mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-10-15 12:12:11 +00:00
New Crowdin Translations (#2074)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
@@ -1,6 +1,10 @@
|
||||
---
|
||||
hide:
|
||||
- feedback
|
||||
meta:
|
||||
-
|
||||
property: "robots"
|
||||
content: "noindex, nofollow"
|
||||
---
|
||||
|
||||
# 404 - Seite nicht gefunden
|
||||
@@ -13,5 +17,3 @@ Wir konnten die Seite, nach der du gesucht hast, nicht finden! Vielleicht hast d
|
||||
- [Beste VPN-Anbieter](vpn.md)
|
||||
- [Privacy Guides Forum](https://discuss.privacyguides.net)
|
||||
- [Unser Blog](https://blog.privacyguides.org)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,22 +1,22 @@
|
||||
# Community Code of Conduct
|
||||
# Verhaltenskodex der Gemeinschaft
|
||||
|
||||
**We pledge** to make our community a harassment-free experience for everyone.
|
||||
**Wir verpflichten uns**, unsere Gemeinschaft zu einer belästigungsfreien Erfahrung für alle zu machen.
|
||||
|
||||
**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others.
|
||||
**Wir bemühen uns,**, ein positives Umfeld zu schaffen, indem wir eine einladende und integrative Sprache verwenden und die Standpunkte anderer respektieren.
|
||||
|
||||
**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment.
|
||||
**Wir verbieten** unangemessenes oder anderweitig inakzeptables Verhalten, wie z. B. sexualisierte Sprache, Trolling und beleidigende Kommentare oder anderweitige Förderung von Intoleranz oder Belästigung.
|
||||
|
||||
## Community Standards
|
||||
## Gemeinschaftsstandards
|
||||
|
||||
What we expect from members of our communities:
|
||||
Was wir von den Mitgliedern unserer Gemeinschaften erwarten:
|
||||
|
||||
1. **Don't spread misinformation**
|
||||
1. **Keine Fehlinformationen verbreiten**
|
||||
|
||||
We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
|
||||
Wir schaffen eine evidenzbasierte Bildungsgemeinschaft rund um Datenschutz und Informationssicherheit, keine Heimat für Verschwörungserzählungen. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
|
||||
|
||||
1. **Don't abuse our willingness to help**
|
||||
|
||||
Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/).
|
||||
Unsere Community-Mitglieder sind kein kostenloser technischer Support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/).
|
||||
|
||||
1. **Behave in a positive and constructive manner**
|
||||
|
||||
@@ -38,16 +38,16 @@ The following behaviors are considered harassment and are unacceptable within ou
|
||||
- Publishing others' private information, such as a physical or email address, without their explicit permission
|
||||
- Other conduct which could reasonably be considered inappropriate in a professional setting
|
||||
|
||||
## Scope
|
||||
## Geltungsbereich
|
||||
|
||||
Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities.
|
||||
Unser Verhaltenskodex gilt für alle Projektbereiche und auch dann, wenn eine Person das Privacy Guides Projekt in anderen Gemeinschaften vertritt.
|
||||
|
||||
We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion.
|
||||
|
||||
### Contact
|
||||
### Kontakt
|
||||
|
||||
If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system.
|
||||
|
||||
If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`.
|
||||
|
||||
All community leaders are obligated to respect the privacy and security of the reporter of any incident.
|
||||
Alle Verantwortlichen der Community sind verpflichtet, die Privatsphäre und die Sicherheit der Person, die einen Vorfall meldet, zu respektieren.
|
||||
|
@@ -38,5 +38,3 @@ Wir haben diese Anforderungen an Entwickler, die eigene Projekt oder Software zu
|
||||
|
||||
- Must state what the exact threat model is with their project.
|
||||
- Den potenziellen Nutzern sollte klar sein, was das Projekt bieten kann und was nicht.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin
|
||||
We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md).
|
||||
|
||||
We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org).
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,10 +1,38 @@
|
||||
---
|
||||
template: schema.html
|
||||
title: "Über Privacy Guides"
|
||||
description: Privacy Guides ist eine sozial motivierte Website, die Informationen zum Schutz der eigenen Datensicherheit und Privatsphäre bereitstellt.
|
||||
---
|
||||
|
||||
**Privacy Guides** ist ein sozial motivierte Website, die Informationen zum Schutz deiner Datensicherheit und Privatsphäre bereitstellt. Wir sind ein gemeinnütziges Kollektiv, welches ausschließlich von freiwilligen [Teammitgliedern](https://discuss.privacyguides.net/g/team) und Mitwirkenden betrieben wird.
|
||||
{ align=right }
|
||||
|
||||
[:material-hand-coin-outline: Unterstütze das Projekts](donate.md ""){.md-button.md-button--primary}
|
||||
**Privacy Guides** ist eine sozial motivierte Website, die [Informationen](/kb) zum Schutz der eigenen Datensicherheit und Privatsphäre bereitstellt. Wir sind ein gemeinnütziges Kollektiv, welches ausschließlich von freiwilligen [Teammitgliedern](https://discuss.privacyguides.net/g/team) und Mitwirkenden betrieben wird. Unsere Website ist frei von Werbung und steht in keiner Verbindung zu den aufgeführten Anbieter*innen.
|
||||
|
||||
[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage }
|
||||
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](donate.md){ .card-link title=Contribute }
|
||||
|
||||
The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities.
|
||||
|
||||
> Um [datenschutzfreundliche alternative] Apps zu finden, besuchen Sie Websites wie Good Reports und **Privacy Guides**, die datenschutzfreundliche Apps in einer Vielzahl von Kategorien auflisten, darunter auch E-Mail-Anbieter (in der Regel mit kostenpflichtigen Tarifen), die nicht von den großen Technologieunternehmen betrieben werden.
|
||||
|
||||
— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/)
|
||||
|
||||
> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet.
|
||||
|
||||
— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch]
|
||||
|
||||
Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/).
|
||||
|
||||
## History
|
||||
|
||||
Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely.
|
||||
|
||||
In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document.
|
||||
|
||||
We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms.
|
||||
|
||||
So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry.
|
||||
|
||||
## Unser Team
|
||||
|
||||
@@ -48,16 +76,14 @@ title: "Über Privacy Guides"
|
||||
- [:simple-github: GitHub](https://github.com/hook9 "@hook9")
|
||||
- [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me}
|
||||
|
||||
Darüber hinaus haben [viele Menschen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) Beiträge zu dem Projekt geleistet. Du kannst das auch, wir sind Open Source auf GitHub!
|
||||
Darüber hinaus haben [viele Menschen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) Beiträge zu dem Projekt geleistet. Und du kannst auch, wir sind Open Source auf GitHub und nehmen Übersetzungsvorschläge auf [Crowdin](https://crowdin.com/project/privacyguides) an.
|
||||
|
||||
Unsere Teammitglieder überprüfen alle Änderungen, die an der Website vorgenommen werden, und kümmern sich um administrative Aufgaben wie Webhosting und Finanzen, allerdings profitieren sie nicht persönlich von den Beiträgen, die zu dieser Website geleistet werden. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States.
|
||||
Unsere Teammitglieder überprüfen alle Änderungen, die an der Website vorgenommen werden, und kümmern sich um administrative Aufgaben wie Webhosting und Finanzen, allerdings profitieren sie nicht persönlich von den Beiträgen, die zu dieser Website geleistet werden. Unsere Finanzdaten werden von der Open Collective Foundation 501(c)(3) unter [opencollective.com/privacyguides](https://opencollective.com/privacyguides)transparent veröffentlicht. Spenden an Privacy Guides sind in den Vereinigten Staaten generell von der Steuer absetzbar.
|
||||
|
||||
## Site License
|
||||
## Website-Lizenz
|
||||
|
||||
*The following is a human-readable summary of (and not a substitute for) the [license](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):*
|
||||
*Das Folgende ist eine menschenlesbare Zusammenfassung (und kein Ersatz für) der [Lizenz](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):*
|
||||
|
||||
:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material.
|
||||
:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Sofern nicht anders angegeben, werden die Originalinhalte auf dieser Website unter der [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE)zur Verfügung gestellt. Das bedeutet, dass es allen freisteht, das Material in jedem Medium oder Format für jeden Zweck, auch kommerziell, zu kopieren und weiterzugeben, solange `Privacy Guides (www.privacyguides.org)` in angemessener Anerkannt und ein Link zur Lizenz angeben wird. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material.
|
||||
|
||||
This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space!
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o
|
||||
* Scraping
|
||||
* Data Mining
|
||||
* 'Framing' (IFrames)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,31 +1,31 @@
|
||||
---
|
||||
title: "Privacy Policy"
|
||||
title: "Datenschutzerklärung"
|
||||
---
|
||||
|
||||
Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people).
|
||||
Privacy Guides ist ein Gemeinschaftsprojekt, das von einer Reihe aktiver freiwilliger Mitarbeiter*innen betrieben wird. Die öffentliche Liste der Teammitglieder [kann auf GitHub](https://github.com/orgs/privacyguides/people)eingesehen werden.
|
||||
|
||||
## Data We Collect From Visitors
|
||||
## Daten, die wir von Besuchenden sammeln
|
||||
|
||||
The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website:
|
||||
Die Privatsphäre unserer Website-Besuchenden ist uns wichtig, daher tracken wir keine Einzel Personen. Als Besuchende unserer Website:
|
||||
|
||||
- No personal information is collected
|
||||
- No information such as cookies are stored in the browser
|
||||
- No information is shared with, sent to or sold to third-parties
|
||||
- No information is shared with advertising companies
|
||||
- No information is mined and harvested for personal and behavioral trends
|
||||
- No information is monetized
|
||||
- Werden keine persönlichen Informationen gesammelt
|
||||
- Werden keine Informationen wie Cookies im Browser gespeichert
|
||||
- Werden keine Informationen an Dritte weitergegeben, gesendet oder verkauft
|
||||
- Werden keine Informationen an Werbefirmen weitergegeben
|
||||
- Werden keine Informationen über persönliche und verhaltensbezogene Trends gesammelt oder ausgewertet
|
||||
- Werden keine Informationen monetarisiert
|
||||
|
||||
You can view the data we collect on our [statistics](statistics.md) page.
|
||||
Die von uns gesammelten Daten können auf unserer [Statistikseite](statistics.md) einsehen werden.
|
||||
|
||||
We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected.
|
||||
Wir betreiben eine selbst gehostete Installation von [Plausible Analytics](https://plausible.io), um einige anonyme Nutzungsdaten zu statistischen Zwecken zu sammeln. Das Ziel ist es, allgemeine Trends in unserem Website-Verkehr zu verfolgen, nicht aber, einzelne Besuchende zu verfolgen. Alle Daten sind nur in aggregierter Form vorhanden. Keine persönlichen Daten werden erfasst.
|
||||
|
||||
Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy).
