sv/frontends.md @@ -1,6 +1,7 @@ --- -title: "Frontends" +title: "Frontend" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -23,11 +24,11 @@ Sometimes services will try to force you to sign up for an account by blocking a [:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation} [:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" } -!!! warning +!!! varning Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy. -!!! tip +!!! tips Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. @@ -53,7 +54,7 @@ When you are using a Librarian instance, make sure to read the privacy policy of [:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" } [:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute } -!!! tip +!!! tips Nitter is useful if you want to browse Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter). @@ -78,7 +79,7 @@ When you are using a Nitter instance, make sure to read the privacy policy of th [:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" } -!!! tip +!!! tips ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. @@ -111,9 +112,9 @@ When you are using a ProxiTok instance, make sure to read the privacy policy of - [:simple-linux: Linux](https://freetubeapp.io/#download) - [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube) -!!! warning +!!! varning - When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. ### Yattee @@ -136,9 +137,9 @@ When you are using a ProxiTok instance, make sure to read the privacy policy of - [:simple-apple: App Store](https://apps.apple.com/us/app/yattee/id1595136629) - [:simple-github: GitHub](https://github.com/yattee/yattee/releases) -!!! warning +!!! varning - When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. @@ -162,9 +163,9 @@ By default, Yattee blocks all YouTube advertisements. In addition, Yattee option - [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases) -!!! warning +!!! varning - When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired. @@ -192,7 +193,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube !!! Warning - When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + When using NewPipe, your IP address will be visible to the video providers used. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. ### Invidious @@ -211,11 +212,11 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" } [:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute } -!!! warning +!!! varning Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL. -!!! tip +!!! tips Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts. @@ -239,7 +240,7 @@ When you are using an Invidious instance, make sure to read the privacy policy o [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" } [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute } -!!! tip +!!! tips Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts. @@ -247,22 +248,20 @@ When self-hosting, it is important that you have other people using your instanc When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. Recommended frontends... -- Must be open-source software. +- Måste vara programvara med öppen källkod. - Must be self-hostable. - Must provide all basic website functionality available to anonymous users. We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/index.md b/i18n/sv/index.md index 7683d68e0..a58d3bee1 100644 --- a/i18n/sv/index.md +++ b/i18n/sv/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/kb-archive.md b/i18n/sv/kb-archive.md index 7faf93b63..92daee33b 100644 --- a/i18n/sv/kb-archive.md +++ b/i18n/sv/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/meta/brand.md b/i18n/sv/meta/brand.md index 84007ff86..c65279f38 100644 --- a/i18n/sv/meta/brand.md +++ b/i18n/sv/meta/brand.md @@ -1,24 +1,22 @@ --- -title: Branding Guidelines +title: Riktlinjer för varumärket --- -The name of the website is **Privacy Guides** and should **not** be changed to: +Webbplatsen heter **Privacy Guides** och bör **inte** ändras till:
- PrivacyGuides -- Privacy guides +- Sekretessguider - PG - PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. +Namnet på underreddit är **r/PrivacyGuides** eller **the Privacy Guides Subreddit**. -Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) +Ytterligare riktlinjer för varumärket finns på [github.com/privacyguides/brand](https://github.com/privacyguides/brand) -## Trademark +## Varumärke -"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. +"Privacy Guides" och sköldlogotypen är varumärken som ägs av Jonah Aragon, obegränsad användning är tillåten för Privacy Guides-projektet. -Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.sv.txt" +Utan att avstå från någon av sina rättigheter ger Privacy Guides inte råd till andra om omfattningen av sina immateriella rättigheter. Privacy Guides varken tillåter eller samtycker till att dess varumärken används på ett sätt som kan orsaka förvirring genom att antyda att de är associerade med eller sponsras av Privacy Guides. Om du känner till någon sådan användning, vänligen kontakta Jonah Aragon på jonah@privacyguides.org. Kontakta din juridiska rådgivare om du har frågor. diff --git a/i18n/sv/meta/git-recommendations.md b/i18n/sv/meta/git-recommendations.md index 95693241c..f096a09c4 100644 --- a/i18n/sv/meta/git-recommendations.md +++ b/i18n/sv/meta/git-recommendations.md @@ -1,10 +1,10 @@ --- -title: Git Recommendations +title: Git-rekommendationer --- -If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. +Om du gör ändringar på denna webbplats på GitHub.coms webbredigerare direkt, borde du inte behöva oroa dig för detta. Om du utvecklar lokalt och/eller är en långsiktig webbplatsredaktör (som förmodligen borde utveckla lokalt!), bör du överväga dessa rekommendationer. -## Enable SSH Key Commit Signing +## Aktivera signering av SSH-nyckeln för åtagande You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/meta/uploading-images.md b/i18n/sv/meta/uploading-images.md index 5c266c67e..55f136f8a 100644 --- a/i18n/sv/meta/uploading-images.md +++ b/i18n/sv/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/meta/writing-style.md b/i18n/sv/meta/writing-style.md index 449683025..b9e47a716 100644 --- a/i18n/sv/meta/writing-style.md +++ b/i18n/sv/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/mobile-browsers.md b/i18n/sv/mobile-browsers.md index 99cf8823d..7d484b569 100644 --- a/i18n/sv/mobile-browsers.md +++ b/i18n/sv/mobile-browsers.md @@ -1,13 +1,14 @@ --- -title: "Mobile Browsers" +title: "Mobila webbläsare" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- -These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. +Detta är våra för närvarande rekommenderade mobila webbläsare och konfigurationer för standardiserad/icke-anonym surfning på internet. Om du vill surfa anonymt på internet bör du använda [Tor](tor.md) i stället. I allmänhet rekommenderar vi att du håller ett minimum av tillägg; de har privilegierad åtkomst i din webbläsare, kräver att du litar på utvecklaren, kan få dig [att sticka ut](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)och [försvagar](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) webbplatsens isolering. ## Android -On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196). +På Android är Firefox fortfarande mindre säkert än Chromium-baserade alternativ: Mozillas motor, [GeckoView](https://mozilla.github.io/geckoview/), har ännu inte stöd för [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) eller aktiverar [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196). ### Brave @@ -15,137 +16,136 @@ On Android, Firefox is still less secure than Chromium-based alternatives: Mozil ![Brave logo](assets/img/browsers/brave.svg){ align=right } - **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default. + **Brave Browser** innehåller en inbyggd innehållsblockerare och [integritetsfunktioner] (https://brave.com/privacy-features/), varav många är aktiverade som standard. - Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues. + Brave bygger på webbläsarprojektet Chromium, så den bör kännas bekant och ha minimala problem med webbkompatibilitet. - [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary } - [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads annotate + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://lbry.com/faq/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser) - - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) + - [:simple-github: App Store](https://github.com/brave/brave-browser/releases) -#### Recommended Configuration +#### Rekommenderad konfiguration -Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. +Tor Browser är det enda sättet att verkligen surfa anonymt på internet. När du använder Brave rekommenderar vi att du ändrar följande inställningar för att skydda din integritet från vissa parter, men alla andra webbläsare än [Tor Browser](tor.md#tor-browser) kommer att kunna spåras av *någon* i något avseende. -These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy** +Dessa alternativ finns i :material-menu: → **Inställningar** → **Modiga sköldar & sekretess** -##### Shields +##### Sköldar -Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit. +Brave har några åtgärder mot fingeravtryck i sin funktion [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-). Vi föreslår att du konfigurerar dessa alternativ [globalt](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) på alla sidor som du besöker. -##### Brave shields global defaults +##### Brave skyddar globala standardvärden -Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: +Shields alternativ kan nedgraderas vid behov för varje enskild plats, men som standard rekommenderar vi att du ställer in följande:
-- [x] Select **Aggressive** under Block trackers & ads +- [x] Välj **Aggressiv** under Blockera spårare och annonser - ??? warning "Use default filter lists" - Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. +??? varning "Use default filter lists" + Brave låter dig välja ytterligare innehållsfilter på den interna sidan `brave://adblock`. Vi avråder från att använda den här funktionen; behåll istället standardfilterlistorna. Om du använder extra listor sticker du ut från andra Brave-användare och kan också öka angreppsytan om det finns en exploit i Brave och en skadlig regel läggs till i en av de listor du använder. -- [x] Select **Upgrade connections to HTTPS** -- [x] (Optional) Select **Block Scripts** (1) -- [x] Select **Strict, may break sites** under **Block fingerprinting** +- [x] Välj **Uppgradera anslutningar till HTTPS** +- [x] (valfritt) Välj **Blocka skript** (1) +- [x] Välj **Strikt, kan skada webbplatser** under **Blocka fingeravtryck**
-1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension. +1. Det här alternativet ger funktioner som liknar uBlock Origin avancerade blockeringslägen för [](https://github.com/gorhill/uBlock/wiki/Blocking-mode) eller tillägget [NoScript](https://noscript.net/). -##### Clear browsing data +##### Rensa surfhistorik -- [x] Select **Clear data on exit** +- [x] Välj **Rensa uppgifter vid avslut** -##### Social Media Blocking +##### Blockering av sociala medier -- [ ] Uncheck all social media components +- [ ] Avmarkera alla komponenter för sociala medier -##### Other privacy settings +##### Andra sekretessinställningar
-- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) -- [ ] Uncheck **Allow sites to check if you have payment methods saved** -- [ ] Uncheck **IPFS Gateway** (1) -- [x] Select **Close tabs on exit** -- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** -- [ ] Uncheck **Automatically send diagnostic reports** -- [ ] Uncheck **Automatically send daily usage ping to Brave** +- [x] Välj **Disable non-proxied UDP** under [WebRTC IP Handling Policy] (https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) +- [ ] Avmarkera **Allow sites to check if you have payment methods saved** +- [ ] Avmarkera **IPFS Gateway** (1) +- [ ] [x] Välj **Slut flikar vid avslut** +- [ ] Avmarkera **Allow privacy-preserving product analytics (P3A)** +- [ ] Avmarkera **Automatiskt skicka diagnostiska rapporter** +- [ ] Avmarkera **Automatiskt skicka daglig användningsping till Brave** -1. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. +1. InterPlanetary File System (IPFS) är ett decentraliserat peer-to-peer-nätverk för lagring och delning av data i ett distribuerat filsystem. Om du inte använder funktionen, inaktivera den.