|
||||
Zu den erfassten Daten gehören Verweisquellen, Top-Seiten, Besuchsdauer, Informationen über das während des Besuchs verwendete Gerät (Gerätetyp, Betriebssystem, Land und Browser) und mehr. Mehr über die Funktionsweise von Plausible und die datenschutzkonforme Erfassung von Informationen sind [hier](https://plausible.io/data-policy) zu erfahren.
|
||||
|
||||
## Data We Collect From Account Holders
|
||||
## Daten, die wir von Kontoinhabenden sammeln
|
||||
|
||||
On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform.
|
||||
Auf einigen Websites und Diensten, die wir anbieten, kann für viele Funktionen ein Konto erforderlich sein. So kann beispielsweise ein Konto erforderlich sein, um auf einer Forenplattform Themen zu veröffentlichen und zu beantworten.
|
||||
|
||||
To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site.
|
||||
Um sich für die meisten Konten anzumelden, benötigen wir einen Namen, einen Benutzernamen, eine E-Mail-Adresse und ein Passwort. Falls eine Website mehr Informationen als nur diese Daten benötigt, wird dies deutlich gekennzeichnet und in einer separaten Datenschutzerklärung pro Website vermerkt.
|
||||
|
||||
We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services.
|
||||
|
||||
@@ -42,7 +42,7 @@ We will store your account data as long as your account remains open. After clos
|
||||
|
||||
## Contacting Us
|
||||
|
||||
The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to:
|
||||
Das Team von Privacy Guides hat im Allgemeinen keinen Zugang zu personenbezogenen Daten, abgesehen von dem begrenzten Zugang, der über einige Moderationspanels gewährt wird. Inquiries regarding your personal information should be sent directly to:
|
||||
|
||||
```text
|
||||
Jonah Aragon
|
||||
@@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc
|
||||
We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time.
|
||||
|
||||
A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca
|
||||
- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/)
|
||||
- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496)
|
||||
- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali
|
||||
- Availability: Semi-Public
|
||||
We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
|
||||
- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -59,5 +59,3 @@ title: Traffic Statistics
|
||||
})
|
||||
})
|
||||
</script>
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,11 +1,12 @@
|
||||
---
|
||||
title: "Types of Communication Networks"
|
||||
icon: 'material/transit-connection-variant'
|
||||
description: An overview of several network architectures commonly used by instant messaging applications.
|
||||
---
|
||||
|
||||
There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use.
|
||||
|
||||
[Recommended Instant Messengers](../real-time-communication.md ""){.md-button}
|
||||
[Empfohlene Instant Messenger](../real-time-communication.md ""){.md-button}
|
||||
|
||||
## Centralized Networks
|
||||
|
||||
@@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster
|
||||
- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
|
||||
- More complex to get started, as the creation and secured backup of a cryptographic private key is required.
|
||||
- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "DNS Overview"
|
||||
icon: material/dns
|
||||
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
|
||||
---
|
||||
|
||||
The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
|
||||
@@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a
|
||||
It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps.
|
||||
|
||||
This feature does come at a privacy cost, as it tells the DNS server some information about the client's location.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
84
i18n/de/advanced/payments.md
Normal file
84
i18n/de/advanced/payments.md
Normal file
@@ -0,0 +1,84 @@
|
||||
---
|
||||
title: Private Payments
|
||||
icon: material/hand-coin
|
||||
---
|
||||
|
||||
There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
|
||||
|
||||
## Cash
|
||||
|
||||
For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable.
|
||||
|
||||
Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations.
|
||||
|
||||
Despite this, it’s typically the best option.
|
||||
|
||||
## Prepaid Cards & Gift Cards
|
||||
|
||||
It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud.
|
||||
|
||||
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card.
|
||||
|
||||
Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
|
||||
|
||||
Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps.
|
||||
|
||||
Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash.
|
||||
|
||||
### Online Marketplaces
|
||||
|
||||
If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
|
||||
|
||||
When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero.
|
||||
|
||||
- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces)
|
||||
|
||||
## Virtual Cards
|
||||
|
||||
Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information.
|
||||
|
||||
- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services)
|
||||
|
||||
These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions.
|
||||
|
||||
## Cryptocurrency
|
||||
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
|
||||
|
||||
!!! danger
|
||||
|
||||
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
|
||||
|
||||
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
|
||||
|
||||
### Privacy Coins
|
||||
|
||||
There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.
|
||||
|
||||
- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)
|
||||
|
||||
Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance.
|
||||
|
||||
### Other Coins (Bitcoin, Ethereum, etc.)
|
||||
|
||||
The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons.
|
||||
|
||||
Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years.
|
||||
|
||||
==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged.
|
||||
|
||||
### Wallet Custody
|
||||
|
||||
With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
|
||||
|
||||
### Acquisition
|
||||
|
||||
Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward.
|
||||
|
||||
If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall.
|
||||
|
||||
## Additional Considerations
|
||||
|
||||
When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
|
||||
|
||||
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Tor Overview"
|
||||
icon: 'simple/torproject'
|
||||
description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible.
|
||||
---
|
||||
|
||||
Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications.
|
||||
@@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official**
|
||||
- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
|
||||
- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
||||
[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
|
||||
|
||||
[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Android"
|
||||
icon: 'simple/android'
|
||||
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
|
||||
---
|
||||
|
||||
{ align=right }
|
||||
@@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le
|
||||
|
||||
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
|
||||
|
||||
- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md)
|
||||
- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/)
|
||||
[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
|
||||
|
||||
[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button}
|
||||
|
||||
## AOSP Derivatives
|
||||
|
||||
@@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt
|
||||
- Applications on this page must not be applicable to any other software category on the site.
|
||||
- General applications should extend or replace core system functionality.
|
||||
- Applications should receive regular updates and maintenance.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Benutzerkontenerstellung"
|
||||
icon: 'material/account-plus'
|
||||
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
|
||||
---
|
||||
|
||||
Oft melden sich Menschen für Dienste an, ohne nachzudenken. Vielleicht ist es ein Streaming-Dienst, mit dem du die neue Serie, über die alle reden, sehen kannst, oder ein Konto, mit dem du einen Rabatt für dein Lieblingsrestaurant bekommst. In jedem Fall solltest du die Auswirkungen auf Ihre Daten jetzt und in Zukunft beachten.
|
||||
@@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call
|
||||
### Username and password
|
||||
|
||||
Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Account Deletion"
|
||||
icon: 'material/account-remove'
|
||||
description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection.
|
||||
---
|
||||
|
||||
Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence.
|
||||
@@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your
|
||||
## Avoid New Accounts
|
||||
|
||||
As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you!
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Common Misconceptions"
|
||||
icon: 'material/robot-confused'
|
||||
description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation.
|
||||
---
|
||||
|
||||
## "Open-source software is always secure" or "Proprietary software is more secure"
|
||||
@@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one
|
||||
|
||||
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
||||
[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Common Threats"
|
||||
icon: 'material/eye-outline'
|
||||
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
|
||||
---
|
||||
|
||||
Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
|
||||
@@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](.
|
||||
|
||||
You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
||||
[^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance).
|
||||
[^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
|
||||
[^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism)
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: Email Security
|
||||
icon: material/email
|
||||
description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
|
||||
---
|
||||
|
||||
Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed.
|
||||
@@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
|
||||
### Why Can't Metadata be E2EE?
|
||||
|
||||
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Multi-Factor Authentication"
|
||||
title: "Multi-Faktor-Authentifizierung"
|
||||
icon: 'material/two-factor-authentication'
|
||||
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
|
||||
---
|
||||
|
||||
**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
@@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
|
||||
### KeePass (and KeePassXC)
|
||||
|
||||
KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,19 +1,20 @@
|
||||
---
|
||||
title: "Introduction to Passwords"
|
||||
title: "Einführung in Passwörter"
|
||||
icon: 'material/form-textbox-password'
|
||||
description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure.
|
||||
---
|
||||
|
||||
Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced.
|
||||
Passwörter sind ein wesentlicher Bestandteil unseres täglichen digitalen Lebens. Wir nutzen sie, um unsere Konten, unsere Geräte und unsere Geheimnisse zu schützen. Obwohl sie oft das Einzige sind, was zwischen uns und Angreifenden steht, die es auf unsere privaten Daten abgesehen haben, wird nicht viel über sie nachgedacht, was oft dazu führt, dass Passwörter verwendet werden, die leicht zu erraten oder mit roher Gewalt heraus findbar sind.
|
||||
|
||||
## Best Practices
|
||||
## Bewährte Praktiken
|
||||
|
||||
### Use unique passwords for every service
|
||||
### Verwendung einzigartiger Kennwörter
|
||||
|
||||
Imagine this; you sign up for an account with the same e-mail and password on multiple online services. If one of those service providers is malicious, or their service has a data breach that exposes your password in an unencrypted format, all a bad actor would have to do is try that e-mail and password combination across multiple popular services until they get a hit. It doesn't matter how strong that one password is, because they already have it.
|
||||
|
||||
This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing), and it is one of the most common ways that your accounts can be compromised by bad actors. To avoid this, make sure that you never re-use your passwords.
|
||||
|
||||
### Use randomly generated passwords
|
||||
### Verwendung zufällig generierter Passwörter
|
||||
|
||||
==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices.
|
||||
|
||||
@@ -87,9 +88,9 @@ We recommend using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/e
|
||||
|
||||
To sum it up, diceware passphrases are your best option when you need something that is both easy to remember *and* exceptionally strong.
|
||||
|
||||
## Storing Passwords
|
||||
## Passwörter speichern
|
||||
|
||||
### Password Managers
|
||||
### Passwortverwaltung
|
||||
|
||||
The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them.
|
||||
|
||||
@@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o
|
||||
### Backups
|
||||
|
||||
You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Threat Modeling"
|
||||
icon: 'material/target-account'
|
||||
description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey.
|
||||
---
|
||||
|
||||
Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using!
|
||||
@@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled
|
||||
## Sources
|
||||
|
||||
- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,11 +1,12 @@
|
||||
---
|
||||
title: VPN Overview
|
||||
icon: material/vpn
|
||||
description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind.
|
||||
---
|
||||
|
||||
Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem).
|
||||
|
||||
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
|
||||
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
|
||||
|
||||
A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it.
|
||||
|
||||
@@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro
|
||||
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
|
||||
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
|
||||
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Calendar Sync"
|
||||
icon: material/calendar
|
||||
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
|
||||
---
|
||||
|
||||
Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them.
|
||||
@@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement
|
||||
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
|
||||
|
||||
- Should integrate with native OS calendar and contact management apps if applicable.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Cloud Storage"
|
||||
icon: material/file-cloud
|
||||
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
|
||||
---
|
||||
|
||||
Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE.
|
||||
@@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
|
||||
|
||||
Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development.
|
||||
|
||||
## Criteria
|
||||
|
||||
@@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android.
|
||||
- Should support easy file-sharing with other users.
|
||||
- Should offer at least basic file preview and editing functionality on the web interface.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
53
i18n/de/cryptocurrency.md
Normal file
53
i18n/de/cryptocurrency.md
Normal file
@@ -0,0 +1,53 @@
|
||||
---
|
||||
title: Cryptocurrency
|
||||
icon: material/bank-circle
|
||||
---
|
||||
|
||||
Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
|
||||
|
||||
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
|
||||
|
||||
!!! danger
|
||||
|
||||
Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
|
||||
|
||||
## Monero
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute }
|
||||
|
||||
With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
|
||||
|
||||
For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include:
|
||||
|
||||
- [Official Monero client](https://getmonero.org/downloads) (Desktop)
|
||||
- [Cake Wallet](https://cakewallet.com/) (iOS, Android)
|
||||
- Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/).
|
||||
- [Feather Wallet](https://featherwallet.org/) (Desktop)
|
||||
- [Monerujo](https://www.monerujo.io/) (Android)
|
||||
|
||||
For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p.
|
||||
|
||||
In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022.
|
||||
|
||||
Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations.
|
||||
|
||||
Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy.