#### Brave Sync -[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. +[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) gör det möjligt att få tillgång till dina webbläsardata (historik, bokmärken osv.) på alla dina enheter utan att du behöver ett konto och skyddar dem med E2EE. ## iOS -On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser. +I iOS är alla appar som kan surfa på webben [](https://developer.apple.com/app-store/review/guidelines) begränsade till att använda Apples WebKit-ramverk [WebKit](https://developer.apple.com/documentation/webkit), så det finns få skäl att använda en tredjepartswebbläsare. ### Safari !!! recommendation - ![Safari logo](assets/img/browsers/safari.svg){ align=right } + ![Safari-logotyp](assets/img/browsers/safari.svg){ align=right } - **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades. + **Safari** är standardwebbläsaren i iOS. Den innehåller [integritetsfunktioner] (https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) som intelligent spårningsskydd, integritetsrapport, isolerade flikar för privat surfning, iCloud Private Relay och automatiska HTTPS-uppgraderingar. - [:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation} + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Contribute} -#### Recommended Configuration +#### Rekommenderad konfiguration -These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**. +Dessa alternativ finns i :gear: **Inställningar** → **Safari** → **Sekretess och säkerhet**. -##### Cross-Site Tracking Prevention +##### Förebyggande av spårning på olika webbplatser -- [x] Enable **Prevent Cross-Site Tracking** +- [x] Aktivera **Förhindra spårning på andra webbplatser** -This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability. +Detta aktiverar WebKits [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). Funktionen hjälper till att skydda mot oönskad spårning genom att använda maskininlärning på enheten för att stoppa spårare. ITP skyddar mot många vanliga hot, men blockerar inte alla spårningsvägar eftersom den är utformad för att inte störa användbarheten av webbplatser. -##### Privacy Report +##### Integritetsrapport -Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time. +Privacy Report ger en ögonblicksbild av de spårare som för närvarande förhindras från att profilera dig på den webbplats du besöker. Den kan också visa en veckorapport som visar vilka spårare som har blockerats över tid. -Privacy Report is accessible via the Page Settings menu. +Rapporten om sekretess är tillgänglig via menyn Sidinställningar. -##### Privacy Preserving Ad Measurement +##### Sekretessbevarande annonsmätning -- [ ] Disable **Privacy Preserving Ad Measurement** +- [ ] Inaktivera **Integritetsbevarande annonsmätning** -Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy. +Vid mätning av annonsklick har man traditionellt använt spårningsteknik som inkräktar på användarnas integritet. [Privat klickmätning](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) är en WebKit-funktion och föreslagen webbstandard som syftar till att göra det möjligt för annonsörer att mäta effektiviteten hos webbkampanjer utan att kompromissa med användarnas integritet. -The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature. +Funktionen har i sig själv inga större problem med integriteten, så även om du kan välja att låta den vara aktiverad anser vi att det faktum att den automatiskt inaktiveras i privat surfning är en indikator för att inaktivera funktionen. -##### Always-on Private Browsing +##### Alltid privat surfning -Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list. +Öppna Safari och tryck på knappen Flikar längst ner till höger. Expandera sedan listan Flikgrupper. -- [x] Select **Private** +- [x] Välj **Rensa uppgifter vid avslut** -Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature. +Safaris läge för privat surfning ger ytterligare skydd för privatlivet. Privat surfning använder en ny [tillfällig](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) -session för varje flik, vilket innebär att flikarna är isolerade från varandra. Det finns också andra mindre sekretessfördelar med privat surfning, till exempel att inte skicka en webbsidas adress till Apple när du använder Safaris översättningsfunktion. -Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience. +Observera att privat surfning inte sparar cookies och webbplatsdata, så det är inte möjligt att vara inloggad på webbplatser. Detta kan vara en olägenhet. -##### iCloud Sync +##### iCloud-synkronisering -Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/). +Synkronisering av Safari-historik, flikgrupper, iCloud-flikar och sparade lösenord är E2EE. Som standard är bokmärken dock [och inte](https://support.apple.com/en-us/HT202303). Apple kan dekryptera och komma åt dem i enlighet med sin sekretesspolicy för [](https://www.apple.com/legal/privacy/en-ww/). -You can enable E2EE for you Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/en-us/HT212520). Go to your **Apple ID name → iCloud → Advanced Data Protection**. +Du kan aktivera E2EE för dig Safari-bokmärken och nedladdningar genom att aktivera [Avancerat dataskydd](https://support.apple.com/en-us/HT212520). Gå till ditt **Apple-ID-namn → iCloud → Avancerat dataskydd**. -- [x] Turn On **Advanced Data Protection** +- [x] Aktivera **Avancerat dataskydd** -If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**. +Om du använder iCloud med avancerat dataskydd inaktiverat rekommenderar vi också att du kontrollerar att Safaris standardhämtningsplats är inställd på lokalt på din enhet. Detta alternativ finns i :gear: **Inställningar** → **Safari** → **Allmänt** → **Nedladdningar**. ### AdGuard @@ -153,41 +153,39 @@ If you use iCloud with Advanced Data Protection disabled, we also recommend chec ![AdGuard logo](assets/img/browsers/adguard.svg){ align=right } - **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker). + **AdGuard för iOS** är ett gratis tillägg för innehållsspärrning för Safari med öppen källkod som använder det inhemska [Content Blocker API] (https://developer.apple.com/documentation/safariservices/creating_a_content_blocker). - AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge. + AdGuard för iOS har vissa premiumfunktioner, men standardblockeringen av innehåll i Safari är gratis. - [:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary } - [:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://kb.adguard.com/ios/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1047223162) -Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. +Ytterligare filterlistor saktar ner saker och kan öka din attackyta, så använd bara det du behöver. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Requirements +### Minimikrav -- Must support automatic updates. -- Must receive engine updates in 0-1 days from upstream release. -- Any changes required to make the browser more privacy-respecting should not negatively impact user experience. -- Android browsers must use the Chromium engine. - - Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android. - - iOS browsers are limited to WebKit. +- Måste ha stöd för automatiska uppdateringar. +- Måste få motoruppdateringar inom 0-1 dagar från uppströmsutgåvan. +- Eventuella ändringar som krävs för att göra webbläsaren mer integritetsvänlig bör inte påverka användarupplevelsen negativt. +- Android webbläsare måste använda Chromium-motorn. + - Tyvärr är Mozilla GeckoView fortfarande mindre säkert än Chromium på Android. + - iOS-browsers är begränsade till WebKit. -### Extension Criteria +### Kriterier för förlängning -- Must not replicate built-in browser or OS functionality. -- Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.sv.txt" +- Får inte replikera inbyggda webbläsar- eller OS-funktioner. +- Måste direkt påverka användarens integritet, det vill säga får inte bara ge information. diff --git a/i18n/sv/multi-factor-authentication.md b/i18n/sv/multi-factor-authentication.md index 7fda25b99..b19930e57 100644 --- a/i18n/sv/multi-factor-authentication.md +++ b/i18n/sv/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -28,117 +29,115 @@ For models which support HOTP and TOTP, there are 2 slots in the OTP interface w !!! warning The firmware of YubiKey is not open-source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. -### Nitrokey / Librem Key +### Nitrokey /Librem-nyckel !!! recommendation ![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right } - **Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**. + **Nitrokey** har en säkerhetsnyckel som kan [FIDO2 och WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) som heter **Nitrokey FIDO2**. För PGP-stöd måste du köpa en av deras andra nycklar som * * Nitrokey Start * *, * *NitrokeyPro 2** eller **NitrokeyStorage 2**. - [:octicons-home-16: Homepage](https://www.nitrokey.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation} + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-info-16:](https://docs.nitrokey.com){ .card-link title=Contribute} -The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set. +Jämförelsetabellen [](https://www.nitrokey.com/#comparison) visar funktionerna och hur Nitrokey-modellerna jämför. De **Nitrokey 3** listade kommer att ha en kombinerad funktionsuppsättning. -Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey.com/download). +Nitrokey-modeller kan konfigureras med [Nitrokey-appen](https://www.nitrokey.com/download). -For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface. +För de modeller som stöder HOTP och TOTP finns det 3 platser för HOTP och 15 för TOTP. Vissa Nitrokeys kan fungera som en lösenordshanterare. De kan lagra 16 olika autentiseringsuppgifter och kryptera dem med samma lösenord som OpenPGP-gränssnittet. -!!! warning +!!! varning - While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP these secrets, we highly recommend that you use a Yubikey instead. + Även om Nitrokeys inte lämnar ut HOTP/TOTP-hemligheterna till den enhet de är anslutna till, är HOTP- och TOTP-lagringen **inte** krypterad och sårbar för fysiska attacker. Om du vill lagra HOTP- eller TOTP-hemligheter rekommenderar vi starkt att du använder en Yubikey i stället. -!!! warning +!!! varning - Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset). + Återställning av OpenPGP-gränssnittet på en Nitrokey kommer också att göra lösenordsdatabasen [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset). - The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes. + Nitrokey Pro 2, Nitrokey Storage 2 och den kommande Nitrokey 3 stöder systemintegritetskontroll för bärbara datorer med [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism 's [Librem Key](https://puri.sm/products/librem-key/) är en rebranded NitroKey Pro 2 med liknande firmware och kan också användas för samma ändamål. -Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable. +Nitrokey firmware är öppen källkod, till skillnad från YubiKey. Den inbyggda programvaran på moderna NitroKey-modeller (utom **NitroKey Pro 2**) kan uppdateras. -!!! tip +!!! dricks - The Nitrokey app, while compatible with Librem Keys, requires `libnitrokey` version 3.6 or above to recognize them. Currently, the package is outdated on Windows, macOS, and most Linux distributions' repository, so you will likely have to compile the Nitrokey app yourself to get it working with the Librem Key. On Linux, you can obtain an up-to-date version from [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app). + Nitrokey-appen är kompatibel med Librem Keys, men kräver "libnitrokey "version 3.6 eller senare för att känna igen dem. För närvarande är paketet föråldrat i Windows, macOS och de flesta Linuxdistributioners arkiv, så du måste troligen kompilera Nitrokey-appen själv för att få den att fungera med Librem Key. På Linux kan du få en uppdaterad version från [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app). -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -#### Minimum Requirements +#### Minimikrav -- Must use high quality, tamper resistant hardware security modules. -- Must support the latest FIDO2 specification. -- Must not allow private key extraction. -- Devices which cost over $35 must support handling OpenPGP and S/MIME. +- Måste använda högkvalitativa, manipuleringssäkra hårdvarusäkerhetsmoduler. +- Måste stödja den senaste FIDO2-specifikationen. +- Får inte tillåta utvinning av privata nycklar. +- Enheter som kostar mer än 35 dollar måste ha stöd för hantering av OpenPGP och S/MIME. -#### Best-Case +#### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. -- Should be available in USB-C form-factor. -- Should be available with NFC. -- Should support TOTP secret storage. -- Should support secure firmware updates. +- Bör finnas tillgänglig i USB-C-format. +- Bör finnas tillgängligt med NFC. +- Bör stödja TOTP hemlig lagring. +- Bör stödja säkra uppdateringar av fast programvara. -## Authenticator Apps +## Autentiseringsapp -Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be. +Authenticator Apps implementerar en säkerhetsstandard som antagits av Internet Engineering Task Force (IETF) kallad **Time-based Engångslösenord**eller **TOTP**. Detta är en metod där webbplatser delar en hemlighet med dig som används av din autentiseringsapp för att generera en sex (vanligtvis) siffrig kod baserat på aktuell tid, som du anger när du loggar in för att webbplatsen ska kontrollera. Vanligtvis regenereras dessa koder var 30: e sekund, och när en ny kod genereras blir den gamla värdelös. Även om en hackare får tag på en sexsiffrig kod finns det inget sätt för dem att vända på koden för att få fram den ursprungliga hemligheten eller på annat sätt kunna förutsäga vad framtida koder kan vara. -We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems. +Vi rekommenderar starkt att du använder mobila TOTP-appar i stället för alternativ för datorer eftersom Android och iOS har bättre säkerhet och appisolering än de flesta operativsystem för datorer. ### Aegis Authenticator (Android) !!! recommendation - ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ align=right } + ![Aegis logotyp](assets/img/multi-factor-authentication/aegis.png){ align=right } - **Aegis Authenticator** is a free, secure and open-source app to manage your 2-step verification tokens for your online services. + **Aegis Authenticator** är en gratis, säker och öppen källkodsapp för att hantera dina tvåstegsverifieringstokens för dina onlinetjänster. - [:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary } - [:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Källkod" } + [:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis) - - [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases) + - [:simple-github: App Store](https://github.com/beemdevelopment/Aegis/releases) ### Raivo OTP (iOS) !!! recommendation - ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ align=right } + ![Raivo OTP-logotyp](assets/img/multi-factor-authentication/raivo-otp.png){ align=right } - **Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app. + **Raivo OTP** är en inbyggd, lätt och säker tidsbaserad (TOTP) & kontrabaserad (HOTP) lösenordsklient för iOS. Raivo OTP erbjuder valfri iCloud backup & synkronisering. Raivo OTP finns också tillgängligt för macOS i form av en applikation i statusfältet, men Mac-appen fungerar inte oberoende av iOS-appen. - [:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" } - [:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-code-16:](https://github.com/raivo-otp/ios-application/){ .card-link title=Dokumentation} + [:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must be open-source software. -- Must not require internet connectivity. +- Måste vara programvara med öppen källkod. +- Får inte kräva internetuppkoppling. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/news-aggregators.md b/i18n/sv/news-aggregators.md index 24ced6fef..8e30a2148 100644 --- a/i18n/sv/news-aggregators.md +++ b/i18n/sv/news-aggregators.md @@ -1,93 +1,94 @@ --- -title: "News Aggregators" +title: "Nyhetsaggregatorer" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. -## Aggregator clients +## Aggregatorklienter ### Akregator !!! recommendation - ![Akregator logo](assets/img/news-aggregators/akregator.svg){ align=right } + ![Akregators logotyp](assets/img/news-aggregators/akregator.svg){ align=right } - **Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading. + **Akregator** är en nyhetsflödesläsare som är en del av projektet [KDE](https://kde.org). Den har en snabb sökning, avancerad arkiveringsfunktionalitet och en intern webbläsare för enkel läsning av nyheter. - [:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary } - [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation} - [:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.kde.org/?application=akregator/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Källkod" } [:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.akregator) -### Feeder +### Matare !!! recommendation ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right } - **Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). + **Feeder** är en modern RSS-klient för Android som har många [features](https://gitlab. om/spacecowboy/Feeder#funktioner) och fungerar bra med mappar RSS-flöden. Den stöder [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) och [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). - [:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary } - [:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" } + [:octicons-repo-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } [:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play) + - [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play) -### Fluent Reader +### Flytande läsare !!! recommendation - ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right } + ![Fluent Reader-logotyp](assets/img/news-aggregators/fluent-reader.svg){ align=right } - **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md). + **Fluent Reader** är en säker plattformsoberoende nyhetsaggregator som har användbara integritetsfunktioner som t.ex. radering av cookies vid avslut, strikt [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) och proxystöd, vilket innebär att du kan använda den via [Tor](tor.md). - [:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } - [:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Källkod" } + [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - - [:simple-windows11: Windows](https://hyliu.me/fluent-reader) + - [:simple-windows11: Google Play](https://hyliu.me/fluent-reader) - [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427) -### GNOME Feeds +### GNOME-flöden !!! recommendation - ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ align=right } + ![GNOME Feeds logotyp](assets/img/news-aggregators/gfeeds.svg){ align=right } - **GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast. + **GNOME Feeds** är en nyhetsläsare för [RSS](https://en.wikipedia.org/wiki/RSS) och [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) för [GNOME](https://www.gnome.org). Det har ett enkelt gränssnitt och är ganska snabbt. - [:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary } - [:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" } - [:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute } + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-heart-16:](https://liberapay.com/gabmus){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - - [:simple-linux: Linux](https://gfeeds.gabmus.org/#install) - - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gabmus.gfeeds) + - [:simple-linux: Google Play](https://gfeeds.gabmus.org/#install) + - [:simple-flathub: App Store](https://flathub.org/apps/details/org.gabmus.gfeeds) ### Miniflux !!! recommendation - ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right } + ![Miniflux logotyp](assets/img/news-aggregators/miniflux.svg#only-light){ align=right } ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right } - **Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). + **Miniflux** är en webbaserad nyhetsaggregator som du kan lägga upp själv. Den stöder [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) och [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). - [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary } - [:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" } [:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute } @@ -97,14 +98,14 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ align=right } - **NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Twitter and Reddit feeds. + **NetNewsWire** är en gratis och öppen källkodsläsare för macOS och iOS med fokus på en inhemsk design och funktionalitet. Den stöder de vanliga feedformaten samt inbyggt stöd för Twitter- och Reddit-flöden. - [:octicons-home-16: Homepage](https://netnewswire.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210) - [:simple-apple: macOS](https://netnewswire.com) @@ -113,35 +114,35 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k !!! recommendation - ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ align=right } + ![Newsboat-logotyp](assets/img/news-aggregators/newsboat.svg){ align=right } - **Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell). + **Newsboat** är en RSS/Atom-flödesläsare för textkonsolen. Det är en aktivt underhållen gaffel av [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). Den är mycket lätt och idealisk för användning via [Secure Shell] (https://en.wikipedia.org/wiki/Secure_Shell). - [:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" } + [](){ .card-link title=Contribute } -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must be open-source software. -- Must operate locally, i.e. must not be a cloud service. +- Måste vara programvara med öppen källkod. +- Måste fungera lokalt, dvs. får inte vara en molntjänst. -## Social Media RSS Support +## RSS-support för sociala medier -Some social media services also support RSS although it's not often advertised. +Vissa sociala medietjänster har också stöd för RSS, även om det inte ofta annonseras. ### Reddit -Reddit allows you to subscribe to subreddits via RSS. +På Reddit kan du prenumerera på subreddits via RSS. -!!! example - Replace `subreddit_name` with the subreddit you wish to subscribe to. +!!! exempel + Ersätt `subreddit_name` med det subreddit du vill prenumerera på. ```text https://www.reddit.com/r/{{ subreddit_name }}/new/.rss @@ -149,11 +150,11 @@ Reddit allows you to subscribe to subreddits via RSS. ### Twitter -Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instances) you can easily subscribe using RSS. +Med hjälp av någon av Nitter [-instanserna](https://github.com/zedeus/nitter/wiki/Instances) kan du enkelt prenumerera via RSS. -!!! example - 1. Pick an instance and set `nitter_instance`. - 2. Replace `twitter_account` with the account name. +!!! exempel + 1. Välj en instans och ställ in `nitter_instance`. + 2. Ersätt `twitter_account` med kontonamnet. ```text https://{{ nitter_instance }}/{{ twitter_account }}/rss @@ -161,13 +162,11 @@ Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instan ### YouTube -You can subscribe YouTube channels without logging in and associating usage information with your Google Account. +Du kan prenumerera på YouTube-kanaler utan att logga in och koppla användningsinformation till ditt Google-konto. -!!! example +!!! exempel - To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `[CHANNEL ID]` below: + Om du vill prenumerera på en YouTube-kanal med en RSS-klient letar du först efter din [kanalkod] (https://support.google.com/youtube/answer/6180214) och ersätter `[KANAL-ID]` nedan: ```text - https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] + https://www.youtube.com/feeds/videos.xml?channel_id=[KANAL-ID] ``` - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/notebooks.md b/i18n/sv/notebooks.md index 98e3e20f2..be23552bd 100644 --- a/i18n/sv/notebooks.md +++ b/i18n/sv/notebooks.md @@ -1,29 +1,30 @@ --- -title: "Notebooks" +title: "Anteckningsböcker" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- -Keep track of your notes and journalings without giving them to a third-party. +Håll koll på dina anteckningar och dagboksanteckningar utan att ge dem till tredje part. -If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE. +Om du för närvarande använder ett program som Evernote, Google Keep eller Microsoft OneNote föreslår vi att du väljer ett alternativ som stöder E2EE. -## Cloud-based +## Molnbaserad ### Joplin !!! recommendation - ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right } + ![Joplin-logotyp](assets/img/notebooks/joplin.svg){ align=right } - **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes. + **Joplin** är ett kostnadsfritt, öppen källkod och fullt utrustat program för anteckningar och att göra som kan hantera ett stort antal markdown-noter organiserade i anteckningsböcker och taggar. Det erbjuder E2EE och kan synkroniseras via Nextcloud, Dropbox och mer. Det erbjuder också enkel import från Evernote och vanlig text anteckningar. - [:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Källkod" } [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin) - [:simple-appstore: App Store](https://apps.apple.com/us/app/joplin/id1315599797) @@ -32,25 +33,25 @@ If you are currently using an application like Evernote, Google Keep, or Microso - [:simple-apple: macOS](https://joplinapp.org/#desktop-applications) - [:simple-linux: Linux](https://joplinapp.org/#desktop-applications) - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/) - - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmk -Joplin does not support password/PIN protection for the [application itself or individual notes and notebooks](https://github.com/laurent22/joplin/issues/289). However, your data is still encrypted in transit and at the sync location using your master key. Since January 2023, Joplin supports biometrics app lock for [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) and [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). +Joplin stöder inte lösenord/PIN-skydd för [applikationen själv eller enskilda anteckningar och anteckningsböcker](https://github.com/laurent22/joplin/issues/289). Dina data är dock fortfarande krypterade under överföring och på synkroniseringsplatsen med hjälp av huvudnyckeln. Sedan januari 2023 stöder Joplin biometrisk applåsning för [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) och [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). -### Standard Notes +### Standardnoteringar !!! recommendation ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } - **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). + **Standard Notes** är en enkel och privat anteckningsapp som gör dina anteckningar enkla och tillgängliga överallt. Den har E2EE på alla plattformar och en kraftfull skrivbordsupplevelse med teman och anpassade redaktörer. Den har också [reviderats av en oberoende revisionsbyrå (PDF)] (https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). - [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" } - [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://standardnotes.com/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Källkod" } + [:octicons-heart-16:](https://standardnotes.com/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes) - [:simple-appstore: App Store](https://apps.apple.com/app/id1285392450) @@ -64,52 +65,50 @@ Joplin does not support password/PIN protection for the [application itself or i !!! recommendation - ![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right } + ![Cryptee-logotyp](./assets/img/notebooks/cryptee.svg#only-light){ align=right } ![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right } - **Cryptee** is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform. + **Cryptee** är en webbaserad E2EE-dokumentredigerare med öppen källkod och ett program för lagring av foton. Cryptee är en PWA, vilket innebär att den fungerar smidigt på alla moderna enheter utan att kräva inbyggda appar för varje plattform. - [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary } - [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://crypt.ee/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - - [:octicons-globe-16: PWA](https://crypt.ee/download) + - [:octicons-globe-16: Flathub](https://crypt.ee/download) -Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information. +Cryptee erbjuder 100 Mb lagring gratis, med betalalternativ om du behöver mer. För att registrera dig krävs ingen e-post eller annan personligt identifierbar information. -## Local notebooks +## Lokala anteckningsböcker -### Org-mode +### Org-läge !!! recommendation ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right } - **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools. + **Org-mode** är ett [major mode] (https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) för GNU Emacs. Org-mode är till för att föra anteckningar, upprätthålla TODO-listor, planera projekt och skriva dokument med ett snabbt och effektivt system för klartext. Synkronisering är möjlig med [filsynkronisering](file-sharing.md#file-sync)-verktyg. - [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" } [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute } -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Clients must be open-source. -- Any cloud sync functionality must be E2EE. -- Must support exporting documents into a standard format. +- Klienterna bör ha öppen källkod. +- Alla funktioner för molnsynkronisering måste vara E2EE. +- Måste stödja export av dokument till ett standardformat. -### Best Case +### Bästa fall -- Local backup/sync functionality should support encryption. -- Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.sv.txt" +- Funktioner för lokal säkerhetskopiering/synkronisering bör stödja kryptering. +- Molnbaserade plattformar bör stödja delning av dokument. diff --git a/i18n/sv/os/android-overview.md b/i18n/sv/os/android-overview.md index 8bc4aea77..c334d55e6 100644 --- a/i18n/sv/os/android-overview.md +++ b/i18n/sv/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! varning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! anmärkning + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/os/linux-overview.md b/i18n/sv/os/linux-overview.md index b14b84a2f..161a9aba3 100644 --- a/i18n/sv/os/linux-overview.md +++ b/i18n/sv/os/linux-overview.md @@ -1,135 +1,136 @@ --- -title: Linux Overview +title: Översikt över Linux icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +Man tror ofta att [programvara med öppen källkod](https://en.wikipedia.org/wiki/Open-source_software) är säker i sig eftersom källkoden är tillgänglig. Det finns en förväntan på att gemenskapens kontroll sker regelbundet, men detta är inte alltid fallet [](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. -At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: +För närvarande har skrivbord Linux några områden som kan förbättras bättre jämfört med sina egenutvecklade motsvarigheter, t.ex.: -- A verified boot chain, like Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS' [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack) -- A strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go -- Strong [exploit mitigations](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations) +- En verifierad startkedja, som Apples [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (med [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Androids [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot)eller Microsoft Windows [bootprocess](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) med [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). Dessa funktioner och hårdvarutekniker kan alla bidra till att förhindra ihållande manipulering av skadlig kod eller [evil maid-attacker](https://en.wikipedia.org/wiki/Evil_Maid_attack) +- En stark sandlådelösning som den som finns i [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md)och [Android](https://source.android.com/security/app-sandbox). Vanligt förekommande sandboxing-lösningar för Linux, t.ex. [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) och [Firejail](https://firejail.wordpress.com/), har fortfarande en lång väg att gå +- Starka [åtgärder för att minska exploateringar](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations) -Despite these drawbacks, desktop Linux distributions are great if you want to: +Trots dessa nackdelar är stationära Linux-distributioner bra om du vill: -- Avoid telemetry that often comes with proprietary operating systems -- Maintain [software freedom](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms) -- Have privacy focused systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/) +- Undvik telemetri som ofta kommer med egna operativsystem +- Bevara [frihet för programvara](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms) +- Har system som är inriktade på integritet, t.ex. [Whonix](https://www.whonix.org) eller [Tails](https://tails.boum.org/) -Our website generally uses the term “Linux” to describe desktop Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed here. +På vår webbplats används i allmänhet termen "Linux" för att beskriva Linuxdistributioner för skrivbordsmiljöer. Andra operativsystem som också använder Linux-kärnan som ChromeOS, Android och Qubes OS diskuteras inte här. -[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button} +[Våra Linux-rekommendationer :material-arrow-right-drop-circle:](../desktop.md ""){.md-button} -## Choosing your distribution +## Välja din distribution -Not all Linux distributions are created equal. While our Linux recommendation page is not meant to be an authoritative source on which distribution you should use, there are a few things you should keep in mind when choosing which distribution to use. +Inte alla Linux-distributioner är skapade lika. Medan vår Linux-rekommendationssida inte är avsedd att vara en auktoritativ källa på vilken distribution du ska använda, finns det några saker du bör tänka på när du väljer vilken distribution du ska använda. -### Release cycle +### Utgivningscykel -We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates. +Vi rekommenderar starkt att du väljer distributioner som ligger nära de stabila uppströmsutgåvorna, ofta kallade rullande utgåvor. Detta beror på att frysta utgåvor ofta inte uppdaterar paketversioner och hamnar bakom säkerhetsuppdateringar. -For frozen distributions such as [Debian](https://www.debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release. +För frusna distributioner som [Debian](https://www.debian.org/security/faq#handling)förväntas paketansvariga backa patchar för att åtgärda sårbarheter snarare än att stöta programvaran till "nästa version" som släppts av uppströmsutvecklaren. Vissa säkerhetskorrigeringar [inte](https://arxiv.org/abs/2105.14565) får en [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (särskilt mindre populär programvara) alls och därför inte göra det i distributionen med denna patching modell. Som ett resultat hålls mindre säkerhetskorrigeringar ibland tillbaka till nästa stora utgåva. -We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this: +Vi tror inte att hålla paket tillbaka och tillämpa tillfälliga patchar är en bra idé, eftersom det skiljer sig från hur utvecklaren kan ha avsett att programvaran ska fungera. [Richard Brown](https://rootco.de/aboutme/) har en presentation om detta:
- +
-### Traditional vs Atomic updates +### Traditionella och atomära uppdateringar -Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating. +Traditionellt sett uppdaterar Linuxdistributioner genom att sekventiellt uppdatera de önskade paketen. Traditionella uppdateringar som de som används i Fedora-, Arch Linux- och Debianbaserade distributioner kan vara mindre tillförlitliga om ett fel uppstår under uppdateringen. -Atomic updating distributions apply updates in full or not at all. Typically, transactional update systems are also atomic. +Distributioner med atomär uppdatering tillämpar uppdateringar i sin helhet eller inte alls. Typiskt sett är transaktionella uppdateringssystem också atomära. -A transactional update system creates a snapshot that is made before and after an update is applied. If an update fails at any time (perhaps due to a power failure), the update can be easily rolled back to a “last known good state." +Ett system för transaktionsuppdatering skapar en ögonblicksbild som görs före och efter att en uppdatering tillämpas. Om en uppdatering misslyckas när som helst (till exempel på grund av ett strömavbrott) kan uppdateringen enkelt återställas till ett "senast kända goda tillstånd" -The Atomic update method is used for immutable distributions like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue: +Atomic update-metoden används för oföränderliga distributioner som Silverblue, Tumbleweed och NixOS och kan uppnå tillförlitlighet med den här modellen. [Adam Šamalík](https://twitter.com/adsamalik) gav en presentation om hur `rpm-ostree` fungerar med Silverblue:
- +
-### “Security-focused” distributions +### "Säkerhetsfokuserad" distribution -There is often some confusion between “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use. +Det råder ofta viss förvirring mellan "säkerhetsfokuserade" fördelningar och "pentesting"-fördelningar. En snabb sökning på "den säkraste Linuxdistributionen" ger ofta resultat som Kali Linux, Black Arch och Parrot OS. Dessa distributioner är offensiva distributioner för penetrationstestning som innehåller verktyg för att testa andra system. De innehåller ingen "extra säkerhet" eller defensiva åtgärder som är avsedda för vanlig användning. -### Arch-based distributions +### Arch Linux baserade distributioner -Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own. +Arch-baserade distributioner rekommenderas inte för dem som är nya i Linux (oavsett distribution) eftersom de kräver regelbundet underhåll av systemet [](https://wiki.archlinux.org/title/System_maintenance). Arch har ingen distributionsuppdateringsmekanism för de underliggande programvaruvalen. Därför måste du hålla dig uppdaterad om aktuella trender och ta till dig teknik när den ersätter äldre metoder på egen hand. -For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). +För ett säkert system förväntas du också ha tillräckliga Linuxkunskaper för att korrekt konfigurera säkerheten för deras system, t.ex. anta ett [obligatoriskt system för åtkomstkontroll](https://en.wikipedia.org/wiki/Mandatory_access_control), konfigurera [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, skärpa uppstartsparametrar, manipulera [sysctl](https://en.wikipedia.org/wiki/Sysctl) -parametrar och veta vilka komponenter de behöver, t.ex. [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to use third-party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora. +Alla som använder [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **måste** vara bekväma med att granska PKGBUILDs som de installerar från den tjänsten. AUR-paket är innehåll som produceras av gemenskapen och är inte granskade på något sätt, och är därför sårbara för attacker i programvarukedjan, vilket faktiskt har hänt [tidigare](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR bör alltid användas sparsamt och ofta finns det många dåliga råd på olika sidor som uppmanar folk att blint använda [AUR-hjälpmedel](https://wiki.archlinux.org/title/AUR_helpers) utan tillräcklig varning. Liknande varningar gäller för användning av tredje parts Personal Package Archives (PPAs) på Debianbaserade distributioner eller Community Projects (COPR) på Fedora. -If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend mainline Arch Linux, not any of its derivatives. We recommend against these two Arch derivatives specifically: +Om du har erfarenhet av Linux och vill använda en Arch-baserad distribution rekommenderar vi endast huvudversionen av Arch Linux, inte något av dess derivat. Vi rekommenderar särskilt dessa två Arch-derivat: -- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories. -- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks. +- **Manjaro**: Denna distribution håller tillbaka paket i två veckor för att se till att deras egna ändringar inte går sönder, inte för att se till att uppströmsversionen är stabil. När AUR-paket används byggs de ofta med de senaste [-biblioteken](https://en.wikipedia.org/wiki/Library_(computing)) från Arch:s arkiv. +- **Garuda**: De använder [Chaotic-AUR](https://aur.chaotic.cx/) som automatiskt och blint kompilerar paket från AUR. Det finns ingen verifieringsprocess för att se till att AUR-paketen inte drabbas av attacker i leveranskedjan. ### Kicksecure -While we strongly recommend against using outdated distributions like Debian, there is a Debian based operating system that has been hardened to be much more secure than typical Linux distributions: [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. +Vi rekommenderar starkt att du inte använder föråldrade distributioner som Debian, men det finns ett Debianbaserat operativsystem som har hårdgjorts för att vara mycket säkrare än vanliga Linuxdistributioner: [Kicksecure](https://www.kicksecure.com/). Kicksecure är, förenklat uttryckt, en uppsättning skript, konfigurationer och paket som avsevärt minskar angreppsytan för Debian. Den täcker många rekommendationer för sekretess och skydd av integritet som standard. -### Linux-libre kernel and “Libre” distributions +### Linux-libre-kärnan och "Libre"-distributioner -We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons. +Vi rekommenderar starkt **att** inte använder Linux-libre-kärnan, eftersom den [tar bort säkerhetsåtgärder](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) och [av ideologiska skäl undertrycker kärnans varningar](https://news.ycombinator.com/item?id=29674846) om sårbar mikrokod. -## General Recommendations +## Allmänna rekommendationer -### Drive Encryption +### Enhetskryptering -Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device: +De flesta Linux-distributioner har ett alternativ i installationsprogrammet för att aktivera [LUKS](../encryption.md#linux-unified-key-setup) fde. Om det här alternativet inte är inställt vid installationstillfället måste du säkerhetskopiera dina data och installera om, eftersom krypteringen tillämpas efter [diskpartitionering](https://en.wikipedia.org/wiki/Disk_partitioning), men innan [filsystem](https://en.wikipedia.org/wiki/File_system) formateras. Vi föreslår också att du raderar din lagringsenhet på ett säkert sätt: -- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) +- [Säker radering av data :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) -### Swap +### Växla -Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM). +Överväg att använda [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) eller [krypterad swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) i stället för okrypterad swap för att undvika potentiella säkerhetsproblem med känsliga data som flyttas till [swaputrymme](https://en.wikipedia.org/wiki/Memory_paging). Fedora-baserade distributioner [använder ZRAM som standard](https://fedoraproject.org/wiki/Changes/SwapOnZRAM). ### Wayland -We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it was developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland. +Vi rekommenderar att du använder en skrivbordsmiljö som stöder visningsprotokollet [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) eftersom det har utvecklats med säkerheten [i åtanke](https://lwn.net/Articles/589147/). Dess föregångare, [X11](https://en.wikipedia.org/wiki/X_Window_System), har inte stöd för isolering av grafiska gränssnitt, vilket gör att alla fönster kan [spela in skärmen, logga och injicera inmatningar i andra fönster](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), vilket gör alla försök till sandboxing meningslösa. Även om det finns alternativ för att göra nested X11, t.ex. [Xpra](https://en.wikipedia.org/wiki/Xpra) eller [Xephyr](https://en.wikipedia.org/wiki/Xephyr), har de ofta negativa konsekvenser för prestandan och är inte bekväma att konfigurera och är inte att föredra framför Wayland. -Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)). +Lyckligtvis har vanliga miljöer som [GNOME](https://www.gnome.org), [KDE](https://kde.org)och fönsterhanteraren [Sway](https://swaywm.org) stöd för Wayland. Vissa distributioner som Fedora och Tumbleweed använder det som standard, och andra kan komma att göra det i framtiden eftersom X11 är i [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). Om du använder en av dessa miljöer är det lika enkelt som att välja "Wayland"-sessionen i skrivbordsdisplayhanteraren ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)). -We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3. +Vi rekommenderar **mot** om du använder skrivbordsmiljöer eller fönsterhanterare som inte har stöd för Wayland, till exempel Cinnamon (standard i Linux Mint), Pantheon (standard i Elementary OS), MATE, Xfce och i3. -### Proprietary Firmware (Microcode Updates) +### Proprietär fast programvara (uppdateringar av mikrokod) -Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) don’t come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates that often patch vulnerabilities. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html). +Linuxdistributioner som [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) eller DIY (Arch Linux) levereras inte med de proprietära [mikrokodsuppdateringarna](https://en.wikipedia.org/wiki/Microcode) som ofta åtgärdar sårbarheter. Några anmärkningsvärda exempel på dessa sårbarheter är [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), och andra [maskinvarusårbarheter](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html). -We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default. +Vi rekommenderar **starkt** att du installerar mikrokodsuppdateringar, eftersom din CPU redan kör den egenutvecklade mikrokoden från fabriken. Fedora och openSUSE har båda mikrokoduppdateringar som standard. -### Updates +### Uppdateringar -Most Linux distributions will automatically install updates or remind you to do so. It is important to keep your OS up to date so that your software is patched when a vulnerability is found. +De flesta Linuxdistributioner installerar automatiskt uppdateringar eller påminner dig om att göra det. Det är viktigt att hålla operativsystemet uppdaterat så att programvaran korrigeras när en sårbarhet hittas. -Some distributions (particularly those aimed at advanced users) are more barebones and expect you to do things yourself (e.g. Arch or Debian). These will require running the "package manager" (`apt`, `pacman`, `dnf`, etc.) manually in order to receive important security updates. +Vissa distributioner (särskilt de som riktar sig till avancerade användare) är mer avskalade och förväntar sig att du gör saker själv (t.ex. Arch eller Debian). Dessa kräver att du kör "pakethanteraren" (`apt`, `pacman`, `dnf`, etc.) manuellt för att få viktiga säkerhetsuppdateringar. -Additionally, some distributions will not download firmware updates automatically. For that you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd). +Dessutom hämtar vissa distributioner inte uppdateringar av den fasta programvaran automatiskt. För detta måste du installera [`fwupd`](https://wiki.archlinux.org/title/Fwupd). -## Privacy Tweaks +## Verktyg för integritet -### MAC Address Randomization +### Randomisering av MAC-adresser -Many desktop Linux distributions (Fedora, openSUSE, etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings. +Många Linuxdistributioner för skrivbordssystem (Fedora, openSUSE osv.) levereras med [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), för att konfigurera Ethernet- och Wi-Fi-inställningar. -It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous. +Det är möjligt att [randomisera MAC-adressen](https://fedoramagazine.org/randomize-mac-address-nm/) [MAC-adressen](https://en.wikipedia.org/wiki/MAC_address) när du använder NetworkManager. Detta ger lite mer integritet i Wi-Fi-nätverk eftersom det är svårare att spåra specifika enheter i nätverket du är ansluten till. Den [**gör dig inte anonym**](https://papers.mathyvanhoef.com/wisec2016.pdf). -We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/). +Vi rekommenderar att du ändrar inställningen till **random** i stället för **stable**, vilket föreslås i artikeln [](https://fedoramagazine.org/randomize-mac-address-nm/). -If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=). +Om du använder [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components)måste du ställa in [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) vilket aktiverar [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=). -There isn’t many points in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fi’s firmware. +Det finns inte många punkter i slumpmässig MAC-adress för Ethernet-anslutningar som en systemadministratör kan hitta dig genom att titta på den port du använder på [-nätverksväxeln](https://en.wikipedia.org/wiki/Network_switch). Randomisering av Wi-Fi- MAC-adresser beror på stöd från Wi-Fi-programmets fasta programvara. -### Other Identifiers +### Andra identifierare -There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../basics/threat-modeling.md): +Det finns andra systemidentifierare som du bör vara försiktig med. Du bör fundera på om detta gäller för din hotmodell [](../basics/threat-modeling.md): -- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings. -- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name. +- **Värdnamn:** Systemets värdnamn delas med de nätverk du ansluter till. Du bör undvika att inkludera identifierande termer som ditt namn eller operativsystem i ditt värdnamn och i stället hålla dig till generiska termer eller slumpmässiga strängar. +- **Användarnamn:** På samma sätt används ditt användarnamn på olika sätt i systemet. Överväg att använda generiska termer som "användare" snarare än ditt faktiska namn. - **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id). ### System Counting @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/os/qubes-overview.md b/i18n/sv/os/qubes-overview.md index 61ac3eb0d..7bbe9cb61 100644 --- a/i18n/sv/os/qubes-overview.md +++ b/i18n/sv/os/qubes-overview.md @@ -1,56 +1,55 @@ --- -title: "Qubes Overview" +title: "Översikt över Qubes" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- -[**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). +[**Qubes OS**](../desktop.md#qubes-os) är ett operativsystem som använder hypervisorn [Xen](https://en.wikipedia.org/wiki/Xen) för att ge stark säkerhet för skrivbordsdatorer genom isolerade virtuella maskiner. Varje virtuell dator kallas *Qube* och du kan tilldela varje Qube en förtroendenivå baserat på dess syfte. Eftersom Qubes OS ger säkerhet genom att använda isolering och endast tillåta åtgärder från fall till fall är det motsatsen till [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). -## How does Qubes OS work? +## Hur fungerar Qubes OS? -Qubes uses [compartmentalization](https://www.qubes-os.org/intro/) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) virtual machines. +Qubes använder [compartmentalization](https://www.qubes-os.org/intro/) för att hålla systemet säkert. Qubes skapas från mallar, med Fedora, Debian och [Whonix](../desktop.md#whonix)som standard. Qubes OS låter dig också skapa en gång [engångs](https://www.qubes-os.org/doc/how-to-use-disposables/) virtuella maskiner. -![Qubes architecture](../assets/img/qubes/qubes-trust-level-architecture.png) -