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Cryptocurrency must provide private/untraceable transactions by default.
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Data and Metadata Redaction"
|
||||
icon: material/tag-remove
|
||||
description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share.
|
||||
---
|
||||
|
||||
When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata.
|
||||
@@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely:
|
||||
|
||||
- Apps developed for open-source operating systems must be open-source.
|
||||
- Apps must be free and should not include ads or other limitations.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Desktop Browsers"
|
||||
icon: material/laptop
|
||||
description: Firefox and Brave are our recommendations for standard/non-anonymous browsing.
|
||||
---
|
||||
|
||||
These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
@@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- Must not replicate built-in browser or OS functionality.
|
||||
- Must directly impact user privacy, i.e. must not simply provide information.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
||||
[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/).
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Desktop/PC"
|
||||
icon: simple/linux
|
||||
description: Linux distributions are commonly recommended for privacy protection and software freedom.
|
||||
---
|
||||
|
||||
Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
|
||||
@@ -180,5 +181,3 @@ Our recommended operating systems:
|
||||
- Must support full-disk encryption during installation.
|
||||
- Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
|
||||
- Must support a wide variety of hardware.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,61 +1,60 @@
|
||||
---
|
||||
title: "DNS Resolvers"
|
||||
icon: material/dns
|
||||
description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.
|
||||
---
|
||||
|
||||
!!! question "Should I use encrypted DNS?"
|
||||
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Verschlüsseltes DNS hilft dir nicht dabei, deine Browsing-Aktivitäten zu verbergen.
|
||||
|
||||
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
|
||||
|
||||
[Learn more about DNS](advanced/dns-overview.md){ .md-button }
|
||||
[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button}
|
||||
|
||||
## Recommended Providers
|
||||
## Empfohlene DNS-Anbieter
|
||||
|
||||
| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering |
|
||||
| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
|
||||
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH/3 <br> DoT | Some[^2] | No | Based on server choice. |
|
||||
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH/3 <br> DoT <br> DoQ | Optional[^3] | No | Based on server choice. |
|
||||
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
|
||||
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH/3 <br> DoT | Optional[^5] | Optional | Based on server choice. |
|
||||
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. |
|
||||
| DNS-Anbieter | Datenschutzerklärung | Protokolle | Logging | ECS | Filter |
|
||||
| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------ | ------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Klartext <br> DoH/3 <br> DoT <br> DNSCrypt | Some[^1] | Nein | Nach Server Wahl. Die verwendete Filterliste findest du hier. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
|
||||
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Klartext <br> DoH/3 <br> DoT | Some[^2] | Nein | Nach Server Wahl. |
|
||||
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Klartext <br> DoH/3 <br> DoT <br> DoQ | Optional[^3] | Nein | Nach Server Wahl. |
|
||||
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | Nein[^4] | Nein | Nach Server Wahl. Die verwendete Filterliste findest du hier. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
|
||||
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Klartext <br> DoH/3 <br> DoT | Optional[^5] | Optional | Nach Server Wahl. |
|
||||
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Klartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional | Nach Server Wahl, Schadware wird standardmäßig blockiert. |
|
||||
|
||||
## Criteria
|
||||
## Kriterien
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
**Bitte beachte, dass wir mit keinem der Projekte, die wir empfehlen, verbunden sind.** Zusätzlich zu unseren [Standardkriterien](about/criteria.md) haben wir eine Reihe klarer Anforderungen entwickelt, die es uns ermöglichen, objektive Empfehlungen zu geben. Wir empfehlen, sich mit dieser Liste vertraut zu machen, bevor sich für ein Projekt entschieden wird und eigenen Nachforschungen anzustellen, um sicherzustellen, dass es die richtige Wahl ist.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
Wir arbeiten daran, definierte Kriterien für jeden Bereich unserer Website festzulegen, daher kann dies sich noch ändern. Bei Fragen zu unseren Kriterien, können diese [in unserem Forum] (https://discuss.privacyguides.net/latest) gestellt werden. Und gehen Sie nicht davon aus, dass wir etwas bei unseren Empfehlungen nicht berücksichtigt haben, wenn es hier nicht aufgeführt ist. Es gibt viele Faktoren, die berücksichtigt und besprochen werden, wenn wir ein Projekt empfehlen, und die Dokumentation jedes einzelnen Faktors ist ein laufender Prozess.
|
||||
|
||||
- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
|
||||
- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
|
||||
- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled.
|
||||
- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support.
|
||||
- Muss [DNSSEC](advanced/dns-overview.md#what-is-dnssec) unterstützen.
|
||||
- [QNAME Minimierung](advanced/dns-overview.md#what-is-qname-minimization).
|
||||
- Erlaubt es [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) zu deaktivieren.
|
||||
- Bevorzugt [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) Unterstützung oder Geo-Steering-Unterstützung.
|
||||
|
||||
## Native Operating System Support
|
||||
## Unterstützung durch Betriebssysteme von Haus aus
|
||||
|
||||
### Android
|
||||
|
||||
Android 9 and above support DNS over TLS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**.
|
||||
Android 9 und höher unterstützen DNS über TLS. Die Einstellungen sind zu finden unter: **Einstellungen** → **Netzwerk & Internet** → **Privates DNS**.
|
||||
|
||||
### Apple Devices
|
||||
### Apple-Geräte
|
||||
|
||||
The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings).
|
||||
Die neuesten Versionen von iOS, iPadOS, tvOS und macOS unterstützen sowohl DoT als auch DoH. Beide Protokolle werden nativ über [Konfigurationsprofile](https://support.apple.com/de-de/guide/security/secf6fb9f053/web) oder über die [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings)unterstützt.
|
||||
|
||||
After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings.
|
||||
Nach der Installation eines Konfigurationsprofils oder einer Anwendung, die die DNS-Einstellungs-API verwendet, kann die DNS-Konfiguration ausgewählt werden. Wenn ein VPN aktiv ist, verwendet die DNS Auflösung innerhalb des VPN-Tunnels die DNS-Einstellungen des VPN und nicht deine systemweiten Einstellungen.
|
||||
|
||||
#### Signed Profiles
|
||||
#### Signierte Profile
|
||||
|
||||
Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
|
||||
Apple bietet keine native Schnittstelle zur Erstellung von Profilen mit verschlüsseltem DNS. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) ist ein inoffizielles Tool zur Erstellung eigener Profile mit verschlüsseltem DNS, diese sind jedoch nicht signiert. Signierte Profile sind zu bevorzugen; das Signieren bestätigt die Herkunft eines Profils und trägt dazu bei, die Integrität der Profile zu gewährleisten. Signierte Konfigurationsprofile erhalten ein grünes "Verifiziert"-Label. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
|
||||
|
||||
!!! info
|
||||
|
||||
`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
|
||||
`systemd-resolved`, das viele Linux-Distributionen für ihre DNS Abfragen verwenden, unterstützt noch nicht [DoH](https://github.com/systemd/systemd/issues/8639). Wenn trotzdem DoH verwendent werden soll, muss ein Proxy wie [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) installiert und [konfiguriert](https://wiki.archlinux.org/title/Dnscrypt-proxy) werden, um alle DNS-Anfragen vom System-Resolver entgegenzunehmen und sie über HTTPS weiterzuleiten.
|
||||
|
||||
## Encrypted DNS Proxies
|
||||
## Verschlüsseltes DNS-Proxy
|
||||
|
||||
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns).
|
||||
Verschlüsseltes DNS-Proxy-Software bietet einen lokalen Proxy, an den der [unverschlüsselte DNS](advanced/dns-overview.md#unencrypted-dns) weitergeleitet wird. Normalerweise wird es auf Plattformen verwendet, die [verschlüsseltes DNS](advanced/dns-overview.md#what-is-encrypted-dns) nicht unterstützen.
|
||||
|
||||
### RethinkDNS
|
||||
|
||||
@@ -64,7 +63,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too.
|
||||
**RethinkDNS** ist ein Open-Source Android-Client, der [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) und DNS-Proxy unterstützt, DNS-Antworten zwischenspeichert, DNS-Anfragen lokal protokolliert und auch als Firewall verwendet werden kann.
|
||||
|
||||
[:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
|
||||
@@ -97,9 +96,9 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
|
||||
- [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
|
||||
- [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
|
||||
|
||||
## Self-hosted Solutions
|
||||
## Selbstgehostete Lösungen
|
||||
|
||||
A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed.
|
||||
Eine selbst gehostete DNS-Lösung ist nützlich für die Filterung auf kontrollierten Plattformen wie Smart-TVs und anderen IoT-Geräten, da keine clientseitige Software erforderlich ist.
|
||||
|
||||
### AdGuard Home
|
||||
|
||||
@@ -107,9 +106,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
|
||||
|
||||
{ align=right }
|
||||
|
||||
**AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements.
|
||||
**AdGuard Home** ist ein Open-Source [DNS-Sinkhole](https://de.wikipedia.org/wiki/DNS-Sinkhole), das [DNS-Filterung](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) verwendet, um unerwünschte Webinhalte wie Werbung zu blockieren.
|
||||
|
||||
AdGuard Home features a polished web interface to view insights and manage blocked content.
|
||||
AdGuard Home bietet eine ausgefeilte Weboberfläche, über die Einblicke erhalten und blockierte Inhalte verwalten werden können.
|
||||
|
||||
[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
|
||||
@@ -122,9 +121,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements.
|
||||
**Pi-hole** ist ein Open-Source [DNS-Sinkhole](https://de.wikipedia.org/wiki/DNS-Sinkhole), das [DNS-Filterung](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) verwendet, um unerwünschte Webinhalte wie Werbung zu blockieren.
|
||||
|
||||
Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
|
||||
Pi-hole ist für den Betrieb auf einem Raspberry Pi konzipiert, ist aber nicht auf diese Hardware beschränkt. The software features a friendly web interface to view insights and manage blocked content.