Qubes Architecture, Credit: What is Qubes OS Intro
+![Qubes arkitektur](../assets/img/qubes/qubes-trust-level-architecture.png) +
Qubes arkitektur, kredit: Vad är Qubes OS Intro
-Each Qubes application has a [colored border](https://www.qubes-os.org/screenshots/) that can help you keep track of the virtual machine it is running in. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser. +Varje Qubes-program har en färgad kant på [](https://www.qubes-os.org/screenshots/) som kan hjälpa dig att hålla reda på vilken virtuell maskin programmet körs på. Du kan till exempel använda en särskild färg för din bankwebbläsare och en annan färg för en allmänt opålitlig webbläsare. -![Colored border](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png) -
Qubes window borders, Credit: Qubes Screenshots
+![Färgad kant](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png) +
Qubes fönstergränser, kredit: Qubes Screenshots
-## Why Should I use Qubes? +## Varför ska jag använda Qubes? -Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong compartmentalization and security, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources. +Qubes OS är användbart om din [hotmodell](../basics/threat-modeling.md) kräver stark uppdelning och säkerhet, t.ex. om du tror att du kommer att öppna opålitliga filer från opålitliga källor. En typisk anledning till att använda Qubes OS är att öppna dokument från okända källor. -Qubes OS utilizes [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM (i.e., an "AdminVM") for controlling other guest VMs or Qubes on the host OS. Other VMs display individual application windows within Dom0's desktop environment. It allows you to color code windows based on trust levels and run apps that can interact with each other with very granular control. +Qubes OS använder [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM (dvs. en "AdminVM") för att kontrollera andra gäst-VM:er eller Qubes på värdoperativsystemet. Andra virtuella datorer visar individuella programfönster i Dom0: s skrivbordsmiljö. Det gör det möjligt att färgkoda fönster baserat på förtroendenivåer och köra appar som kan interagera med varandra med mycket detaljerad kontroll. -### Copying and Pasting Text +### Kopiera och klistra in text -You can [copy and paste text](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/) using `qvm-copy-to-vm` or the below instructions: +Du kan [kopiera och klistra in text](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/) med hjälp av `qvm-copy-to-vm` eller nedanstående instruktioner: -1. Press **Ctrl+C** to tell the VM you're in that you want to copy something. -2. Press **Ctrl+Shift+C** to tell the VM to make this buffer available to the global clipboard. -3. Press **Ctrl+Shift+V** in the destination VM to make the global clipboard available. -4. Press **Ctrl+V** in the destination VM to paste the contents in the buffer. +1. Tryck på **Ctrl+C** för att tala om för den virtuella maskinen att du vill kopiera något. +2. Tryck på **Ctrl+Shift+C** för att be den virtuella maskinen att göra denna buffert tillgänglig för det globala klippbordet. +3. Tryck på **Ctrl+Shift+V** i destinations-VM för att göra det globala klippbordet tillgängligt. +4. Tryck på **Ctrl+V** i den virtuella maskinen för att klistra in innehållet i bufferten. -### File Exchange +### Filutbyte -To copy and paste files and directories (folders) from one VM to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. The difference is that the **Move** option will delete the original file. Either option will protect your clipboard from being leaked to any other Qubes. This is more secure than air-gapped file transfer because an air-gapped computer will still be forced to parse partitions or file systems. That is not required with the inter-qube copy system. +Om du vill kopiera och klistra in filer och kataloger (mappar) från en VM till en annan kan du använda alternativet **Kopiera till annan AppVM...** eller **Flytta till annan AppVM...**. Skillnaden är att alternativet **Move** raderar den ursprungliga filen. Båda alternativen skyddar ditt klippblock från att läcka till andra Qubes. Detta är säkrare än filöverföring med luftgranskning eftersom en dator med luftgranskning fortfarande tvingas analysera partitioner eller filsystem. Detta är inte nödvändigt med inter-qube-kopieringssystemet. -??? info "AppVMs or qubes do not have their own file systems" +??? info "AppVM eller qubes har inte egna filsystem" - You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between Qubes. When doing so the changes aren't immediately made and can be easily undone in case of an accident. + Du kan [kopiera och flytta filer] (https://www.qubes-os.org/doc/how-to-copy-and-move-files/) mellan Qubes. När du gör det görs inte ändringarna omedelbart och kan lätt ångras i händelse av en olycka. -### Inter-VM Interactions +### Inter-VM-interaktioner -The [qrexec framework](https://www.qubes-os.org/doc/qrexec/) is a core part of Qubes which allows virtual machine communication between domains. It is built on top of the Xen library *vchan*, which facilitates [isolation through policies](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/). +Ramverket [qrexec](https://www.qubes-os.org/doc/qrexec/) är en central del av Qubes som gör det möjligt att kommunicera virtuella maskiner mellan domäner. Det bygger på Xen-biblioteket *vchan*, som underlättar [isolering genom policyer](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/). -## Additional Resources +## Ytterligare resurser -For additional information we encourage you to consult the extensive Qubes OS documentation pages located on the [Qubes OS Website](https://www.qubes-os.org/doc/). Offline copies can be downloaded from the Qubes OS [documentation repository](https://github.com/QubesOS/qubes-doc). +För ytterligare information rekommenderar vi att du konsulterar de omfattande Qubes OS-dokumentationssidorna som finns på webbplatsen [Qubes OS](https://www.qubes-os.org/doc/). Offlinekopior kan laddas ner från dokumentationsarkivet för Qubes OS [](https://github.com/QubesOS/qubes-doc). -- Open Technology Fund: [*Arguably the world's most secure operating system*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/) +- Fonden för öppen teknik: [*Världens förmodligen säkraste operativsystem*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/) - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) -- J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) -- Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.sv.txt" +- J. Rutkowska: [*Partitionera mitt digitala liv i säkerhetsdomäner*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) +- Qubes OS: [*Relaterade artiklar*](https://www.qubes-os.org/news/categories/#articles) diff --git a/i18n/sv/passwords.md b/i18n/sv/passwords.md index b9265b2a6..ab79e43f1 100644 --- a/i18n/sv/passwords.md +++ b/i18n/sv/passwords.md @@ -1,36 +1,37 @@ --- -title: "Password Managers" +title: "Lösenordshanterare" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- -Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. +Lösenordshanterare gör att du kan lagra och hantera lösenord och andra autentiseringsuppgifter på ett säkert sätt med hjälp av ett huvudlösenord. -[Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md) +[Introduktion till lösenord :material-arrow-right-drop-circle:](./basics/passwords-overview.md) !!! info - Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features standalone offerings have. + Inbyggda lösenordshanterare i programvaror som webbläsare och operativsystem är ibland inte lika bra som en särskild programvara för lösenordshantering. Fördelen med en inbyggd lösenordshanterare är att den är väl integrerad med programvaran, men den kan ofta vara mycket enkel och saknar integritets- och säkerhetsfunktioner som fristående produkter har. - For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/en-us/HT202303) offers E2EE by default. + Lösenordshanteraren i Microsoft Edge erbjuder till exempel inte alls E2EE. Googles lösenordshanterare har [optional](https://support.google.com/accounts/answer/11350823) E2EE, och [Apple's](https://support.apple.com/en-us/HT202303) erbjuder E2EE som standard. -## Cloud-based +## Molnbaserad -These password managers sync your passwords to a cloud server for easy accessibility from all your devices and safety against device loss. +Dessa lösenordshanterare synkroniserar dina lösenord till en molnserver så att du enkelt kan komma åt dem från alla dina enheter och för att skydda dig mot förlust av enheter. ### Bitwarden !!! recommendation - ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right } + ![Bitwardens logotyp](assets/img/password-management/bitwarden.svg){ align=right } - **Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. + **Bitwarden** är en gratis lösenordshanterare med öppen källkod. Syftet är att lösa problem med lösenordshantering för enskilda personer, grupper och företag. Bitwarden är en av de bästa och säkraste lösningarna för att lagra alla dina inloggningar och lösenord och samtidigt hålla dem synkroniserade mellan alla dina enheter. - [:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? :simple-microsoftedge: nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden) - [:simple-appstore: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744) @@ -39,19 +40,18 @@ These password managers sync your passwords to a cloud server for easy accessibi - [:simple-linux: Linux](https://bitwarden.com/download) - [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop) - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager) - - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb) - - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password- -Bitwarden also features [Bitwarden Send](https://bitwarden.com/products/send/), which allows you to share text and files securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan). +Bitwarden har också [Bitwarden Send](https://bitwarden.com/products/send/), vilket gör att du kan dela text och filer säkert med [end-to-end-kryptering](https://bitwarden.com/help/send-encryption). Ett lösenord [](https://bitwarden.com/help/send-privacy/#send-passwords) kan krävas tillsammans med sändningslänken. Bitwarden Send har också [automatisk radering](https://bitwarden.com/help/send-lifespan). -You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) to be able to share files. The free plan only allows text sharing. +Du behöver [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) för att kunna dela filer. Gratisabonnemanget tillåter endast textdelning. -Bitwarden's server-side code is [open-source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server. +Bitwardens kod på serversidan är [öppen källkod](https://github.com/bitwarden/server), så om du inte vill använda Bitwardens moln kan du enkelt vara värd för din egen Bitwarden-synkroniseringsserver. -**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code. +**Vaultwarden** är en alternativ implementering av Bitwardens synkroniseringsserver skriven i Rust och kompatibel med officiella Bitwarden-klienter, perfekt för självhostad distribution där körning av den officiella resurstunga tjänsten kanske inte är idealisk. Om du vill vara värd för Bitwarden på din egen server, vill du nästan säkert använda Vaultwarden över Bitwardens officiella serverkod. -[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden ""){.md-button} [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } +[:octicons-repo-16: Vaultwardens utvecklingskatalog](https://github.com/dani-garcia/vaultwarden ""){.md-button} [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ . ard-link title=Dokumentation} +[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ . ard-link title="Källkod" } [:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute } ### 1Password @@ -60,40 +60,38 @@ Bitwarden's server-side code is [open-source](https://github.com/bitwarden/serve ![1Password logo](assets/img/password-management/1password.svg){ align=right } - **1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up/). 1Password is [audited](https://support.1password.com/security-assessments/) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf). + **1Password** är en lösenordshanterare med starkt fokus på säkerhet och användarvänlighet, som gör att du kan lagra lösenord, kreditkort, programlicenser och annan känslig information i ett säkert digitalt valv. Ditt valv lagras på 1Passwords servrar för en [månadsavgift] (https://1password.com/sign-up/). 1Password är [audited](https://support.1password.com/security-assessments/) på regelbunden basis och erbjuder exceptionell kundsupport. 1Password är en sluten källa, men produktens säkerhet dokumenteras noggrant i deras [white paper om säkerhet](https://1passwordstatic.com/files/security/1password-white-paper.pdf). - [:octicons-home-16: Homepage](https://1password.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://support.1password.com/1password-privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.1password.com/){ .card-link title=Documentation} - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android) + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-info-16:](https://support.1password.com){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android) - [:simple-appstore: App Store](https://apps.apple.com/app/id1511601750?mt=8) - - [:simple-windows11: Windows](https://1password.com/downloads/windows/) - - [:simple-apple: macOS](https://1password.com/downloads/mac/) - - [:simple-linux: Linux](https://1password.com/downloads/linux/) + - [:simple-windows11: Android]() + - [:simple-apple: Windows]() + - [:simple-linux: macOS]() + - [ Linux]() + - [ Flathub/) -Traditionally, **1Password** has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. It boasts many features geared towards families and less technical people, as well as advanced functionality. +Traditionellt har **1Password** erbjudit den bästa användarupplevelsen av lösenordshanteraren för personer som använder macOS och iOS, men nu har den fått samma funktioner på alla plattformar. Den har många funktioner som är inriktade på familjer och mindre tekniska personer, samt avancerad funktionalitet. -Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data. +Ditt 1Password-valv är skyddat med både ditt huvudlösenord och en slumpmässig 34-teckig säkerhetsnyckel för att kryptera dina data på deras servrar. Den här säkerhetsnyckeln ger dina data ett extra skydd eftersom dina data är säkrade med hög entropi oavsett huvudlösenordet. Många andra lösenordshanteringslösningar är helt beroende av styrkan i ditt huvudlösenord för att säkra dina data. -One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password's clients also have a more intuitive UI, which makes them easier to use and navigate. +En fördel som 1Password har jämfört med Bitwarden är dess förstklassiga stöd för inhemska klienter. Medan Bitwarden hänvisar många uppgifter, särskilt kontohanteringsfunktioner, till sitt webbgränssnitt, gör 1Password nästan alla funktioner tillgängliga i sina mobila och stationära klienter. 1Password-klienterna har också ett mer intuitivt användargränssnitt, vilket gör dem lättare att använda och navigera. ### Psono !!! recommendation - ![Psono logo](assets/img/password-management/psono.svg){ align=right } + ![Psono-logotyp](assets/img/password-management/psono.svg){ align=right } - **Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password. + **Psono** är en gratis lösenordshanterare med öppen källkod från Tyskland, med fokus på lösenordshantering för team. Psono stöder säker delning av lösenord, filer, bokmärken och e-post. Alla hemligheter skyddas av ett huvudlösenord. - [:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://doc.psono.com){ .card-link title=Documentation} - [:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://doc.psono.com/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono) - [:simple-appstore: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224) @@ -101,34 +99,34 @@ One advantage 1Password has over Bitwarden is its first-class support for native - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo) - [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client) -Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features. +Psono tillhandahåller omfattande dokumentation för sin produkt. Webbklienten för Psono kan vara självhyst, alternativt kan du välja den fullständiga Community Edition eller Enterprise Edition med ytterligare funktioner. -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -#### Minimum Requirements +#### Minimikrav -- Must utilize strong, standards-based/modern E2EE. -- Must have thoroughly documented encryption and security practices. -- Must have a published audit from a reputable, independent third-party. -- All non-essential telemetry must be optional. -- Must not collect more PII than is necessary for billing purposes. +- Måste använda starka, standardbaserade/moderna E2EE. +- Måste ha noggrant dokumenterade krypterings- och säkerhetsrutiner. +- Måste ha en publicerad revision från en välrenommerad, oberoende tredje part. +- All icke nödvändig telemetri måste vara frivillig. +- Får inte samla in mer PII än vad som är nödvändigt för fakturering. -#### Best-Case +#### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. -- Telemetry should be opt-in (disabled by default) or not collected at all. -- Should be open-source and reasonably self-hostable. +- Telemetri bör vara opt-in (inaktiverad som standard) eller inte samlas in alls. +- Den bör ha öppen källkod och vara någorlunda självhanterlig. -## Local Storage +## Lokal lagring -These options allow you to manage an encrypted password database locally. +Med dessa alternativ kan du hantera en krypterad lösenordsdatabas lokalt. ### KeePassXC @@ -136,15 +134,15 @@ These options allow you to manage an encrypted password database locally. ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ align=right } - **KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, cross-platform and modern open-source password manager. + **KeePassXC** är en gemenskapsfork av KeePassX, en inhemsk plattformsoberoende anpassning av KeePass Password Safe, med målet att utöka och förbättra den med nya funktioner och felrättningar för att tillhandahålla en funktionsrik, plattformsoberoende och modern lösenordshanterare med öppen källkod. - [:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Källkod" } [:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) - [:simple-apple: macOS](https://keepassxc.org/download/#mac) @@ -153,49 +151,47 @@ These options allow you to manage an encrypted password database locally. - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) -KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually. +KeePassXC lagrar sina exportdata som [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) -filer. Detta kan innebära att du förlorar data om du importerar filen till en annan lösenordshanterare. Vi rekommenderar att du kontrollerar varje post manuellt. ### KeePassDX (Android) !!! recommendation - ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right } + ![KeePassDX logotyp](assets/img/password-management/keepassdx.svg){ align=right } - **KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development. + **KeePassDX** är en lättviktig lösenordshanterare för Android som gör det möjligt att redigera krypterade data i en enda fil i KeePass-format och fylla i formulär på ett säkert sätt. [Contributor Pro] (https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) gör det möjligt att låsa upp kosmetiskt innehåll och icke-standardiserade protokollfunktioner, men viktigare är att det hjälper och uppmuntrar till utveckling. - [:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute } - - ??? downloads + [:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) - - [:simple-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases) + - [:simple-github: App Store](https://github.com/Kunzisoft/KeePassDX/releases) ### Strongbox (iOS & macOS) !!! recommendation - ![Strongbox logo](assets/img/password-management/strongbox.svg){ align=right } + ![Strongbox-logotyp](assets/img/password-management/strongbox.svg){ align=right } - **Strongbox** is a native, open-source password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a [freemium model](https://strongboxsafe.com/pricing/), Strongbox offers most features under its free tier with more convenience-oriented [features](https://strongboxsafe.com/comparison/)—such as biometric authentication—locked behind a subscription or perpetual license. + **Strongbox** är en inhemsk lösenordshanterare med öppen källkod för iOS och macOS. Strongbox stöder både KeePass- och Password Safe-format och kan användas tillsammans med andra lösenordshanterare, som KeePassXC, på andra plattformar än Apple-plattformar. Genom att använda en [freemium modell](https://strongboxsafe.com/pricing/), erbjuder Strongbox de flesta funktioner under sin fria nivå med mer bekvämlighetsinriktad [features](https://strongboxsafe. om/comparison/) – såsom biometrisk autentisering – låst bakom en prenumeration eller evig licens. - [:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://strongboxsafe.com/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://strongboxsafe.com/getting-started/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/strongbox-password-safe/Strongbox){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Källkod" } + [:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/app/strongbox-keepass-pwsafe/id897283731) -Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). This version is stripped down in an attempt to reduce attack surface. +Dessutom finns det en offline-version som erbjuds: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). Denna version är avskalad i ett försök att minska angreppsytan. -### Command-line +### Kommandorad -These products are minimal password managers that can be used within scripting applications. +Dessa produkter är minimala lösenordshanterare som kan användas inom skriptprogram. #### gopass @@ -203,28 +199,24 @@ These products are minimal password managers that can be used within scripting a ![gopass logo](assets/img/password-management/gopass.svg){ align=right } - **gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows). + **gopass** är en lösenordshanterare för kommandoraden skriven i Go. Det fungerar på alla större skrivbords- och serveroperativsystem (Linux, macOS, BSD, Windows). - [:octicons-home-16: Homepage](https://www.gopass.pw){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute } - - ??? downloads + [:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://www.gopass.pw/#install-windows) - [:simple-apple: macOS](https://www.gopass.pw/#install-macos) - [:simple-linux: Linux](https://www.gopass.pw/#install-linux) - [:simple-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must be cross-platform. - ---8<-- "includes/abbreviations.sv.txt" +- Måste vara plattformsoberoende. diff --git a/i18n/sv/productivity.md b/i18n/sv/productivity.md index bd250f49a..b5af915e9 100644 --- a/i18n/sv/productivity.md +++ b/i18n/sv/productivity.md @@ -1,6 +1,7 @@ --- -title: "Productivity Tools" +title: "Produktivitetsverktyg" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -11,17 +12,17 @@ Most online office suites do not support E2EE, meaning the cloud provider has ac !!! recommendation - ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } + ![Nextcloud-logotyp](assets/img/productivity/nextcloud.svg){ align=right } - **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + **Nextcloud** är en svit med gratis klient-serverprogramvara med öppen källkod för att skapa egna filhostingtjänster på en privat server som du kontrollerar. - [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Källkod" } [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) @@ -31,9 +32,9 @@ Most online office suites do not support E2EE, meaning the cloud provider has ac - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud) -!!! danger +!!! fara - We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers. + Vi rekommenderar inte att du använder [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) för Nextcloud eftersom det kan leda till dataförluster; det är mycket experimentellt och inte av produktionskvalitet. For this reason, we don't recommend third-party Nextcloud providers. ### CryptPad @@ -49,13 +50,13 @@ Most online office suites do not support E2EE, meaning the cloud provider has ac [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" } [:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute } -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to collaboration platforms like Google Drive. @@ -66,9 +67,9 @@ In general, we define collaboration platforms as full-fledged suites which could - Supports real-time document collaboration. - Supports exporting documents to standard document formats (e.g. ODF). -#### Best-Case +#### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should store files in a conventional filesystem. - Should support TOTP or FIDO2 multi-factor authentication support, or Passkey logins. @@ -122,18 +123,18 @@ Our best-case criteria represents what we would like to see from the perfect pro - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.onlyoffice.desktopeditors) - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. In general, we define office suites as applications which could reasonably act as a replacement for Microsoft Word for most needs. -- Must be cross-platform. -- Must be open-source software. +- Måste vara plattformsoberoende. +- Måste vara programvara med öppen källkod. - Must function offline. - Must support editing documents, spreadsheets, and slideshows. - Must export files to standard document formats. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/real-time-communication.md b/i18n/sv/real-time-communication.md index c48832a0f..d91578694 100644 --- a/i18n/sv/real-time-communication.md +++ b/i18n/sv/real-time-communication.md @@ -1,6 +1,7 @@ --- -title: "Real-Time Communication" +title: "Realtidskommunikation" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -100,7 +101,7 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https:// ## Additional Options -!!! warning +!!! varning These messengers do not have Perfect [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) (PFS), and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications. @@ -169,27 +170,25 @@ Oxen requested an independent audit for Session in March of 2020. The audit [con Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. - Must have open-source clients. - Must use E2EE for private messages by default. - Must support E2EE for all messages. - Must have been independently audited. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should have Perfect Forward Secrecy. - Should have open-source servers. - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/router.md b/i18n/sv/router.md index 51b994665..ac86ded61 100644 --- a/i18n/sv/router.md +++ b/i18n/sv/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Nedan följer några alternativa operativsystem som kan användas på routrar, Wi-Fi-accesspunkter osv. @@ -36,16 +37,14 @@ Du kan se OpenWrts [tabell över maskinvara](https://openwrt.org/toh/start) för OPNsense utvecklades ursprungligen som en gaffel av [pfSense](https://en.wikipedia.org/wiki/PfSense), och båda projekten är kända för att vara fria och pålitliga brandväggsdistributioner som erbjuder funktioner som ofta endast finns i dyra kommersiella brandväggar. Utvecklarna av OPNsense [, som lanserades 2015, citerade](https://docs.opnsense.org/history/thefork.html) ett antal säkerhets- och kodkvalitetsproblem med pfSense som de ansåg nödvändiggjorde en delning av projektet, samt oro över Netgates majoritetsförvärv av pfSense och pfSense-projektets framtida inriktning. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. - Måste vara öppen källkod. - Måste få regelbundna uppdateringar. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/search-engines.md b/i18n/sv/search-engines.md index 51cab885d..e4318c7e6 100644 --- a/i18n/sv/search-engines.md +++ b/i18n/sv/search-engines.md @@ -1,6 +1,7 @@ --- -title: "Search Engines" +title: "Sökmotorer" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -78,7 +79,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy. [:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" } [:octicons-info-16:](https://support.startpage.com/hc/en-us/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation} -!!! warning +!!! varning Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider. @@ -86,24 +87,22 @@ Startpage is based in the Netherlands. According to their [privacy policy](https Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Requirements +### Minimikrav - Must not collect personally identifiable information per their privacy policy. - Must not allow users to create an account with them. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/tools.md b/i18n/sv/tools.md index 88d941ee2..7a84a4656 100644 --- a/i18n/sv/tools.md +++ b/i18n/sv/tools.md @@ -1,17 +1,18 @@ --- -title: "Privacy Tools" +title: "Verktyg för integritet" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- -If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. +Om du letar efter en specifik lösning på något är det här hård- och mjukvaruverktyg som vi rekommenderar i olika kategorier. Våra rekommenderade verktyg för integritetsskydd är i första hand valda utifrån säkerhetsfunktioner, med ytterligare betoning på decentraliserade verktyg och verktyg med öppen källkod. De kan tillämpas på en mängd olika hotmodeller, från skydd mot globala massövervakningsprogram och undvikande av stora teknikföretag till begränsning av attacker, men det är bara du som kan avgöra vad som fungerar bäst för dina behov. -If you want assistance figuring out the best privacy tools and alternative programs for your needs, start a discussion on our [forum](https://discuss.privacyguides.net/) or our [Matrix](https://matrix.to/#/#privacyguides:matrix.org) community! +Om du vill ha hjälp med att hitta de bästa verktygen för sekretess och alternativa program för dina behov kan du starta en diskussion i vårt forum [](https://discuss.privacyguides.net/) eller i vår community [Matrix](https://matrix.to/#/#privacyguides:matrix.org)! -For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page. +Om du vill ha mer information om varje projekt, varför de valdes ut och ytterligare tips och tricks som vi rekommenderar, kan du klicka på länken "Läs mer" i varje avsnitt eller klicka på själva rekommendationen för att komma till det specifika avsnittet på sidan. -## Tor Network +## Tor-nätverket
@@ -21,32 +22,32 @@ For more details about each project, why they were chosen, and additional tips o
-1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy. +1. Snowflake ökar inte integriteten, men det gör det möjligt för dig att enkelt bidra till Tor-nätverket och hjälpa människor i censurerade nätverk att få bättre integritet. -[Learn more :material-arrow-right-drop-circle:](tor.md) +[Läs mer :material-arrow-right-drop-circle:](tor.md) -## Desktop Web Browsers +## Webbläsare för skrivbordet
-- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox) -- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave) +- ![Firefox logotyp](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox) +- ![Brave logotyp](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave)
-[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md) +[Läs mer :material-arrow-right-drop-circle:](desktop-browsers.md) -### Additional Resources +### Ytterligare resurser
-- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin) +- ![uBlock Origin-logotyp](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
-[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources) +[Läs mer :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources) -## Mobile Web Browsers +## Webbläsare för mobiler
@@ -55,21 +56,21 @@ For more details about each project, why they were chosen, and additional tips o
-[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md) +[Läs mer :material-arrow-right-drop-circle:](mobile-browsers.md) -### Additional Resources +### Ytterligare resurser
-- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard) +- ![AdGuard logotyp](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard för iOS](mobile-browsers.md#adguard)
-[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md#adguard) +[Läs mer :material-arrow-right-drop-circle:](mobile-browsers.md#adguard) -## Operating Systems +## Operativsystem -### Mobile +### Mobil
@@ -78,13 +79,13 @@ For more details about each project, why they were chosen, and additional tips o
-[Learn more :material-arrow-right-drop-circle:](android.md) +[Läs mer :material-arrow-right-drop-circle:](android.md) -#### Android Apps +#### Android-app