|
||||
|
||||
[:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" }
|
||||
@@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
|
||||
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
||||
[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
|
||||
[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
|
||||
[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy)
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Email Clients"
|
||||
icon: material/email-open
|
||||
description: These email clients are privacy-respecting and support OpenPGP email encryption.
|
||||
---
|
||||
|
||||
Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft.
|
||||
@@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- Should not collect any telemetry by default.
|
||||
- Should support OpenPGP natively, i.e. without extensions.
|
||||
- Should support storing OpenPGP encrypted emails locally.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
237
i18n/de/email.md
237
i18n/de/email.md
@@ -1,23 +1,36 @@
|
||||
---
|
||||
title: "Email Services"
|
||||
icon: material/email
|
||||
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
|
||||
---
|
||||
|
||||
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
|
||||
E-Mail ist praktisch eine Notwendigkeit für die Nutzung aller Online-Dienste, wir empfehlen sie jedoch nicht für Gespräche von Mensch zu Mensch. Anstatt E-Mails für die Kontaktaufnahme mit anderen Personen zu verwenden, sollte ein Instant Messenger benutzt werden, der vorwärts gerichtete Geheimhaltung(forward secrecy) unterstützt.
|
||||
|
||||
[Recommended Instant Messengers](real-time-communication.md ""){.md-button}
|
||||
[Empfohlene Instant Messenger](real-time-communication.md ""){.md-button}
|
||||
|
||||
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features.
|
||||
Für alles andere empfehlen wir eine Reihe von E-Mail-Anbietern, die auf nachhaltigen Geschäftsmodellen basieren und integrierten Sicherheits- und Datenschutzfunktionen bieten.
|
||||
|
||||
## OpenPGP Compatible Services
|
||||
- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services)
|
||||
- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers)
|
||||
- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services)
|
||||
- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email)
|
||||
|
||||
These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
## OpenPGP-kompatible Dienste
|
||||
|
||||
These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Zum Beispiel können Proton Mail-Benutzende eine E2EE-Nachricht an Mailbox.org-Benutzende senden, oder sie können OpenPGP-verschlüsselte Benachrichtigungen von Internetdiensten erhalten, die dies unterstützen.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Proton Mail](email.md#proton-mail)
|
||||
- { .twemoji } [Mailbox.org](email.md#mailboxorg)
|
||||
|
||||
</div>
|
||||
|
||||
!!! warning
|
||||
|
||||
When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview).
|
||||
Bei der Verwendung von E2EE-Technologien wie OpenPGP enthalten E-Mails immer noch einige Metadaten in der Kopfzeile der E-Mail die nicht verschlüsselt sind. Mehr über [E-Mail Medadaten](basics/email-security.md#email-metadata-overview).
|
||||
|
||||
OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys)
|
||||
OpenPGP unterstützt auch keine vorwärts gerichtete Geheimhaltung, d.h. wenn entweder der eigene private Schlüssel oder der der Empfangenden gestohlen wird, sind alle vorher damit verschlüsselten Nachrichten offengelegt. [Wie schütze ich meine privaten Schlüssel?](basics/email-security.md#how-do-i-protect-my-private-keys)
|
||||
|
||||
### Proton Mail
|
||||
|
||||
@@ -25,7 +38,7 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
|
||||
**Proton Mail** ist ein E-Mail-Dienst mit dem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. Sie sind seit **2013** in Betrieb. Die Proton AG hat ihren Sitz in Genève, Schweiz. Konten im kostenlosen Tarif beginnen mit 500 MB Speicherplatz.
|
||||
|
||||
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
|
||||
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
|
||||
@@ -43,47 +56,47 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro
|
||||
- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
|
||||
- [:octicons-browser-16: Web](https://mail.proton.me)
|
||||
|
||||
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
|
||||
Kostenlose Konten haben einige Einschränkungen, wie z. B. die fehlende Möglichkeit, Text zu durchsuchen, und keinen Zugang zu [Proton Mail Bridge](https://proton.me/mail/bridge), die für die Verwendung eines [empfohlenen Desktop-E-Mail-Programms](email-clients.md) (z. B. Thunderbird) erforderlich ist. Bezahlte Konten umfassen Funktionen wie Proton Mail Bridge, zusätzlichen Speicher und das Verwenden eigener Domains. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
|
||||
|
||||
If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
|
||||
|
||||
Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
|
||||
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
|
||||
|
||||
??? success "Private Payment Methods"
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments.
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
|
||||
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
|
||||
|
||||
??? success "Data Security"
|
||||
#### :material-check:{ .pg-green } Data Security
|
||||
|
||||
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
|
||||
|
||||
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
|
||||
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
|
||||
|
||||
??? success "Email Encryption"
|
||||
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
|
||||
|
||||
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
|
||||
|
||||
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
|
||||
|
||||
Proton Mail doesn't offer a digital legacy feature.
|
||||
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
|
||||
Proton Mail doesn't offer a digital legacy feature.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
|
||||
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
|
||||
|
||||
### Mailbox.org
|
||||
|
||||
@@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par
|
||||
|
||||
- [:octicons-browser-16: Web](https://login.mailbox.org)
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
|
||||
|
||||
??? info "Private Payment Methods"
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
|
||||
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
|
||||
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
|
||||
|
||||
??? info "Data Security"
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
|
||||
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
|
||||
??? success "Email Encryption"
|
||||
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
|
||||
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
??? success "Digital Legacy"
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-check:{ .pg-green } Digital Legacy
|
||||
|
||||
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
|
||||
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
|
||||
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
|
||||
## More Providers
|
||||
|
||||
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji }{ .twemoji } [StartMail](email.md#startmail)
|
||||
- { .twemoji } [Tutanota](email.md#tutanota)
|
||||
|
||||
</div>
|
||||
|
||||
### StartMail
|
||||
|
||||
@@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par
|
||||
|
||||
- [:octicons-browser-16: Web](https://mail.startmail.com/login)
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
|
||||
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
|
||||
|
||||
??? warning "Private Payment Methods"
|
||||
#### :material-alert-outline:{ .pg-orange } Private Payment Methods
|
||||
|
||||
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
|
||||
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
|
||||
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
|
||||
|
||||
??? info "Data Security"
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
|
||||
|
||||
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
|
||||
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
|
||||
|
||||
??? success "Email Encryption"
|
||||
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
|
||||
|
||||
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients.
|
||||
|
||||
StartMail does not offer a digital legacy feature.
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
??? info "Account Termination"
|
||||
StartMail does not offer a digital legacy feature.
|
||||
|
||||
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
??? info "Additional Functionality"
|
||||
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
|
||||
|
||||
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
## More Providers
|
||||
|
||||
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
|
||||
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
|
||||
|
||||
### Tutanota
|
||||
|
||||
@@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr
|
||||
|
||||
Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
|
||||
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
|
||||
|
||||
??? warning "Private Payment Methods"
|
||||
#### :material-information-outline:{ .pg-blue } Private Payment Methods
|
||||
|
||||
Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
|
||||
Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
|
||||
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
|
||||
|
||||
??? success "Data Security"
|
||||
#### :material-check:{ .pg-green } Data Security
|
||||
|
||||
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
|
||||
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
|
||||
|
||||
??? warning "Email Encryption"
|
||||
#### :material-information-outline:{ .pg-blue } Email Encryption
|
||||
|
||||
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
|
||||
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
Tutanota doesn't offer a digital legacy feature.
|
||||
Tutanota doesn't offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
|
||||
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
|
||||
|
||||
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
|
||||
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
|
||||
|
||||
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
|
||||
|
||||
## Email Aliasing Services
|
||||
|
||||
An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji }{ .twemoji } [AnonAddy](email.md#anonaddy)
|
||||
- { .twemoji } [SimpleLogin](email.md#simplelogin)
|
||||
|
||||
</div>
|
||||
|
||||
Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
|
||||
|
||||
Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
|
||||
@@ -376,11 +403,11 @@ For a more manual approach we've picked out these two articles:
|
||||
|
||||
**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
|
||||
|
||||
### Technology
|
||||
### Technologie
|
||||
|
||||
We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Encrypts email account data at rest with zero-access encryption.
|
||||
- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard.
|
||||
@@ -398,11 +425,11 @@ We regard these features as important in order to provide a safe and optimal ser
|
||||
- Catch-all or alias functionality for those who own their own domains.
|
||||
- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider.
|
||||
|
||||
### Privacy
|
||||
### Datenschutz
|
||||
|
||||
We prefer our recommended providers to collect as little data as possible.
|
||||
Wir ziehen es vor, dass die von uns empfohlenen Anbieter*innen so wenig Daten wie möglich sammeln.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Protect sender's IP address. Filter it from showing in the `Received` header field.
|
||||
- Don't require personally identifiable information (PII) besides a username and a password.
|
||||
@@ -411,13 +438,13 @@ We prefer our recommended providers to collect as little data as possible.
|
||||
|
||||
**Best Case:**
|
||||
|
||||
- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.)
|
||||
- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
|
||||
|
||||
### Security
|
||||
### Sicherheit
|
||||
|
||||
Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Protection of webmail with 2FA, such as TOTP.
|
||||
- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
|
||||
@@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
|
||||
- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
|
||||
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/).
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/).
|
||||
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
|
||||
- Website security standards such as:
|
||||
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
|
||||
@@ -443,13 +470,13 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
|
||||
- Website security standards such as:
|
||||
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
|
||||
- [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct)
|
||||
- [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/)
|
||||
|
||||
### Trust
|
||||
### Vertrauen
|
||||
|
||||
You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Public-facing leadership or ownership.
|
||||
|
||||
@@ -462,7 +489,7 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t
|
||||
|
||||
With the email providers we recommend we like to see responsible marketing.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out.
|
||||
|
||||
@@ -478,8 +505,6 @@ Must not have any marketing which is irresponsible:
|
||||
|
||||
- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc.
|
||||
|
||||
### Additional Functionality
|
||||
### Zusätzliche Funktionalitäten
|
||||
|
||||
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Encryption Software"
|
||||
icon: material/file-lock
|
||||
description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files.
|
||||
---
|
||||
|
||||
Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here.
|
||||
@@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
|
||||
- Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave.
|
||||
- File encryption apps should have first- or third-party support for mobile platforms.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "File Sharing and Sync"
|
||||
icon: material/share-variant
|
||||
description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
|
||||
---
|
||||
|
||||
Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
|
||||
@@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
|
||||
- Has mobile clients for iOS and Android, which at least support document previews.
|
||||
- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
94
i18n/de/financial-services.md
Normal file
94
i18n/de/financial-services.md
Normal file
@@ -0,0 +1,94 @@
|
||||
---
|
||||
title: Financial Services
|
||||
icon: material/bank
|
||||
---
|
||||
|
||||
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
|
||||
|
||||
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
|
||||
|
||||
## Payment Masking Services
|
||||
|
||||
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
|
||||
|
||||
!!! tip "Check your current bank"
|
||||
|
||||
Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information.
|
||||
|
||||
### Privacy.com (US)
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank.
|
||||
|
||||
[:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation}
|
||||
|
||||
Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with.
|
||||
|
||||
### MySudo (US, Paid)
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use.
|
||||
|
||||
[:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
|
||||
|
||||
### Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances.
|
||||
- Cards must not require you to provide accurate billing address information to the merchant.
|
||||
|
||||
## Gift Card Marketplaces
|
||||
|
||||
These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
|
||||
|
||||
### Cake Pay
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants.
|
||||
|
||||
[:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation}
|
||||
|
||||
### CoinCards
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants.
|
||||
|
||||
[:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation}
|
||||
|
||||
### Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
!!! example "This section is new"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md).
|
||||
- No ID requirement.
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Frontends"
|
||||
icon: material/flip-to-front
|
||||
description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances.
|
||||
---
|
||||
|
||||
Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions.
|
||||
@@ -264,5 +265,3 @@ Recommended frontends...
|
||||
We only consider frontends for websites which are...
|
||||
|
||||
- Not normally accessible without JavaScript.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -7,38 +7,36 @@ hide:
|
||||
---
|
||||
|
||||
<!-- markdownlint-disable-next-line -->
|
||||
## Why should I care?
|
||||
## Warum sollte mich das interessieren?
|
||||
|
||||
##### “I have nothing to hide. Why should I care about my privacy?”
|
||||
##### "Ich habe nichts zu verbergen. Warum sollte ich mir Sorgen um meine Privatsphäre machen?"
|
||||
|
||||
Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination).
|
||||
Ähnlich wie das Recht auf gemischtrassige Ehen, das Frauenwahlrecht, das Recht auf freie Meinungsäußerung und viele andere wurde unser Recht auf Privatsphäre nicht immer gewährt. In einigen Diktaturen ist das immer noch der Fall. Generationen vor uns haben für unser Recht auf Privatsphäre gekämpft. ==Privatsphäre ist ein Menschenrecht, das uns allen innewohnt,== auf das wir (ohne Diskriminierung) Anspruch haben.
|
||||
|
||||
You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human.
|
||||
Privatsphäre sollte nicht mit Geheimhaltung verwechselt werden. Wir wissen, was auf der Toilette passiert, aber machen trotzdem die Tür zu. Das liegt daran, dass wir Privatsphäre wollen, keine Geheimhaltung. **Alle** haben etwas zu schützen. Privatsphäre ist etwas, das uns menschlich macht.
|
||||
|
||||
[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary}
|
||||
[:material-target-account: Häufige Internetbedrohungen](basics/common-threats.md ""){.md-button.md-button--primary}
|
||||
|
||||
## What should I do?
|
||||
## Was kann ich tun?
|
||||
|
||||
##### First, you need to make a plan
|
||||
##### Zunächst muss ein Plan erstellt werden
|
||||
|
||||
Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them.
|
||||
Der Versuch, alle unsere Daten ständig vor allen zu schützen, ist unpraktisch, teuer und anstrengend. Aber keine Sorge! Sicherheit ist ein Prozess, und durch vorausschauendes denken, kannst du einen Plan erstellen, der für dich geeignet ist. Bei Sicherheit geht es nicht nur um die Tools, die du verwendest, oder die Software, die du herunterlädst. Vielmehr geht es darum, die einzigartigen Bedrohungen zu verstehen, mit denen du konfrontiert bist, und herauszufinden, wie diese entschärft werden können.
|
||||
|
||||
==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan.
|
||||
== Dieser Prozess der Identifizierung von Bedrohungen und der Festlegung von Gegenmaßnahmen wird als **Bedrohungsanalyse** bezeichnet== und bildet die Grundlage für jeden guten Sicherheits- und Datenschutzplan.
|
||||
|
||||
[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary}
|
||||
[:material-book-outline: Mehr über die Bedrohungsanalyse erfahren](basics/threat-modeling.md ""){.md-button.md-button--primary}
|
||||
|
||||
---
|
||||
|
||||
## We need you! Here's how to get involved:
|
||||
## Wir brauchen dich! Hier ist, wie man sich beteiligt:
|
||||
|
||||
[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" }
|
||||
[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" }
|
||||
[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" }
|
||||
[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" }
|
||||
[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" }
|
||||
[:material-information-outline:](about/index.md){ title="Learn more about us" }
|
||||
[:material-hand-coin-outline:](about/donate.md){ title="Support the project" }
|
||||
[:simple-discourse:](https://discuss.privacyguides.net/){ title="Trete unserem Forum bei" }
|
||||
[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Folge uns auf Mastodon" }
|
||||
[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Trage zu dieser Website bei" }
|
||||
[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Hilf diese Website zu Übersetze" }
|
||||
[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chatte mit uns auf Matrix" }
|
||||
[:material-information-outline:](about/index.md){ title="Erfahre mehr über uns" }
|
||||
[:material-hand-coin-outline:](about/donate.md){ title="Unterstütze das Projekt" }
|
||||
|
||||
It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
Es ist wichtig, dass eine Website wie Privacy Guides immer auf dem neuesten Stand bleibt. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. Es ist schwer, mit der Schnelllebigkeit des Internets Schritt zu halten, aber wir versuchen unser Bestes. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.
|
||||
|
@@ -1,11 +1,12 @@
|
||||
---
|
||||
title: KB Archive
|
||||
icon: material/archive
|
||||
description: Some pages that used to be in our knowledge base can now be found on our blog.
|
||||
---
|
||||
|
||||
# Pages Moved to Blog
|
||||
|
||||
Einige Seiten, die früher in unserer Wissensdatenbank waren, sind jetzt in unserem Blog zu finden:
|
||||
Some pages that used to be in our knowledge base can now be found on our blog:
|
||||
|
||||
- [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/)
|
||||
- [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/)
|
||||
@@ -14,5 +15,3 @@ Einige Seiten, die früher in unserer Wissensdatenbank waren, sind jetzt in unse
|
||||
- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/)
|
||||
- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/)
|
||||
- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -2,7 +2,7 @@
|
||||
title: Branding Guidelines
|
||||
---
|
||||
|
||||
The name of the website is **Privacy Guides** and should **not** be changed to:
|
||||
Der Name der Website lautet **Privacy Guides** und sollte **nicht** geändert werden zu:
|
||||
|
||||
<div class="pg-red" markdown>
|
||||
- PrivacyGuides
|
||||
@@ -11,14 +11,12 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
|
||||
- PG.org
|
||||
</div>
|
||||
|
||||
The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
|
||||
Der Name des Subreddits lautet **r/PrivacyGuides** oder **the Privacy Guides Subreddit**.
|
||||
|
||||
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
|
||||
Weitere Branding-Richtlinien können unter [github.com/privacyguides/brand](https://github.com/privacyguides/brand) gefunden werden
|
||||
|
||||
## Trademark
|
||||
## Markenzeichen
|
||||
|
||||
"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
|
||||
"Privacy Guides" und das Schild-Logo sind Markenzeichen von Jonah Aragon, die uneingeschränkte Nutzung wird dem Privacy Guides Projekt gewährt.
|
||||
|
||||
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
Ohne auf seine Rechte zu verzichten, berät Privacy Guides andere nicht über den Umfang seiner geistigen Eigentumsrechte. Privacy Guides erlaubt oder genehmigt keine Verwendung seiner Markenzeichen in einer Art und Weise, die zu Verwechslungen führen kann, indem sie eine Verbindung mit oder ein Sponsoring durch Privacy Guides impliziert. Wenn Sie Kenntnis von einer solchen Nutzung haben, wenden Sie sich bitte an Jonah Aragon unter jonah@privacyguides.org. Wenden Sie sich an Ihren Rechtsbeistand, wenn Sie Fragen haben.
|
||||
|
@@ -1,10 +1,10 @@
|
||||
---
|
||||
title: Git Recommendations
|
||||
title: Git Empfehlungen
|
||||
---
|
||||
|
||||
If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations.
|
||||
|
||||
## Enable SSH Key Commit Signing
|
||||
## SSH-Schlüssel Commit-Signierung aktivieren
|
||||
|
||||
You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
|
||||
|
||||
@@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR
|
||||
git fetch origin
|
||||
git rebase origin/main
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,23 +1,23 @@
|
||||
---
|
||||
title: Uploading Images
|
||||
title: Bilder hochladen
|
||||
---
|
||||
|
||||
Here are a couple of general rules for contributing to Privacy Guides:
|
||||
Hier sind einige allgemeine Regeln um zu Privacy Guides beizutragen:
|
||||
|
||||
## Images
|
||||
## Bilder
|
||||
|
||||
- We **prefer** SVG images, but if those do not exist we can use PNG images
|
||||
- Wir **bevorzugen** SVG-Bilder, aber wenn diese nicht vorhanden sind, können wir PNG-Bilder verwenden
|
||||
|
||||
Company logos have canvas size of:
|
||||
Firmenlogos haben eine Leinwandgröße von:
|
||||
|
||||
- 128x128px
|
||||
- 384x128px
|
||||
|
||||
## Optimization
|
||||
## Optimierung
|
||||
|
||||
### PNG
|
||||
|
||||
Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image:
|
||||
Verwende [OptiPNG](https://sourceforge.net/projects/optipng/) um das PNG-Bild zu optimieren:
|
||||
|
||||
```bash
|
||||
optipng -o7 file.png
|
||||
@@ -27,51 +27,51 @@ optipng -o7 file.png
|
||||
|
||||
#### Inkscape
|
||||
|
||||
[Scour](https://github.com/scour-project/scour) all SVG images.
|
||||
[Scour](https://github.com/scour-project/scour) alle SVG-Bilder.
|
||||
|
||||
In Inkscape:
|
||||
|
||||
1. File Save As..
|
||||
2. Set type to Optimized SVG (*.svg)
|
||||
1. Speichern unter...
|
||||
2. Dateityp auf "Optimiertes SVG (*.svg)" setzen
|
||||
|
||||
In the **Options** tab:
|
||||
In der **Optionen** Registerkarte:
|
||||
|
||||
- **Number of significant digits for coordinates** > **5**
|
||||
- [x] Turn on **Shorten color values**
|
||||
- [x] Turn on **Convert CSS attributes to XML attributes**
|
||||
- [x] Turn on **Collapse groups**
|
||||
- [x] Turn on **Create groups for similar attributes**
|
||||
- [ ] Turn off **Keep editor data**
|
||||
- [ ] Turn off **Keep unreferenced definitions**
|
||||
- [x] Turn on **Work around renderer bugs**
|
||||
- **Anzahl der signifikaten Stellen für Koordinaten** > **5**
|
||||
- [x] Einschalten **Farbwerte kürzen**
|
||||
- [x] Einschalten **CSS-Attribute in XML-Attribute umwandeln**
|
||||
- [x] Einschalten **Gruppen zusammenklappen**
|
||||
- [x] Einschalten **Gruppen für ähnliche Attribute erstellen**
|
||||
- [ ] Ausschalten **Editor-Daten erhalten**
|
||||
- [ ] Ausschalten **Unreferenzierte Definitionen erhalten**
|
||||
- [x] Einschalten **Renderer-Fehler umgehen**
|
||||
|
||||
In the **SVG Output** tab under **Document options**:
|
||||
In der **SVG-Ausgabe** Registerkarte unter **Dokumenteinstellungen**:
|
||||
|
||||
- [ ] Turn off **Remove the XML declaration**
|
||||
- [x] Turn on **Remove metadata**
|
||||
- [x] Turn on **Remove comments**
|
||||
- [x] Turn on **Embeded raster images**
|
||||
- [x] Turn on **Enable viewboxing**
|
||||
- [ ] Ausschalten **XML-Deklaration entfernen**
|
||||
- [x] Einschalten **Metadaten entfernen**
|
||||
- [x] Einschalten **Kommentare entfernen**
|
||||
- [x] Einschalten **Rasterbilder einbetten**
|
||||
- [x] Einschalten **Viewbox aktivieren**
|
||||
|
||||
In the **SVG Output** under **Pretty-printing**:
|
||||
In der **SVG-Ausgabe** Registerkarte unter **Formatierung**:
|
||||
|
||||
- [ ] Turn off **Format output with line-breaks and indentation**
|
||||
- **Indentation characters** > Select **Space**
|
||||
- **Depth of indentation** > **1**
|
||||
- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element**
|
||||
- [ ] Ausschalten **Ausgabe mit Zeilenumbrüchen und Einrückungen formatieren**
|
||||
- **Zeichen für Einrückungen** > Wähle **Leerzeichen**
|
||||
- **Einrücktiefe** > **1**
|
||||
- [ ] Ausschalten **"xml:space"-Attribut vom SVG-Wurzelelement entfernen**
|
||||
|
||||
In the **IDs** tab:
|
||||
In der **IDs** Registerkarte:
|
||||
|
||||
- [x] Turn on **Remove unused IDs**
|
||||
- [ ] Turn off **Shorten IDs**
|
||||
- **Prefix shortened IDs with** > `leave blank`
|
||||
- [x] Turn on **Preserve manually created IDs not ending with digits**
|
||||
- **Preserve the following IDs** > `leave blank`
|
||||
- **Preserve IDs starting with** > `leave blank`
|
||||
- [x] Einschalten **Unbenutzte IDs entfernen**
|
||||
- [ ] Ausschalten **IDs kürzen**
|
||||
- **Präfix für gekürzte IDs** > `leer lassen`
|
||||
- [x] Einschalten **Manuell erstellte IDs, die nicht mit Ziffern enden, erhalten**
|
||||
- **Folgende IDs erhalten** > `leer lassen`
|
||||
- **IDs mit folgendem Präfix erhalten** > `leer lassen`
|
||||
|
||||
#### CLI
|
||||
|
||||
The same can be achieved with the [Scour](https://github.com/scour-project/scour) command:
|
||||
Das Gleiche kann mit dem [Scour](https://github.com/scour-project/scour) Befehl erreicht werden:
|
||||
|
||||
```bash
|
||||
scour --set-precision=5 \
|
||||
@@ -87,5 +87,3 @@ scour --set-precision=5 \
|
||||
--protect-ids-noninkscape \
|
||||
input.svg output.svg
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -8,68 +8,68 @@ In general the [United States federal plain language guidelines](https://www.pla
|
||||
|
||||
## Writing for our audience
|
||||
|
||||
Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with.
|
||||
Das [Zielpublikum](https://www.plainlanguage.gov/guidelines/audience/) von Privacy Guides besteht hauptsächlich aus durchschnittlichen, Techniknutzenden Erwachsenen. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with.
|
||||
|
||||
### Address only what people want to know
|
||||
|
||||
People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details.
|
||||
Menschen brauchen keine übermäßig komplexen Artikel mit geringer Relevanz für sie. Figure out what you want people to accomplish when writing an article, and only include those details.
|
||||
|
||||
> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.”
|
||||
|
||||
### Address people directly
|
||||
### Personen direkt ansprechen
|
||||
|
||||
We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly.
|
||||
Wir schreiben *für* für eine Vielzahl von Menschen, aber wir schreiben *an* die Person, die es tatsächlich liest. Use "you" to address the reader directly.
|
||||
|
||||
> More than any other single technique, using “you” pulls users into the information and makes it relevant to them.
|
||||
>
|
||||
> When you use “you” to address users, they are more likely to understand what their responsibility is.
|
||||
|
||||
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/)
|
||||
Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/)
|
||||
|
||||
### Avoid "users"
|
||||
|
||||
Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for.
|
||||
|
||||
## Organizing content
|
||||
## Organisieren von Inhalten
|
||||
|
||||
Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas.
|
||||
Organisieren ist der Schlüssel. Inhalte sollten von den wichtigsten zu den am wenigsten wichtigen Informationen fließen und Kopfzeilen so oft wie nötig verwendet werden, um verschiedene Ideen logisch zu trennen.
|
||||
|
||||
- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages.
|
||||
- Limit the document to around five or six sections. Lange Dokumente sollten wahrscheinlich in einzelne Seiten aufgeteilt werden.
|
||||
- Mark important ideas with **bold** or *italics*.
|
||||
|
||||
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/)
|
||||
Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/)
|
||||
|
||||
### Begin with a topic sentence
|
||||
|
||||
> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details.
|
||||
> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Überschriften sind hilfreich, reichen aber nicht aus. Establish a context for your audience before you provide them with the details.
|
||||
>
|
||||
> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point.
|
||||
> Wir schreiben oft so, wie wir denken, indem wir zuerst unsere Prämissen und dann unsere Schlussfolgerung formulieren. Es mag die natürliche Art sein, Gedanken zu entwickeln, aber wir enden mit dem Themensatz am Ende des Absatzes. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point.
|
||||
|
||||
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/)
|
||||
Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/)
|
||||
|
||||
## Choose your words carefully
|
||||
|
||||
> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand.
|
||||
> Worte sind von Bedeutung. Sie sind die grundlegenden Bausteine der schriftlichen und mündlichen Kommunikation. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand.
|
||||
|
||||
We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly.
|
||||
Wir sollten versuchen, Abkürzungen so weit wie möglich zu vermeiden, aber Technologie ist voll von Abkürzungen. Im Allgemeinen sollte die Abkürzung/das Akronym ausgeschrieben werden, wenn sie/es zum ersten Mal auf einer Seite verwendet wird, und die Abkürzung in die Glossar-Datei für Abkürzungen aufgenommen werden, wenn sie wiederholt verwendet wird.
|
||||
|
||||
> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences:
|
||||
>
|
||||
> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends.
|
||||
>
|
||||
> And the original, using stronger, simpler words:
|
||||
> Und das Original, mit stärkeren, einfacheren Worten:
|
||||
>
|
||||
> > More night jobs would keep youths off the streets.
|
||||
> > Mehr Nachtjobs würden die Jugendlichen von der Straße fernhalten.
|
||||
|
||||
## Be concise
|
||||
## Prägnant sein
|
||||
|
||||
> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
|
||||
> Unnecessary words waste your audience’s time. Gutes Schreiben ist wie ein Gespräch. Omit information that the audience doesn’t need to know. Als Fachexperte kann dies schwierig sein, daher ist es wichtig, dass jemand die Informationen aus der Perspektive des Publikums betrachtet.
|
||||
|
||||
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/)
|
||||
Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/)
|
||||
|
||||
## Keep text conversational
|
||||
|
||||
> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting.
|
||||
> Verben sind der Treibstoff des Schreibens. Sie geben Sätzen Kraft und Richtung. They enliven your writing and make it more interesting.
|
||||
>
|
||||
> Verbs tell your audience what to do. Make sure it’s clear who does what.
|
||||
|
||||
@@ -79,11 +79,9 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/)
|
||||
|
||||
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/)
|
||||
|
||||
### Use "must" for requirements
|
||||
### Verwendung von "muss" für Anforderungen
|
||||
|
||||
> - “must” for an obligation
|
||||
> - “must not” for a prohibition
|
||||
> - “may” for a discretionary action
|
||||
> - “should” for a recommendation
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
> - "musst" für eine Verpflichtung
|
||||
> - "darf nicht" für ein Verbot
|
||||
> - "kann" für eine Ermessensentscheidung
|
||||
> - "sollte" für eine Empfehlung
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Mobile Browsers"
|
||||
icon: material/cellphone-information
|
||||
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
|
||||
---
|
||||
|
||||
These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
@@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface
|
||||
|
||||
- Must not replicate built-in browser or OS functionality.
|
||||
- Must directly impact user privacy, i.e. must not simply provide information.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Multi-Factor Authenticators"
|
||||
icon: 'material/two-factor-authentication'
|
||||
description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
|
||||
---
|
||||
|
||||
## Hardware Security Keys
|
||||
@@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
- Must not require internet connectivity.
|
||||
- Must not sync to a third-party cloud sync/backup service.
|
||||
- **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,9 +1,10 @@
|
||||
---
|
||||
title: "News Aggregators"
|
||||
icon: material/rss
|
||||
description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS.
|
||||
---
|
||||
|
||||
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites.
|
||||
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites.
|
||||
|
||||
## Aggregator clients
|
||||
|
||||
@@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info
|
||||
```text
|
||||
https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID]
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Notebooks"
|
||||
icon: material/notebook-edit-outline
|
||||
description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party.
|
||||
---
|
||||
|
||||
Keep track of your notes and journalings without giving them to a third-party.
|
||||
@@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si
|
||||
|
||||
- Local backup/sync functionality should support encryption.
|
||||
- Cloud-based platforms should support document sharing.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: Android Overview
|
||||
icon: simple/android
|
||||
description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones.
|
||||
---
|
||||
|
||||
Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system.
|
||||
@@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi
|
||||
|
||||
## Android Permissions
|
||||
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps.
|
||||
|
||||
Should you want to run an app that you're unsure about, consider using a user or work profile.
|
||||
A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
|
||||
|
||||
Android 10:
|
||||
|
||||
- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there.
|
||||
- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user.
|
||||
|
||||
Android 11:
|
||||
|
||||
- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once.
|
||||
- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened.
|
||||
- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features.
|
||||
|
||||
Android 12:
|
||||
|
||||
- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location).
|
||||
- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation).
|
||||
- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access.
|
||||
|
||||
Android 13:
|
||||
|
||||
- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location.
|
||||
- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only.
|
||||
- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission.
|
||||
|
||||
An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need.
|
||||
|
||||
[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal.
|
||||
|
||||
!!! warning
|
||||
|
||||
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
|
||||
|
||||
!!! note
|
||||
|
||||
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
|
||||
|
||||
## Media Access
|
||||
|
||||
@@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out
|
||||
[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
|
||||
|
||||
As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,9 +1,10 @@
|
||||
---
|
||||
title: Linux Overview
|
||||
icon: simple/linux
|
||||
description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal.
|
||||
---
|
||||
|
||||
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
|
||||
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
|
||||
|
||||
At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.:
|
||||
|
||||
@@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co
|
||||
This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
|
||||
|
||||
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Qubes Overview"
|
||||
icon: simple/qubesos
|
||||
description: Qubes is an operating system built around isolating apps within virtual machines for heightened security.
|
||||
---
|
||||
|
||||
[**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/).
|
||||
@@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do
|
||||
- J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
|
||||
- J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html)
|
||||
- Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Password Managers"
|
||||
icon: material/form-textbox-password
|
||||
description: Password managers allow you to securely store and manage passwords and other credentials.
|
||||
---
|
||||
|
||||
Password managers allow you to securely store and manage passwords and other credentials with the use of a master password.
|
||||
@@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
|
||||
- Must be cross-platform.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Productivity Tools"
|
||||
icon: material/file-sign
|
||||
description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
|
||||
---
|
||||
|
||||
Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints.
|
||||
@@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a
|
||||
[:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
|
||||
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Real-Time Communication"
|
||||
icon: material/chat-processing
|
||||
description: Other instant messengers make all of your private conversations available to the company that runs them.
|
||||
---
|
||||
|
||||
These are our recommendations for encrypted real-time communication.
|
||||
@@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
- Should be decentralized, i.e. federated or P2P.
|
||||
- Should use E2EE for all messages by default.
|
||||
- Should support Linux, macOS, Windows, Android, and iOS.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Router-Firmware"
|
||||
icon: material/router-wireless
|
||||
description: These alternative operating systems can be used to secure your router or Wi-Fi access point.
|
||||
---
|
||||
|
||||
Nachstehend sind ein paar alternative Betriebssysteme gelistet, die auf Routern, WLAN-Zugangspunkten usw. eingesetzt werden können.
|
||||
@@ -47,5 +48,3 @@ OPNsense wurde ursprünglich als Fork von [pfSense](https://en.wikipedia.org/wik
|
||||
- Must be open source.
|
||||
- Must receive regular updates.
|
||||
- Must support a wide variety of hardware.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Search Engines"
|
||||
icon: material/search-web
|
||||
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
|
||||
---
|
||||
|
||||
Use a search engine that doesn't build an advertising profile based on your searches.
|
||||
@@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
|
||||
|
||||
- Should be based on open-source software.
|
||||
- Should not block Tor exit node IP addresses.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -3,6 +3,7 @@ title: "Privacy Tools"
|
||||
icon: material/tools
|
||||
hide:
|
||||
- toc
|
||||
description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats.
|
||||
---
|
||||
|
||||
If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs.
|
||||
@@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
|
||||
- { .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
|
||||
- { .twemoji } [Shelter (Work Profiles)](android.md#shelter)
|
||||
- { .twemoji }{ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
|
||||
- { .twemoji }{ .twemoji } [Secure Camera](android.md#secure-camera)
|
||||
@@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email)
|
||||
|
||||
### Financial Services
|
||||
|
||||
#### Payment Masking Services
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji }{ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free)
|
||||
- { .twemoji }{ .twemoji } [MySudo](financial-services.md#mysudo-us-paid)
|
||||
</div>
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services)
|
||||
|
||||
#### Online Gift Card Marketplaces
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Cake Pay](financial-services.md#cake-pay)
|
||||
- { .twemoji } [CoinCards](financial-services.md#coincards)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces)
|
||||
|
||||
### Search Engines
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Proton VPN](vpn.md#proton-vpn)
|
||||
- { .twemoji } [IVPN](vpn.md#ivpn)
|
||||
- { .twemoji } [Mullvad](vpn.md#mullvad)
|
||||
- { .twemoji } [Proton VPN](vpn.md#proton-vpn)
|
||||
|
||||
</div>
|
||||
|
||||
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](calendar.md)
|
||||
|
||||
### Cryptocurrency
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji }[Monero](cryptocurrency.md#monero)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md)
|
||||
|
||||
### Data and Metadata Redaction
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
</div>
|
||||
|
||||
[Learn more :material-arrow-right-drop-circle:](video-streaming.md)
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,11 +1,12 @@
|
||||
---
|
||||
title: "Tor Network"
|
||||
title: "Tor-Netzwerk"
|
||||
icon: simple/torproject
|
||||
description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship.
|
||||
---
|
||||
|
||||
{ align=right }
|
||||
|
||||
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
|
||||
Das **Tor** Netzwerk besteht aus von freiwillig betriebenen Servern, die es ermöglichen, kostenlos die eigene Privatsphäre und Sicherheit im Internet zu verbessern. Einzelpersonen und Organisationen können auch Informationen über das Tor-Netzwerk mit ".onion versteckten Diensten" austauschen, ohne ihre Privatsphäre zu gefährden. Da der Tor-Verkehr schwer zu blockieren und zurückzuverfolgen ist, ist Tor ein effektives Werkzeug zur Zensur Umgehung.
|
||||
|
||||
[:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage }
|
||||
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
|
||||
@@ -13,17 +14,11 @@ The **Tor** network is a group of volunteer-operated servers that allows you to
|
||||
[:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
|
||||
|
||||
Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
|
||||
Tor funktioniert, indem es deinen Internetverkehr über diese von Freiwilligen betriebenen Server leitet, anstatt eine direkte Verbindung zu der Website herzustellen, die du besuchen willst. Dadurch wird verschleiert, woher der Datenverkehr kommt, und kein Server im Verbindungspfad ist in der Lage, den vollständigen Pfad zu sehen, woher der Datenverkehr kommt und wohin er geht, was bedeutet, dass selbst die Server, die du für die Verbindung verwendest, deiner Anonymität nichts anhaben können.
|
||||
|
||||
<figure markdown>
|
||||

|
||||

|
||||
<figcaption>Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.</figcaption>
|
||||
</figure>
|
||||
[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button}
|
||||
|
||||
- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md)
|
||||
|
||||
## Connecting to Tor
|
||||
## Verbinden mit Tor
|
||||
|
||||
There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser.
|
||||
|
||||
@@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
|
||||
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
|
||||
|
||||
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
@@ -1,9 +1,10 @@
|
||||
---
|
||||
title: "Video Streaming"
|
||||
icon: material/video-wireless
|
||||
description: These networks allow you to stream internet content without building an advertising profile based on your interests.
|
||||
---
|
||||
|
||||
The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage.
|
||||
Die primäre Bedrohung bei der Nutzung einer Videostreaming-Plattform besteht darin, dass deine Streaming-Gewohnheiten und Abonnementlisten dazu verwendet werden könnten, um ein Profil von dir zu erstellen. Du solltest diese Tools zusammen mit einem [VPN](vpn.md) oder [Tor](https://www.torproject.org/) verwenden, damit nicht so leicht ein Nutzungsprofil von dir erstellt werden kann.
|
||||
|
||||
## LBRY
|
||||
|
||||
@@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
|
||||
|
||||
- Must not require a centralized account to view videos.
|
||||
- Decentralized authentication, such as via a mobile wallet's private key is acceptable.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
330
i18n/de/vpn.md
330
i18n/de/vpn.md
@@ -1,11 +1,20 @@
|
||||
---
|
||||
title: "VPN Services"
|
||||
icon: material/vpn
|
||||
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
|
||||
---
|
||||
|
||||
Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
|
||||
|
||||
??? danger "VPNs do not provide anonymity"
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [IVPN](#ivpn)
|
||||
- { .twemoji } [Mullvad](#mullvad)
|
||||
- { .twemoji } [Proton VPN](#proton-vpn)
|
||||
|
||||
</div>
|
||||
|
||||
!!! danger "VPNs bieten keine Anonymität"
|
||||
|
||||
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
|
||||
|
||||
@@ -13,82 +22,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
|
||||
|
||||
[Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
|
||||
[Tor herunterladen](https://www.torproject.org/){ .md-button .md-button--primary } [Tor-Mythen & FAQ](advanced/tor-overview.md){ .md-button }
|
||||
|
||||
??? question "When are VPNs useful?"
|
||||
[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button}
|
||||
|
||||
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved.
|
||||
|
||||
[More Info](basics/vpn-overview.md){ .md-button }
|
||||
## Empfohlene Anbieter
|
||||
|
||||
## Recommended Providers
|
||||
|
||||
!!! abstract "Criteria"
|
||||
|
||||
Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information.
|
||||
|
||||
### Proton VPN
|
||||
|
||||
!!! recommendation annotate
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.
|
||||
|
||||
[:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085)
|
||||
- [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases)
|
||||
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
|
||||
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
|
||||
|
||||
??? success annotate "67 Countries"
|
||||
|
||||
Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
1. Last checked: 2022-09-16
|
||||
|
||||
??? success "Independently Audited"
|
||||
|
||||
As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
|
||||
|
||||
??? success "Open-Source Clients"
|
||||
|
||||
Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
|
||||
|
||||
??? success "Accepts Cash"
|
||||
|
||||
Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment.
|
||||
|
||||
??? success "WireGuard Support"
|
||||
|
||||
Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
|
||||
|
||||
??? warning "Remote Port Forwarding"
|
||||
|
||||
Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients.
|
||||
|
||||
??? success "Mobile Clients"
|
||||
|
||||
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
|
||||
|
||||
!!! danger "Killswitch feature is broken on Intel-based Macs"
|
||||
|
||||
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
|
||||
Die von uns empfohlenen Anbieter verwenden Verschlüsselung, akzeptieren Monero, unterstützen WireGuard & OpenVPN und haben eine No-Logging-Richtlinie. Read our [full list of criteria](#criteria) for more information.
|
||||
|
||||
### IVPN
|
||||
|
||||
@@ -96,12 +36,12 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
{ align=right }
|
||||
|
||||
**IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
|
||||
**IVPN** ist ein weiterer Premium-VPN-Anbieter und ist seit 2009 aktiv. IVPN hat den Sitz in Gibraltar.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
|
||||
[:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Datenschutzrichtlinie" }
|
||||
[:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Dokumentation}
|
||||
[:octicons-code-16:](https://github.com/ivpn){ .card-link title="Quellcode" }
|
||||
|
||||
??? downloads
|
||||
|
||||
@@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
- [:simple-apple: macOS](https://www.ivpn.net/apps-macos/)
|
||||
- [:simple-linux: Linux](https://www.ivpn.net/apps-linux/)
|
||||
|
||||
??? success annotate "35 Countries"
|
||||
#### :material-check:{ .pg-green } 35 Countries
|
||||
|
||||
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel.
|
||||
{ .annotate }
|
||||
|
||||
1. Last checked: 2022-09-16
|
||||
1. Stand: 2022-09-16
|
||||
|
||||
??? success "Independently Audited"
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf).
|
||||
#### :material-check:{ .pg-green } Independently Audited
|
||||
|
||||
??? success "Open-Source Clients"
|
||||
IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf).
|
||||
|
||||
As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
|
||||
#### :material-check:{ .pg-green } Open-Source Clients
|
||||
|
||||
??? success "Accepts Cash and Monero"
|
||||
As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
|
||||
|
||||
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
|
||||
#### :material-check:{ .pg-green } Accepts Cash and Monero
|
||||
|
||||
??? success "WireGuard Support"
|
||||
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
|
||||
|
||||
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
#### :material-check:{ .pg-green } WireGuard Support
|
||||
|
||||
??? success "Remote Port Forwarding"
|
||||
IVPN unterstützt das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein.
|
||||
|
||||
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
|
||||
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
|
||||
??? success "Mobile Clients"
|
||||
#### :material-check:{ .pg-green } Remote Port Forwarding
|
||||
|
||||
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
|
||||
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-check:{ .pg-green } Mobile Clients
|
||||
|
||||
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
IVPN-Clients unterstützen Zwei-Faktor-Authentifizierung (die Clients von Mullvad nicht). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
|
||||
### Mullvad
|
||||
|
||||
@@ -155,13 +96,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial.
|
||||
**Mullvad** ist ein schnelles und preiswertes VPN mit einem ernsthaften Fokus auf Transparenz und Sicherheit. Mullvad ist seit **2009** in Betrieb. Mullvad ist in Schweden ansässig und bietet keine kostenlose Testversion an.
|
||||
|
||||
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
|
||||
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
|
||||
[:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" }
|
||||
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Dienst" }
|
||||
[:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Datenschutzrichtlinie" }
|
||||
[:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Dokumentation}
|
||||
[:octicons-code-16:](https://github.com/mullvad){ .card-link title="Quellcode" }
|
||||
|
||||
??? downloads
|
||||
|
||||
@@ -172,102 +113,167 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
- [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
|
||||
- [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
|
||||
|
||||
??? success annotate "41 Countries"
|
||||
#### :material-check:{ .pg-green } 41 Countries
|
||||
|
||||
Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel.
|
||||
{ .annotate }
|
||||
|
||||
1. Stand: 2023-01-19
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
#### :material-check:{ .pg-green } Independently Audited
|
||||
|
||||
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded:
|
||||
|
||||
> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
|
||||
|
||||
In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website:
|
||||
|
||||
> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
|
||||
|
||||
In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf).
|
||||
|
||||
#### :material-check:{ .pg-green } Open-Source Clients
|
||||
|
||||
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
|
||||
|
||||
#### :material-check:{ .pg-green } Accepts Cash and Monero
|
||||
|
||||
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Sie akzeptieren auch Swish- und Banküberweisungen.
|
||||
|
||||
#### :material-check:{ .pg-green } WireGuard Support
|
||||
|
||||
Mullvad unterstützt das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein.
|
||||
|
||||
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
|
||||
#### :material-check:{ .pg-green } IPv6 Support
|
||||
|
||||
Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
|
||||
|
||||
#### :material-check:{ .pg-green } Remote Port Forwarding
|
||||
|
||||
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
|
||||
|
||||
#### :material-check:{ .pg-green } Mobile Clients
|
||||
|
||||
Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
|
||||
|
||||
### Proton VPN
|
||||
|
||||
!!! recommendation annotate
|
||||
|
||||
{ align=right }
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
1. Last checked: 2023-01-19
|
||||
|
||||
??? success "Independently Audited"
|
||||
|
||||
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded:
|
||||
**Proton VPN** ist ein starker Anwärter im VPN-Bereich und ist seit 2016 in Betrieb. Die Proton AG hat ihren Sitz in der Schweiz und bietet sowohl eine begrenzte kostenlose als auch eine umfangreichere Premium-Option an.
|
||||
|
||||
> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
|
||||
[:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Datenschutzrichtlinie" }
|
||||
[:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Dokumentation}
|
||||
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Quellcode" }
|
||||
|
||||
In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website:
|
||||
??? downloads
|
||||
|
||||
> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
|
||||
|
||||
In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf).
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085)
|
||||
- [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases)
|
||||
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
|
||||
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
|
||||
|
||||
??? success "Open-Source Clients"
|
||||
#### :material-check:{ .pg-green } 67 Countries
|
||||
|
||||
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
|
||||
Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel.
|
||||
{ .annotate }
|
||||
|
||||
??? success "Accepts Cash and Monero"
|
||||
1. Stand: 2022-09-16
|
||||
|
||||
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers.
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
??? success "WireGuard Support"
|
||||
#### :material-check:{ .pg-green } Independently Audited
|
||||
|
||||
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
Im Januar 2020 hat sich Proton VPN einem unabhängigen Audit durch SEC Consult unterzogen. SEC Consult fand einige Sicherheitslücken mit mittlerem und niedrigem Risiko in den Windows-, Android- und iOS-Anwendungen von Proton VPN, die alle von Proton VPN vor der Veröffentlichung der Berichte "ordnungsgemäß behoben" wurden. Keines der festgestellten Probleme hätte angreifenden Fernzugriff auf dein Gerät oder deinen Datenverkehr ermöglicht. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
|
||||
|
||||
??? success "IPv6 Support"
|
||||
#### :material-check:{ .pg-green } Open-Source Clients
|
||||
|
||||
Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
|
||||
Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
|
||||
|
||||
??? success "Remote Port Forwarding"
|
||||
#### :material-check:{ .pg-green } Accepts Cash
|
||||
|
||||
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
|
||||
Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
|
||||
|
||||
??? success "Mobile Clients"
|
||||
#### :material-check:{ .pg-green } WireGuard Support
|
||||
|
||||
Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
|
||||
Proton VPN unterstützt hauptsächlich das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
|
||||
|
||||
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
|
||||
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
|
||||
|
||||
## Criteria
|
||||
Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients.
|
||||
|
||||
#### :material-check:{ .pg-green } Mobile Clients
|
||||
|
||||
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Proton VPN Clients unterstützen Zwei-Faktor-Authentifizierung auf allen Plattformen außer Linux. Proton VPN hat eigene Server und Rechenzentren in der Schweiz, Island und Schweden. Sie bieten mit ihrem DNS-Dienst die Möglichkeit, Werbung und Schadware zu blockieren. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
|
||||
|
||||
#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
|
||||
|
||||
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Wenn du diese Funktion benötigst und einen Mac mit Intel-Chipsatz verwendest, solltest du einen anderen VPN-Dienst nutzen.
|
||||
|
||||
## Kriterien
|
||||
|
||||
!!! danger
|
||||
|
||||
It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.
|
||||
It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. Ein VPN ist kein Werkzeug für illegale Aktivitäten. Verlasse dich nicht auf "no Log" Richtlienen.
|
||||
|
||||
**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.
|
||||
**Bitte beachte, dass wir mit keinem der Projekte, die wir empfehlen, verbunden sind. Dies ermöglicht es uns, völlig objektive Empfehlungen zu geben.** Zusätzlich zu unseren [Standardkriterien](about/criteria.md) haben wir eine Reihe klarer Anforderungen für alle VPN-Anbieter*innen entwickelt, die empfohlen werden wollen, darunter starke Verschlüsselung, unabhängige Sicherheitsprüfungen, moderne Technologie und mehr. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.
|
||||
|
||||
### Technology
|
||||
### Technologie
|
||||
|
||||
We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Support for strong protocols such as WireGuard & OpenVPN.
|
||||
- Killswitch built in to clients.
|
||||
- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
|
||||
- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing.
|
||||
- Unterstützung von starken Protokollen wie WireGuard & OpenVPN.
|
||||
- Notaus ist in den Clients integriert.
|
||||
- Multihop-Unterstützung. Multihopping ist wichtig, um Daten im Falle einer Kompromittierung eines einzelnen Knotens geheim zu halten.
|
||||
- Wenn VPN-Clients zur Verfügung gestellt werden, sollten sie [Open Source](https://de.wikipedia.org/wiki/Open_Source)sein, wie die VPN-Software, die in der Regel in sie integriert ist. Wir sind der Meinung, dass [Quellcode](https://de.wikipedia.org/wiki/Quelltext) mehr Transparenz darüber bietet, was dein Gerät tatsächlich tut.
|
||||
|
||||
**Best Case:**
|
||||
|
||||
- WireGuard and OpenVPN support.
|
||||
- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
|
||||
- Easy-to-use VPN clients
|
||||
- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
|
||||
- Unterstützung von WireGuard und OpenVPN.
|
||||
- Notaus mit hochgradig konfigurierbaren Optionen (Aktivierung/Deaktivierung in bestimmten Netzen, beim Booten usw.)
|
||||
- Einfach zu bedienende VPN-Clients
|
||||
- Unterstützt [IPv6](https://de.wikipedia.org/wiki/IPv6). Wir erwarten, dass die Server eingehende Verbindungen über IPv6 zulassen und dir den Zugang zu Diensten ermöglichen, die auf IPv6-Adressen gehostet werden.
|
||||
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
|
||||
|
||||
### Privacy
|
||||
### Datenschutz
|
||||
|
||||
We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required.
|
||||
Wir ziehen es vor, dass die von uns empfohlenen Anbieter*innen so wenig Daten wie möglich sammeln. Der Verzicht auf die Erhebung personenbezogener Daten bei der Anmeldung und die Annahme anonymer Zahlungsformen sind erforderlich.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Monero or cash payment option.
|
||||
- No personal information required to register: Only username, password, and email at most.
|
||||
- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option.
|
||||
- Für die Registrierung sind keine persönlichen Daten erforderlich: Höchstens Benutzername, Passwort und E-Mail.
|
||||
|
||||
**Best Case:**
|
||||
|
||||
- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.)
|
||||
- No personal information accepted (autogenerated username, no email required, etc.)
|
||||
- Accepts multiple [anonymous payment options](advanced/payments.md).
|
||||
- No personal information accepted (autogenerated username, no email required, etc.).
|
||||
|
||||
### Security
|
||||
### Sicherheit
|
||||
|
||||
A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.
|
||||
- Perfect Forward Secrecy (PFS).
|
||||
@@ -280,11 +286,11 @@ A VPN is pointless if it can't even provide adequate security. We require all ou
|
||||
- Comprehensive published security audits from a reputable third-party firm.
|
||||
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
|
||||
|
||||
### Trust
|
||||
### Vertrauen
|
||||
|
||||
You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Public-facing leadership or ownership.
|
||||
|
||||
@@ -297,7 +303,7 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t
|
||||
|
||||
With the VPN providers we recommend we like to see responsible marketing.
|
||||
|
||||
**Minimum to Qualify:**
|
||||
**Mindestvoraussetzung um zu qualifizieren:**
|
||||
|
||||
- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
|
||||
|
||||
@@ -316,8 +322,6 @@ Responsible marketing that is both educational and useful to the consumer could
|
||||
- An accurate comparison to when [Tor](tor.md) should be used instead.
|
||||
- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion)
|
||||
|
||||
### Additional Functionality
|
||||
### Zusätzliche Funktionalitäten
|
||||
|
||||
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.de.txt"
|
||||
|
Reference in New Issue
Block a user