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -92,9 +93,9 @@ For more details about each project, why they were chosen, and additional tips o
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps) +[Läs mer :material-arrow-right-drop-circle:](android.md#general-apps) -### Desktop/PC +### Skrivbord
@@ -109,51 +110,51 @@ For more details about each project, why they were chosen, and additional tips o
-[Learn more :material-arrow-right-drop-circle:](desktop.md) +[Läs mer :material-arrow-right-drop-circle:](desktop.md) ### Router Firmware
-- ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt) -- ![OPNsense logo](assets/img/router/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense) +- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt) +- ![DivestOS logo](assets/img/android/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense)
-[Learn more :material-arrow-right-drop-circle:](router.md) +[Läs mer :material-arrow-right-drop-circle:](router.md) -## Service Providers +## Tjänsteleverantörer -### Cloud Storage +### Molnlagring
-- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive) +- ![Proton Drive-logotyp](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
-[Learn more :material-arrow-right-drop-circle:](cloud.md) +[Läs mer :material-arrow-right-drop-circle:](cloud.md) ### DNS -#### DNS Providers +#### DNS Leverantörer -We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended. +Vi [rekommenderar](dns.md#recommended-providers) ett antal krypterade DNS-servrar utifrån olika kriterier, t.ex. [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) och [Quad9](https://quad9.net/). Vi rekommenderar att du läser våra sidor om DNS innan du väljer en leverantör. I många fall är det inte rekommenderat att använda en alternativ DNS-leverantör. -[Learn more :material-arrow-right-drop-circle:](dns.md) +[Läs mer :material-arrow-right-drop-circle:](dns.md) -#### Encrypted DNS Proxies +#### Krypterade DNS-proxyservrar
-- ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ .twemoji }![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ .twemoji } [RethinkDNS](dns.md#rethinkdns) -- ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy) +- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ .twemoji } [RethinkDNS](dns.md#rethinkdns) +- ![DivestOS logo](assets/img/android/dnscrypt-proxy.svg){ .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy)
-[Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies) +[Läs mer :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies) -#### Self-hosted Solutions +#### Egenstyrda lösningar
@@ -162,22 +163,22 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions) +[Läs mer :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions) -### Email +### E-postadress
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) - ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) -- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmaildark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) - ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
-[Learn more :material-arrow-right-drop-circle:](email.md) +[Läs mer :material-arrow-right-drop-circle:](email.md) -#### Email Aliasing Services +#### E-postaliaseringstjänster
@@ -186,9 +187,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](email.md#email-aliasing-services) +[Läs mer :material-arrow-right-drop-circle:](email.md#email-aliasing-services) -#### Self-Hosting Email +#### Självhanterande e-post
@@ -197,9 +198,32 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +[Läs mer :material-arrow-right-drop-circle:](email.md#self-hosting-email) -### Search Engines +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Läs mer :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Läs mer :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + +### Sökmotorer
@@ -210,33 +234,33 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](search-engines.md) +[Läs mer :material-arrow-right-drop-circle:](search-engines.md) -### VPN Providers +### DNS Leverantörer -??? danger "VPNs do not provide anonymity" +??? vPN-tjänster kan inte ge anonymitet" - Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. + En VPN kommer **inte** att hålla dina surfvanor anonyma, och inte heller kommer den att lägga till ytterligare säkerhet för icke-säker (HTTP) trafik. - If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + Om du är ute efter **anonymitet** bör du använda Tor Browser **i stället** för en VPN. - If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + Om du vill öka **säkerheten** bör du alltid se till att du ansluter till webbplatser med HTTPS. En VPN är inte en ersättning för goda säkerhetsrutiner. - [Learn more :material-arrow-right-drop-circle:](vpn.md) + [Läs mer :material-arrow-right-drop-circle:](vpn.md)
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
-[Learn more :material-arrow-right-drop-circle:](vpn.md) +[Läs mer :material-arrow-right-drop-circle:](vpn.md) -## Software +## Programvara -### Calendar Sync +### Kalendersynkronisering
@@ -245,9 +269,19 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](calendar.md) +[Läs mer :material-arrow-right-drop-circle:](calendar.md) -### Data and Metadata Redaction +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Läs mer :material-arrow-right-drop-circle:](cryptocurrency.md) + +### Redigering av data och metadata
@@ -259,9 +293,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](data-redaction.md) +[Läs mer :material-arrow-right-drop-circle:](data-redaction.md) -### Email Clients +### E-postklienter
@@ -272,20 +306,20 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b - ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome) - ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android) - ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde) -- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser) +- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP i standardwebmail)](email-clients.md#mailvelope-browser) - ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli)
-[Learn more :material-arrow-right-drop-circle:](email-clients.md) +[Läs mer :material-arrow-right-drop-circle:](email-clients.md) ### Programvara för kryptering -??? info "Operating System Disk Encryption" +??? info "Diskryptering av operativsystemet" - For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems. + För att kryptera din operativsystemenhet rekommenderar vi vanligtvis att du använder det krypteringsverktyg som operativsystemet tillhandahåller, oavsett om det är **BitLocker** i Windows, **FileVault** i macOS eller **LUKS** i Linux. Dessa verktyg ingår i operativsystemet och använder vanligtvis hårdvarukrypteringselement, t. ex. en TPM, som andra krypteringsprogram för hela hårddiskar, t. ex. VeraCrypt, inte gör. VeraCrypt lämpar sig fortfarande för diskar som inte är i driftssystemet, t. ex. externa enheter, särskilt enheter som kan nås från flera olika operativsystem. - [Learn more :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde) + [Läs mer :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde)
@@ -293,27 +327,27 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b - ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](encryption.md#picocrypt-file) - ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt-disk) - ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh) -- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor) -- ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb) +- ![Kryptor logo](assets/img/encryption software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor) +- ![Tomb logo](assets/img/encryption software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb)
-[Learn more :material-arrow-right-drop-circle:](encryption.md) +[Läs mer :material-arrow-right-drop-circle:](encryption.md) -#### OpenPGP Clients +#### OpenPGP-klienter
- ![GnuPG logo](assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](encryption.md#gnu-privacy-guard) - ![GPG4Win logo](assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](encryption.md#gpg4win) -- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite) -- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain) +- ![GPG Suite logo](assets/img/encryption software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite) +- ![OpenKeychain logo](assets/img/encryption software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain)
-[Learn more :material-arrow-right-drop-circle:](encryption.md#openpgp) +[Läs mer :material-arrow-right-drop-circle:](encryption.md#openpgp) -### File Sharing and Sync +### Fildelning och synkronisering
@@ -325,9 +359,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](file-sharing.md) +[Läs mer :material-arrow-right-drop-circle:](file-sharing.md) -### Frontends +### Frontend
@@ -342,22 +376,22 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](frontends.md) +[Läs mer :material-arrow-right-drop-circle:](frontends.md) -### Multi-Factor Authentication Tools +### Multi-Faktor Autentisering
-- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey) -- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key) -- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator) +- ![YubiKeys](assets/img/multifactor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey) +- ![Nitrokey](assets/img/multifactor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key) +- ![Aegis logo](assets/img/multifactor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator) - ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp)
-[Learn more :material-arrow-right-drop-circle:](multi-factor-authentication.md) +[Läs mer :material-arrow-right-drop-circle:](multi-factor-authentication.md) -### News Aggregators +### Nyhetsaggregatorer
@@ -371,9 +405,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](news-aggregators.md) +[Läs mer :material-arrow-right-drop-circle:](news-aggregators.md) -### Notebooks +### Anteckningsböcker
@@ -384,9 +418,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](notebooks.md) +[Läs mer :material-arrow-right-drop-circle:](notebooks.md) -### Password Managers +### Lösenordshanterare
@@ -400,9 +434,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](passwords.md) +[Läs mer :material-arrow-right-drop-circle:](passwords.md) -### Productivity Tools +### Produktivitetsverktyg
@@ -414,9 +448,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](productivity.md) +[Läs mer :material-arrow-right-drop-circle:](productivity.md) -### Real-Time Communication +### Realtidskommunikation
@@ -428,9 +462,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](real-time-communication.md) +[Läs mer :material-arrow-right-drop-circle:](real-time-communication.md) -### Video Streaming Clients +### Klienter för videoströmning
@@ -438,6 +472,4 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.sv.txt" +[Läs mer :material-arrow-right-drop-circle:](video-streaming.md) diff --git a/i18n/sv/tor.md b/i18n/sv/tor.md index 99f83cf36..dfc50cc70 100644 --- a/i18n/sv/tor.md +++ b/i18n/sv/tor.md @@ -1,6 +1,7 @@ --- -title: "Tor Network" +title: "Tor-nätverket" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -50,7 +45,7 @@ There are a variety of ways to connect to the Tor network from your device, the - [:simple-linux: Linux](https://www.torproject.org/download/) - [:simple-freebsd: FreeBSD](https://www.freshports.org/security/tor) -!!! danger +!!! fara You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting). @@ -115,10 +110,8 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface.
- If the embed does not appear for you, ensure you are not blocking the third-party frame from `torproject.org`. Alternatively, visit [this page](https://snowflake.torproject.org/embed.html). + Om inbäddningen inte visas för dig, kontrollera att du inte blockerar tredjepartsramen från `torproject.org`. Du kan också besöka [denna sida] (https://snowflake.torproject.org/embed.html). -Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. +Snowflake ökar inte din integritet på något sätt och används inte heller för att ansluta till Tor-nätverket i din webbläsare. Om din internetanslutning är ocensurerad bör du dock överväga att använda den för att hjälpa människor i censurerade nätverk att själva få bättre integritet. Det finns ingen anledning att oroa sig för vilka webbplatser människor kommer åt via din proxy - deras synliga IP-adress kommer att matcha deras Tor exit-nod, inte din. -Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.sv.txt" +Att driva en Snowflake-proxy är en låg risk, till och med mer än att driva en Tor-relä eller en bro, som redan inte är särskilt riskfyllda verksamheter. Men det gör fortfarande proxy-trafik genom ditt nätverk som kan vara effektiva på vissa sätt, särskilt om ditt nätverk är bandbredd-begränsad. Se till att du förstår [hur Snowflake fungerar](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) innan du bestämmer dig för att köra en proxy. diff --git a/i18n/sv/video-streaming.md b/i18n/sv/video-streaming.md index 8ac8a92de..9e53efdf1 100644 --- a/i18n/sv/video-streaming.md +++ b/i18n/sv/video-streaming.md @@ -1,52 +1,51 @@ --- -title: "Video Streaming" +title: "Videouppspelning" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- -The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. +Det främsta hotet när du använder en plattform för videostreaming är att dina streamingvanor och prenumerationslistor kan användas för att profilera dig. Du bör kombinera dessa verktyg med en [VPN](vpn.md) eller [Tor](https://www.torproject.org/) för att göra det svårare att profilera din användning. ## LBRY !!! recommendation - ![LBRY logo](assets/img/video-streaming/lbry.svg){ align=right } + ![LBRY-logotyp](assets/img/video-streaming/lbry.svg){ align=right } - **The LBRY network** is a decentralized video sharing network. It uses a [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-like network to store the video content, and a [blockchain](https://wikipedia.org/wiki/Blockchain) to store the indexes for those videos. The main benefit of this design is censorship resistance. + **LBRY-nätverket** är ett decentraliserat nätverk för videodelning. Den använder ett [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-liknande nätverk för att lagra videoinnehållet och ett [blockchain](https://wikipedia.org/wiki/Blockchain) för att lagra indexen för dessa videor. Den största fördelen med denna design är censurmotstånd. - **The LBRY desktop client** helps you stream videos from the LBRY network and stores your subscription list in your own LBRY wallet. + **LBRY-klienten** hjälper dig att strömma videor från LBRY-nätverket och lagrar din prenumerationslista i din egen LBRY-plånbok. - [:octicons-home-16: Homepage](https://lbry.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://lbry.com/faq){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://lbry.com/faq/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://lbry.com/windows) - [:simple-apple: macOS](https://lbry.com/osx) - [:simple-linux: Linux](https://lbry.com/linux) -!!! note +!!! anmärkning - Only the **LBRY desktop client** is recommended, as the [Odysee](https://odysee.com) website and the LBRY clients in F-Droid, Play Store, and the App Store have mandatory synchronization and telemetry. + Endast **LBRY-klienten** rekommenderas, eftersom webbplatsen [Odysee](https://odysee.com) och LBRY-klienterna i F-Droid, Play Store och App Store har obligatorisk synkronisering och telemetri. -!!! warning +!!! varning - While watching and hosting videos, your IP address is visible to the LBRY network. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + När du tittar på och är värd för videor är din IP-adress synlig för LBRY-nätverket. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. -We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel. +Vi rekommenderar **att inte** synkroniserar din plånbok med LBRY Inc. eftersom synkronisering av krypterade plånböcker inte stöds ännu. Om du synkroniserar din plånbok med LBRY Inc. du måste lita på att de inte tittar på din prenumerationslista, [LBC](https://lbry.com/faq/earn-credits) pengar, eller ta kontroll över din kanal. -You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time. +Du kan inaktivera *Spara värddata för att hjälpa LBRY-nätverket* alternativet i :gear: **Inställningar** → **Avancerade inställningar**, för att undvika att din IP-adress och dina videor exponeras när du använder LBRY under en längre tid. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must not require a centralized account to view videos. - - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.sv.txt" +- Får inte kräva ett centralt konto för att visa videor. + - Decentraliserad autentisering, t. ex. via en mobil plånboks privata nyckel, är acceptabel. diff --git a/i18n/sv/vpn.md b/i18n/sv/vpn.md index a9573cf79..2516951d3 100644 --- a/i18n/sv/vpn.md +++ b/i18n/sv/vpn.md @@ -1,94 +1,34 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
- Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! vPN-tjänster kan inte ge anonymitet" + + En VPN kommer **inte** att hålla dina surfvanor anonyma, och inte heller kommer den att lägga till ytterligare säkerhet för icke-säker (HTTP) trafik. - If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + Om du är ute efter **anonymitet** bör du använda Tor Browser **i stället** för en VPN. - If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + Om du vill öka **säkerheten** bör du alltid se till att du ansluter till webbplatser med HTTPS. En VPN är inte en ersättning för goda säkerhetsrutiner. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,59 +113,124 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding -## Criteria +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. -!!! danger +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. + +## Kriterier + +!!! fara It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/tr/404.md b/i18n/tr/404.md index d1961f6cc..c1d0c7c5a 100644 --- a/i18n/tr/404.md +++ b/i18n/tr/404.md @@ -1,11 +1,15 @@ --- hide: - - feedback + - geri bildirim +meta: + - + property: "robotlar" + content: "noindex, nofollow" --- # 404 - Sayfa Bulunamadı -Aradığınız sayfayı bulamadık! Belki de bunlardan birini arıyordunuz? +We couldn't find the page you were looking for! Maybe you were looking for one of these? - [Tehdit Modellemesine Giriş](basics/threat-modeling.md) - [Önerilen DNS Sağlayıcıları](dns.md) @@ -13,5 +17,3 @@ Aradığınız sayfayı bulamadık! Belki de bunlardan birini arıyordunuz? - [En İyi VPN Sağlayıcıları](vpn.md) - [Privacy Guides Forumu](https://discuss.privacyguides.net) - [Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/criteria.md b/i18n/tr/about/criteria.md index 35794d71a..d1c6a7074 100644 --- a/i18n/tr/about/criteria.md +++ b/i18n/tr/about/criteria.md @@ -38,5 +38,3 @@ Projelerini veya yazılımlarını değerlendirmeye göndermek isteyen geliştir - Projelerinde tam tehdit modelinin ne olduğunu belirtmelidir. - Potansiyel kullanıcılar için projenin neleri sağlayabileceği ve neleri sağlayamayacağı açık olmalıdır. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/donate.md b/i18n/tr/about/donate.md index 80298330c..6f604134c 100644 --- a/i18n/tr/about/donate.md +++ b/i18n/tr/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/index.md b/i18n/tr/about/index.md index 79c9d46ae..8d58f996d 100644 --- a/i18n/tr/about/index.md +++ b/i18n/tr/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "Privacy Guides Hakkında" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** veri güvenliğinizi ve gizliliğinizi korumaya yönelik bilgiler sağlayan sosyal amaçlı bir web sitesidir. Tamamen gönüllü [ekip üyeleri](https://discuss.privacyguides.net/g/team) ve katkıda bulunanlar tarafından işletilen, kâr amacı gütmeyen bir kolektifiz. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Projeyi destekleyin](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. Tamamen gönüllü [ekip üyeleri](https://discuss.privacyguides.net/g/team) ve katkıda bulunanlar tarafından işletilen, kâr amacı gütmeyen bir kolektifiz. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Ekibimiz @@ -48,9 +76,9 @@ title: "Privacy Guides Hakkında" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Ekibimizin haricinde [birçok kişi](https://github.com/privacyguides/privacyguides.org/graphs/contributors) projeye katkıda bulunmuştur. Projeye siz de katkı sağlayabilirsiniz, çünkü bu açık kaynaklı bir proje! +Ekibimizin haricinde [birçok kişi](https://github.com/privacyguides/privacyguides.org/graphs/contributors) projeye katkıda bulunmuştur. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Ekip üyelerimiz web sitesinde yapılan tüm değişiklikleri gözden geçirir; web sitesini yayınlama ve finans gibi idari görevleri yerine getirir, ancak bu siteye yapılan herhangi bir katkıdan kişisel olarak kar elde etmezler. Finansal bilgilerimiz Open Collective Foundation 501(c)(3) tarafından [opencollective.com/privacyguides](https://opencollective.com/privacyguides)adresinde şeffaf bir şekilde barındırılmaktadır. Privacy Guides'a yapılan bağışlar genellikle Amerika Birleşik Devletleri'nde vergiden düşülebilir. +Ekip üyelerimiz web sitesinde yapılan tüm değişiklikleri gözden geçirir; web sitesini yayınlama ve finans gibi idari görevleri yerine getirir, ancak bu siteye yapılan herhangi bir katkıdan kişisel olarak kar elde etmezler. Finansal bilgilerimiz Open Collective Foundation 501(c)(3) tarafından [opencollective.com/privacyguides](https://opencollective.com/privacyguides)adresinde şeffaf bir şekilde barındırılmaktadır. Donations to Privacy Guides are generally tax-deductible in the United States. ## Site Lisansı @@ -59,5 +87,3 @@ Ekip üyelerimiz web sitesinde yapılan tüm değişiklikleri gözden geçirir; :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Aksi belirtilmedikçe, bu web sitesindeki orijinal içerik [Creative Commons Attribution-NoDerivatives 4.0 Uluslararası Kamu Lisansı](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE) altında kullanıma sunulmuştur. Bu, `Privacy Guides (www.privacyguides.org)` adresine uygun şekilde atıfta bulunduğunuz ve lisansa bir bağlantı verdiğiniz sürece, materyali ticari olarak bile herhangi bir amaçla herhangi bir ortamda veya formatta kopyalamakta ve yeniden dağıtmakta özgür olduğunuz anlamına gelir. Bunu herhangi bir makul bir şekilde yapabilirsiniz, ancak Gizlilik Kılavuzları (Privacy Guides) sizi veya kullanımınızı onayladığı hiçbir şekilde değil. Bu web sitesinin içeriğini yeniden düzenler, dönüştürür veya oluşturursanız, değiştirilen materyali dağıtamazsınız. Bu lisans; insanların, çalışmalarımızı uygun şekilde kredi vermeden paylaşmalarını ve çalışmalarımızı insanları yanlış yönlendirmek için kullanılabilecek şekilde değiştirmelerini önlemek için mevcuttur. Bu lisansın koşullarını üzerinde çalıştığınız proje için çok kısıtlayıcı buluyorsanız, lütfen `jonah@privacyguides.org`adresinden bize ulaşın. Gizlilik alanındaki iyi niyetli projeler için alternatif lisanslama seçenekleri sunmaktan mutluluk duyuyoruz! - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/notices.md b/i18n/tr/about/notices.md index e98aedcf7..2af84bb3f 100644 --- a/i18n/tr/about/notices.md +++ b/i18n/tr/about/notices.md @@ -41,5 +41,3 @@ Aşağıdakiler de dahil olmak üzere, bu web sitesinde veya bu web sitesine gö * Kazıma (Scraping) * Veri Madenciliği (Data Mining) * Çerçeveleme (Framing, IFrames) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/privacy-policy.md b/i18n/tr/about/privacy-policy.md index c7dcd243d..eaa58ef57 100644 --- a/i18n/tr/about/privacy-policy.md +++ b/i18n/tr/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Privacy Policy" +title: "Gizlilik Politikası" --- Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/privacytools.md b/i18n/tr/about/privacytools.md index 5220dd4d7..515c21f59 100644 --- a/i18n/tr/about/privacytools.md +++ b/i18n/tr/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/services.md b/i18n/tr/about/services.md index a47e82c54..fcb67a15e 100644 --- a/i18n/tr/about/services.md +++ b/i18n/tr/about/services.md @@ -36,5 +36,3 @@ - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/statistics.md b/i18n/tr/about/statistics.md index e527df39f..7bc644bf1 100644 --- a/i18n/tr/about/statistics.md +++ b/i18n/tr/about/statistics.md @@ -59,5 +59,3 @@ title: Trafik İstatistikleri }) }) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/advanced/communication-network-types.md b/i18n/tr/advanced/communication-network-types.md index 6e0b8cc1a..1f07a2c4c 100644 --- a/i18n/tr/advanced/communication-network-types.md +++ b/i18n/tr/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/advanced/dns-overview.md b/i18n/tr/advanced/dns-overview.md index fc9577fc6..b47af2809 100644 --- a/i18n/tr/advanced/dns-overview.md +++ b/i18n/tr/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/advanced/payments.md b/i18n/tr/advanced/payments.md new file mode 100644 index 000000000..7e046ecd0 --- /dev/null +++ b/i18n/tr/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/tr/advanced/tor-overview.md b/i18n/tr/advanced/tor-overview.md index 10ca4765f..dd9d2a951 100644 --- a/i18n/tr/advanced/tor-overview.md +++ b/i18n/tr/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.tr.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/tr/android.md b/i18n/tr/android.md index 326f7db70..da50e124e 100644 --- a/i18n/tr/android.md +++ b/i18n/tr/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/account-creation.md b/i18n/tr/basics/account-creation.md index e4b38b3c7..afa5d429f 100644 --- a/i18n/tr/basics/account-creation.md +++ b/i18n/tr/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/account-deletion.md b/i18n/tr/basics/account-deletion.md index 8e997e6c8..2498d6045 100644 --- a/i18n/tr/basics/account-deletion.md +++ b/i18n/tr/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/common-misconceptions.md b/i18n/tr/basics/common-misconceptions.md index 7329f5f33..41997417f 100644 --- a/i18n/tr/basics/common-misconceptions.md +++ b/i18n/tr/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.tr.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/tr/basics/common-threats.md b/i18n/tr/basics/common-threats.md index 37bd133a1..e278c0cbf 100644 --- a/i18n/tr/basics/common-threats.md +++ b/i18n/tr/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.tr.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/tr/basics/email-security.md b/i18n/tr/basics/email-security.md index e55d27a10..f0c2fb579 100644 --- a/i18n/tr/basics/email-security.md +++ b/i18n/tr/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/multi-factor-authentication.md b/i18n/tr/basics/multi-factor-authentication.md index ac147f75d..bcf5ceb53 100644 --- a/i18n/tr/basics/multi-factor-authentication.md +++ b/i18n/tr/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/passwords-overview.md b/i18n/tr/basics/passwords-overview.md index 8c4e276e6..6858d8b5b 100644 --- a/i18n/tr/basics/passwords-overview.md +++ b/i18n/tr/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/threat-modeling.md b/i18n/tr/basics/threat-modeling.md index f570ca533..a35b694cc 100644 --- a/i18n/tr/basics/threat-modeling.md +++ b/i18n/tr/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Tehdit Modellemesi" icon: 'material/target-account' +description: Gizlilik yolculuğunuzda yüzleşeceğiniz ilk ve en zorlu görev; güvenliği, gizliliği ve kullanılabilirliği dengeleyebilmektir. --- Gizlilik yolculuğunuzda yüzleşeceğiniz ilk ve en zorlu görev; güvenliği, gizliliği ve kullanılabilirliği dengeleyebilmektir. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Kaynaklar - [EFF Surveillance Self Defense: Güvenlik Planınız](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/vpn-overview.md b/i18n/tr/basics/vpn-overview.md index 32756e082..a1a007f52 100644 --- a/i18n/tr/basics/vpn-overview.md +++ b/i18n/tr/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/calendar.md b/i18n/tr/calendar.md index e33d25f48..249293262 100644 --- a/i18n/tr/calendar.md +++ b/i18n/tr/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/cloud.md b/i18n/tr/cloud.md index fbe903161..a9343c63b 100644 --- a/i18n/tr/cloud.md +++ b/i18n/tr/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/cryptocurrency.md b/i18n/tr/cryptocurrency.md new file mode 100644 index 000000000..bb268f7a3 --- /dev/null +++ b/i18n/tr/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! öneri + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/tr/data-redaction.md b/i18n/tr/data-redaction.md index 0a6081293..bbb28647d 100644 --- a/i18n/tr/data-redaction.md +++ b/i18n/tr/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/desktop-browsers.md b/i18n/tr/desktop-browsers.md index 3fcf827a6..57a7108cb 100644 --- a/i18n/tr/desktop-browsers.md +++ b/i18n/tr/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Masaüstü Tarayıcıları" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- Bunlar, standart/anonim olmayan gezinti için şu anda önerilen masaüstü web tarayıcılarımız ve yapılandırmalarımızdır. İnternette anonim olarak gezinmeniz gerekiyorsa, bunun yerine [Tor](tor.md) kullanmalısınız. Genel olarak, tarayıcı uzantılarınızı en az miktarda tutmanızı öneririz; tarayıcınızda ayrıcalıklı erişime sahiptirler, geliştiriciye güvenmenizi gerektirirler, sizi [](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)öne çıkarabilir ve [](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site izolasyonunu zayıflatabilirler. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.tr.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/tr/desktop.md b/i18n/tr/desktop.md index d4e0cdba6..79666c716 100644 --- a/i18n/tr/desktop.md +++ b/i18n/tr/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/dns.md b/i18n/tr/dns.md index 8785ff6ed..57d649cde 100644 --- a/i18n/tr/dns.md +++ b/i18n/tr/dns.md @@ -1,49 +1,48 @@ --- -title: "DNS Resolvers" +title: "DNS Çözümleyicileri" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Şifrelenmiş DNS internet faaliyetlerinizi gizlemenize yardımcı olmaz. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Önerilen Sağlayıcılar -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| DNS Sağlayıcısı | Gizlilik Politikası | Protokoller | Günlük kaydı | ECS | Filtreleme | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ---------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Bazı[^1] | Hayır | Sunucu seçimine göre. Kullanılan filtre listesine buradan ulaşabilirsiniz. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Bazı[^2] | Hayır | Sunucu seçimine göre. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | İsteğe bağlı[^3] | Hayır | Sunucu seçimine göre. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | Hayır[^4] | Hayır | Sunucu seçimine göre. Kullanılan filtre listesine buradan ulaşabilirsiniz. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | İsteğe bağlı[^5] | İsteğe bağlı | Sunucu seçimine göre. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Bazı[^6] | İsteğe bağlı | Sunucu seçimine bağlı olarak, Malware varsayılan olarak engellenir. | -## Criteria +## Kriterler -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Lütfen önerdiğimiz projelerin hiçbirine bağlı olmadığımızı unutmayın.** [standart kriterlerimize](about/criteria.md)ek olarak, objektif tavsiyelerde bulunabilmemiz için bir dizi gereklilik geliştirdik. Bir projeyi kullanmayı seçmeden önce bu listeye aşina olmanızı ve sizin için doğru seçim olduğundan emin olmak için kendi araştırmanızı yapmanızı öneririz. -!!! example "This section is new" +!!! örnek "Bu bölüm yenidir" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Sitemizin her bölümü için tanımlanmış kriterler oluşturmaya çalışıyoruz ve bu değişebilir. Kriterlerimizle ilgili herhangi bir sorunuz varsa, lütfen [forumumuzda sorun](https://discuss.privacyguides.net/latest) ve burada listelenmemişse, önerilerimizi yaparken dikkate almadığımızı düşünmeyin. Bir projeyi önerdiğimizde dikkate alınan ve tartışılan birçok faktör vardır ve her birini belgelemek devam eden bir çalışmadır. -- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). -- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. -- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. +- [DNSSEC](advanced/dns-overview.md#what-is-dnssec) desteklemelidir. +- [QNAME Minimizasyonu](advanced/dns-overview.md#what-is-qname-minimization). +- [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) adresinin devre dışı bırakılmasına izin verilmelidir. +- [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) desteği veya coğrafi yönlendirme desteği tercih edilmelidir. -## Native Operating System Support +## İşletim Sistemi Desteği ### Android -Android 9 and above support DNS over TLS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**. +Android 9 ve üstü, TLS üzerinden DNS'yi destekler. Ayarlar şurada bulunabilir: **Ayarlar** → **Ağ & İnternet** → **Özel DNS**. -### Apple Devices +### Apple Cihazları -The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings). +iOS, iPadOS, tvOS ve macOS'in en son sürümleri hem DoT hem de DoH'yi desteklemektedir. Her iki protokol de [yapılandırma profilleri](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) veya [DNS Ayarları API'si](https://developer.apple.com/documentation/networkextension/dns_settings)aracılığıyla doğal olarak desteklenmektedir. -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +Bir yapılandırma profili veya DNS Ayarları API'sini kullanan bir uygulama yüklendikten sonra DNS yapılandırması seçilebilir. Bir VPN etkinse, VPN tüneli içindeki çözünürlük, sistem genelindeki ayarlarınızı değil VPN'in DNS ayarlarını kullanacaktır. #### Signed Profiles @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.tr.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/tr/email-clients.md b/i18n/tr/email-clients.md index 5a9cfb972..18831df4a 100644 --- a/i18n/tr/email-clients.md +++ b/i18n/tr/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/email.md b/i18n/tr/email.md index 8134df1c1..4f29f25b6 100644 --- a/i18n/tr/email.md +++ b/i18n/tr/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +####