privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-08-19 17:34:53 +00:00
Code Issues Activity

New Crowdin Translations (#2074)

Browse Source 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
Crowdin Bot
2023-03-11 14:57:24 +00:00
committed by Daniel Gray
parent 5bad28ff6d
commit 9e35e2ef8a
1509 changed files with 27318 additions and 12041 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
i18n/zh/404.md
View File

@@ -1,11 +1,15 @@
---
hide:
- feedback
- 反馈
meta:
-
property: "机器人"
content: "索引nofollow"
---
# 404 - 页面不存在
We couldn't find the page you were looking for! Maybe you were looking for one of these?
我们找不到你请求的页面! 或许你是在找这些吗?
- [威胁模型分析简介](basics/threat-modeling.md)
- [推荐的DNS提供商](dns.md)
@@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o
- [最好的VPN提供商](vpn.md)
- [Privacy Guides论坛](https://discuss.privacyguides.net)
- [我们的博客](https://blog.privacyguides.org)
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/about/criteria.md
View File

@@ -38,5 +38,3 @@ title: 通用标准
- 必须说明其项目的确切威胁模式是什么。
- 潜在的用户应该清楚地知道该项目能提供什么,以及不能提供什么。
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/about/donate.md
View File

@@ -48,5 +48,3 @@ title: 支持我们
我们偶尔会购买产品和服务,以测试我们 [推荐的工具](../tools.md)。
我们仍在与我们的财政主机Open Collective Foundation合作以接收加密货币捐款目前对于许多较小的交易来说会计是不可行的但这在未来应该会改变。 同时,如果您希望进行大额(> $100)加密货币捐赠,请联系 [jonah@privacyguides.org](mailto:jonah@privacyguides.org)。
--8<-- "includes/abbreviations.zh.txt"

38
i18n/zh/about/index.md
View File

@@ -1,10 +1,38 @@
---
template: schema.html
title: "关于隐私指南(Privacy Guides)"
description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy.
---
**隐私指南(Privacy Guides)** 是一个有社会动机的网站,提供保护你的数据安全和隐私的信息。 我们是一个非营利性的集体,完全由志愿者 [团队成员](https://discuss.privacyguides.net/g/team) 和贡献者运作。
![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right }
[:material-hand-coin-outline: 支持该项目](donate.md ""){.md-button.md-button--primary}
**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. 我们是一个非营利性的集体,完全由志愿者 [团队成员](https://discuss.privacyguides.net/g/team) 和贡献者运作。 Our website is free of advertisements and not affiliated with any listed providers.
[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
[:octicons-heart-16:](donate.md){ .card-link title=Contribute }
The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities.
> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that arent run by the big tech companies.
— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/)
> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet.
— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch]
Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/).
## History
Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely.
In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document.
We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms.
So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry.
## 我们的团队
@@ -48,9 +76,9 @@ title: "关于隐私指南(Privacy Guides)"
- [:simple-github: GitHub](https://github.com/hook9 "@hook9")
- [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me}
此外, [多人](https://github.com/privacyguides/privacyguides.org/graphs/contributors) 已经为该项目做了贡献。 你也可以我们在GitHub上是开源的。
此外, [多人](https://github.com/privacyguides/privacyguides.org/graphs/contributors) 已经为该项目做了贡献。 You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
我们的团队成员审查所有对网站的修改,并处理行政职责,如网站托管和财务,但他们个人并不从对本网站的任何贡献中获益。 我们的财务状况由开放集体基金会501(c)(3)透明地托管,网址是: [opencollective.com/privacyguides](https://opencollective.com/privacyguides)。 在美国,对隐私指南的捐赠通常可以抵扣税款。
我们的团队成员审查所有对网站的修改,并处理行政职责,如网站托管和财务,但他们个人并不从对本网站的任何贡献中获益。 我们的财务状况由开放集体基金会501(c)(3)透明地托管,网址是: [opencollective.com/privacyguides](https://opencollective.com/privacyguides)。 Donations to Privacy Guides are generally tax-deductible in the United States.
## 网站许可证
@@ -59,5 +87,3 @@ title: "关于隐私指南(Privacy Guides)"
除非另有说明,否则本网站上的所有内容均根据 [Creative Commons Attribution-NoDerivatives 4.0国际公共许可证](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE)的条款提供。 这意味着你可以自由地以任何媒介或形式复制和重新分发材料,用于任何目的,甚至是商业目的;只要你适当地注明 `隐私指南www.privacyguides.org` ,并提供许可证的链接。 您可以以任何合理的方式这样做,但不得以任何方式暗示隐私指南认可您或您的使用。 如果您重构、转换或建立在此网站的内容,您可能无法分发修改过的材料。
设立这个许可证是为了防止人们在不给予适当信用的情况下分享我们的作品,并防止人们以可能被用来误导的方式修改我们的作品。 如果你觉得这个许可证的条款对你正在进行的项目来说限制性太大,请与我们联系: `jonah@privacyguides.org`。 我们很高兴为隐私领域的善意项目提供替代的许可选项
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/about/notices.md
View File

@@ -41,5 +41,3 @@ hide:
* Scraping
* 数据挖掘
* 'Framing' (IFrames)
--8<-- "includes/abbreviations.zh.txt"

4
i18n/zh/about/privacy-policy.md
View File

@@ -1,5 +1,5 @@
---
title: "Privacy Policy"
title: "隐私政策"
---
隐私指南是一个社区项目,由一些活跃的志愿者贡献者运营。 团队成员的公开列表 [可在GitHub](https://github.com/orgs/privacyguides/people)上找到。
@@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc
我们将 [在此发布](privacy-policy.md)本声明的新版本。 我们可能会更改此文档未来版本中更改公告的方式。 在此期间,我们可以随时更新我们的联系信息,而不会宣布更改。 请随时参阅 [隐私政策](privacy-policy.md) ,了解最新的联系信息。
本页的完整修订版 [历史](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) 可在GitHub上找到。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/about/privacytools.md
View File

@@ -35,7 +35,6 @@ PrivacyTools由“BurungHantu”于2015年创立他希望在斯诺登揭露
## 社区呼吁行动
</a> 在2021年7月底我们
通知PrivacyTools社区我们打算选择一个新的名字并在一个新的域名上继续项目将在2022年8月2日选择 [](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw)。 最后,"Privacy Guides "被选中, `privacyguides.org` 域名已经被Jonah拥有用于2020年的一个副业项目但没有得到发展。</p>
@@ -142,5 +141,3 @@ BurungHantu还在Twitter上发了一篇 [的帖子](https://twitter.com/privacyt
- [2022年4月2日u/dng99对PrivacyTools的指责性博文的回应](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/)
- [2022年5月16日由@TommyTran732在Twitter上回应](https://twitter.com/TommyTran732/status/1526153497984618496)
- [2022年9月3日在Techlore的论坛上发表的帖子@dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20)
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/about/services.md
View File

@@ -36,5 +36,3 @@
- Availability: Semi-Public
We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/about/statistics.md
View File

@@ -59,5 +59,3 @@ title: 流量统计
})
})
</script>
--8<-- "includes/abbreviations.zh.txt"

6
i18n/zh/advanced/communication-network-types.md
View File

@@ -1,11 +1,12 @@
---
title: "通信网络类型"
icon: 'material/transit-connection-variant'
description: An overview of several network architectures commonly used by instant messaging applications.
---
有几种网络架构常用于人与人之间的信息传递。 这些网络可以提供不同的隐私保证,这就是为什么在决定使用哪种应用程序时,应该考虑你的 [威胁模型](../basics/threat-modeling.md)。
[Recommended Instant Messengers](../real-time-communication.md ""){.md-button}
[推荐的即时通讯工具](../real-time-communication.md ""){.md-button}
## 集中式网络
@@ -85,7 +86,6 @@ P2P网络不使用服务器因为节点之间直接通信因此不存在
使用 [匿名路由](https://doi.org/10.1007/978-1-4419-5906-5_628) 的Messenger隐藏发送方、接收方的身份或他们一直在通信的证据。 理想情况下Messenger应该将这三者都隐藏起来。
有 [许多](https://doi.org/10.1145/3182658) 不同的方法来实现匿名网络。 其中最著名的是
洋葱路由 (即 [Tor](tor-overview.md)),它通过一个强加密的 [覆盖网络](https://en.wikipedia.org/wiki/Overlay_network) ,隐藏每个节点的位置以及每个信息的接收者和发送者来通信。 发件人和收件人从不直接交互只通过一个秘密的会合节点会面这样就不会泄露IP地址或物理位置。 节点不能解密信息,也不能解密最终目的地;只有收件人可以。 每个中间节点只能解密一部分,表明下一步将把仍然加密的信息发送到哪里,直到它到达可以完全解密的收件人那里,因此命名为 "洋葱路由"。</p>
在匿名网络中自托管一个节点并不为托管者提供额外的隐私,而是有助于整个网络对识别攻击的抗性,对每个人都有好处。
@@ -102,5 +102,3 @@ P2P网络不使用服务器因为节点之间直接通信因此不存在
- 如果通过随机路由选择节点,则某些节点可能远离发送方和接收方,增加延迟,甚至在其中一个节点脱机时无法传输消息。
- 开始时比较复杂,因为需要创建和安全备份一个加密私钥。
- 就像其他去中心化平台一样,对开发者来说,增加功能比中心化平台更复杂。 因此,功能可能缺乏或未完全实现,例如脱机消息中继或消息删除。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/advanced/dns-overview.md
View File

@@ -1,6 +1,7 @@
---
title: "DNS简介"
icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
[域名系统](https://en.wikipedia.org/wiki/Domain_Name_System) 是“互联网电话簿”。 DNS将域名转换为IP地址以便浏览器和其他服务可以通过分散的服务器网络加载互联网资源。
@@ -351,5 +352,3 @@ QNAME是一个 "限定名称",例如 `privacyguides.org`。 QNAME最小化减
它的目的是 "加快 "数据的交付,给客户一个属于离他们很近的服务器的答案,如 [内容交付网络](https://en.wikipedia.org/wiki/Content_delivery_network)这通常用于视频流和服务JavaScript网络应用。
这项功能确实是以隐私为代价的因为它告诉DNS服务器一些关于客户端位置的信息。
--8<-- "includes/abbreviations.zh.txt"

84
i18n/zh/advanced/payments.md Normal file
View File

@@ -0,0 +1,84 @@
---
title: Private Payments
icon: material/hand-coin
---
There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
## Cash
For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable.
Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payees name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations.
Despite this, its typically the best option.
## Prepaid Cards & Gift Cards
Its relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually dont have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud.
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card.
Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants dont accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
Prepaid cards dont allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps.
Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that dont accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash.
### Online Marketplaces
If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero.
- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces)
## Virtual Cards
Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information.
- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services)
These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions.
## Cryptocurrency
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
!!! 危险
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
### Privacy Coins
There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.
- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)
Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance.
### Other Coins (Bitcoin, Ethereum, etc.)
The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons.
Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years.
==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged.
### Wallet Custody
With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
### Acquisition
Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward.
If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall.
## Additional Considerations
When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Dont sign up for rewards programs or provide any other information about yourself.
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants dont allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.

3
i18n/zh/advanced/tor-overview.md
View File

@@ -1,6 +1,7 @@
---
title: "Tor概述"
icon: 'simple/torproject'
description: Tor是一个免费使用的去中心化网络专为尽量隐私地使用互联网而设计。
---
Tor是一个免费使用的去中心化网络专为尽量隐私地使用互联网而设计。 如果使用得当,该网络可以实现隐私且匿名地浏览和通信。
@@ -74,8 +75,6 @@ Tor用出口、中间和入口节点的密钥对每个数据包一个传输
- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
--8<-- "includes/abbreviations.zh.txt"
[^1]: 您线路上的第一个中继称为“入口警卫“或“警卫”。 它是一个快速而稳定的中继会在2-3个月内持续作为你的线路的第一个中继以防止已知的破坏匿名性的攻击。 你的线路其余部分会随着你访问的每个新网站而改变所有这些中继器一起提供Tor的全部隐私保护。 关于警卫中继器如何工作的更多信息,请参阅这篇 [博文](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) 和 [关于入口警卫的论文](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf)。 ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
[^2]: 中继标志:由目录权限分配并在目录协议规范中进一步定义的线路位置(例如, “Guard”、“Exit”、“BadExit” )、线路属性(例如, “Fast”、“Stable” )或角色(例如, “Authority”、“HSDir” )的中继的特殊( dis- )限定。 ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))

184
i18n/zh/android.md
View File

@@ -1,6 +1,7 @@
---
title: "安卓"
icon: 'simple/android'
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
---
![安卓徽标](assets/img/android/android.svg){ align=right }
@@ -13,12 +14,13 @@ icon: 'simple/android'
这些是我们推荐的安卓操作系统、设备和应用程序,以最大限度地提高你的移动设备的安全和隐私。 要了解更多关于安卓的信息。
- [安卓概况 :material-arrow-right-drop-circle:](os/android-overview.md)
- [为什么我们推荐GrapheneOS而不是CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/)
[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button}
## AOSP 衍生品
我们建议在你的设备上安装这些定制的安卓操作系统之一,根据你的设备与这些操作系统的兼容性,按偏好顺序列出。
We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
!!! note
@@ -41,9 +43,9 @@ icon: 'simple/android'
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="源代码" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="贡献" }
GrapheneOS支持 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play),它像其他普通应用程序一样完全在沙盒中运行 [Google Play服务](https://en.wikipedia.org/wiki/Google_Play_Services)。 这意味着你可以利用大多数Google Play服务如 [推送通知](https://firebase.google.com/docs/cloud-messaging/),同时让你完全控制其权限和访问,同时将其包含在你选择的特定 [工作档案](os/android-overview.md#work-profile) [用户档案](os/android-overview.md#user-profiles)
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
谷歌Pixel手机是目前唯一符合GrapheneOS [硬件安全要求的设备](https://grapheneos.org/faq#device-support)
Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
### DivestOS
@@ -60,11 +62,11 @@ GrapheneOS支持 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="源代码" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="贡献" }
DivestOS有自动的内核漏洞([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [补丁](https://gitlab.com/divested-mobile/cve_checker)更少的专有blobs以及一个自定义的 [hosts](https://divested.dev/index.php?page=dnsbl) 文件。 其加固的WebView [Mulch](https://gitlab.com/divested-mobile/mulch),使 [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) ,用于所有架构和 [网络状态分区](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning),并接收带外更新。 DivestOS还包括来自GrapheneOS的内核补丁并通过 [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758),启用所有可用的内核安全功能。 所有比3.4版更新的内核都包括全页面 [sanitization](https://lwn.net/Articles/334747/) ,所有~22Clang编译的内核都启用了 [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471)
DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
DivestOS实现了一些最初为GrapheneOS开发的系统加固补丁。 DivestOS 16.0及以上版本实现了GrapheneOS [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) SENSORS权限切换, [硬化的内存分配器](https://github.com/GrapheneOS/hardened_malloc) [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening) [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)),以及部分 [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) 硬化补丁集。 17.1和更高版本的GrapheneOS的每个网络完全 [MAC随机化](https://en.wikipedia.org/wiki/MAC_address#Randomization) 选项, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) 控制,以及自动重启/Wi-Fi/蓝牙 [超时选项](https://grapheneos.org/features)
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
DivestOS使用F-Droid作为其默认应用商店。 通常情况下我们会建议避免使用F-Droid因为它有许多 [安全问题](#f-droid)。 然而在DivestOS上这样做是不可行的开发者通过他们自己的F-Droid仓库更新他们的应用程序([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2))。 我们建议禁用官方F-Droid应用程序并使用 [Neo Store](https://github.com/NeoApplications/Neo-Store/) 启用DivestOS仓库以保持这些组件的更新。 对于其他应用程序,我们推荐的获取方法仍然适用。
DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
!!! 推荐
@@ -74,21 +76,21 @@ DivestOS使用F-Droid作为其默认应用商店。 通常情况下,我们会
## 安卓设备
在购买设备时,我们建议尽可能购买新的设备。 移动设备的软件和固件只支持有限的时间,因此购买新的设备可以尽可能地延长这一寿命。
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
避免从移动网络运营商那里购买电话。 这些产品通常有一个 **锁定的引导加载器** ,不支持 [OEM解锁](https://source.android.com/devices/bootloader/locking_unlocking)。 这些手机变体将阻止你安装任何种类的替代性安卓发行。
Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
对于从网上市场购买二手手机,要非常 **小心**。 始终检查卖家的声誉。 如果设备被盗,有可能 [IMEI黑名单](https://www.gsma.com/security/resources/imei-blacklisting/)。 您与前任所有者的活动相关联的风险也存在。
Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner.
还有一些关于安卓设备和操作系统兼容性的提示。
A few more tips regarding Android devices and operating system compatibility:
- 不要购买已经达到或接近其使用寿命的设备,额外的固件更新必须由制造商提供。
- 不要购买预装的LineageOS/e/OS手机或任何没有适当 [核实启动](https://source.android.com/security/verifiedboot) 支持和固件更新的安卓手机。 这些设备也没有办法让你检查它们是否被篡改过。
- 简而言之如果一个设备或Android发行版没有在这里列出可能有一个很好的理由。 请查看我们的 [论坛](https://discuss.privacyguides.net/) ,了解详情!
- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details!
### Google Pixel
谷歌像素手机是我们推荐购买的 **唯一** 设备。 由于对第三方操作系统的适当AVB支持和谷歌定制的 [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) 安全芯片作为安全元件Pixel手机的硬件安全性比目前市场上的任何其他安卓设备都强。
Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
!!! recommendation
@@ -100,22 +102,22 @@ DivestOS使用F-Droid作为其默认应用商店。 通常情况下,我们会
[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
像泰坦M2这样的安全元件比大多数其他手机使用的处理器的可信执行环境更加有限因为它们只用于秘密存储、硬件证明和速率限制而不是用于运行 "可信 "程序。 没有安全元件的手机必须使用TEE来 *,所有这些功能的* ,从而导致更大的攻击面。
Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
谷歌Pixel手机使用的是名为Trusty的TEE操作系统它是 [开源](https://source.android.com/security/trusty#whyTrusty),与其他许多手机不同。
Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
在Pixel手机上安装GrapheneOS很容易他们的 [网页安装程序](https://grapheneos.org/install/web)。 如果你觉得自己做起来不舒服,并且愿意多花一点钱,可以看看 [NitroPhone](https://shop.nitrokey.com/shop) 因为它们预装了GrapheneOS来自著名的 [Nitrokey](https://www.nitrokey.com/about) 公司。
The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company.
购买谷歌Pixel的另外几个提示
A few more tips for purchasing a Google Pixel:
- 如果你想买到便宜的Pixel设备我们建议购买"**a**"型号,就在下一个旗舰机发布之后。 通常会有折扣,因为谷歌将试图清理他们的库存。
- 考虑在实体店提供的打价方案和特价商品。
- 看看你所在国家的在线社区便宜货网站。 这些可以提醒你有好的销售。
- 谷歌提供了一个列表,显示了他们每个设备的 [支持周期](https://support.google.com/nexus/answer/4457705)。 设备每天的价格可以计算为。$\text{Cost} \over \text {EOL Date}-\text{Current Date}$,意味着设备使用时间越长,每天的费用越低。
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
- Consider price beating options and specials offered at physical stores.
- Look at online community bargain sites in your country. These can alert you to good sales.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day.
## 常规应用程序
我们在整个网站上推荐了各种各样的安卓应用。 这里列出的应用程序是安卓独有的,专门加强或取代关键的系统功能。
We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
### Shelter
@@ -160,22 +162,17 @@ DivestOS使用F-Droid作为其默认应用商店。 通常情况下,我们会
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
Auditor通过以下方式进行鉴证和入侵检测。
Auditor performs attestation and intrusion detection by:
- </em>*审计员* 和 *被审计者*之间使用 [首次使用信任(TOFU](https://en.wikipedia.org/wiki/Trust_on_first_use) 模式,该配对在
审计员 *的硬件支持的密钥库</a> 中建立一个私人密钥。</li>
- *审计员* ,可以是审计师应用程序的另一个实例,也可以是 [远程认证服务](https://attestation.app)。
- *审计员* 记录了 *审计对象*的当前状态和配置。
- 如果在配对完成后发生篡改 *审计对象的操作系统* ,审计人员将意识到设备状态和配置的变化。
- 你会被提醒注意这一变化。</ul>
没有个人身份信息被提交给证明服务。 我们建议你用匿名账户注册,并启用远程认证,以进行持续监控。
如果你的 [威胁模型](basics/threat-modeling.md) 需要隐私,你可以考虑使用 [Orbot](tor.md#orbot) 或VPN从证明服务中隐藏你的IP地址。 为了确保你的硬件和操作系统是真实的, [,在设备安装后,在任何互联网连接之前,立即进行本地认证](https://grapheneos.org/install/web#verifying-installation)。
- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*.
- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
- The *auditor* records the current state and configuration of the *auditee*.
- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations.
- You will be alerted to the change.
No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
### Secure Camera
@@ -196,22 +193,18 @@ Auditor通过以下方式进行鉴证和入侵检测。
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
主要隐私功能包括:
Main privacy features include:
- 自动删除 [Exif](https://en.wikipedia.org/wiki/Exif) 元数据(默认启用)。
- 使用新的 [媒体](https://developer.android.com/training/data-storage/shared/media) API,因此不需要 [存储权限](https://developer.android.com/training/data-storage)
- 除非您想录制声音,否则不需要麦克风权限
- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
- Microphone permission not required unless you want to record sound
!!! note
目前,元数据没有从视频文件中删除,但这是计划中的。
图像方向元数据未被删除。 如果你启用位置(在安全相机中),**也不会被删除。 如果你以后想删除,你将需要使用一个外部应用程序,如 [ExifEraser]data-redaction.md#exiferaser)。
### 安全的PDF查看器Secure PDF Viewer
@@ -233,23 +226,16 @@ Auditor通过以下方式进行鉴证和入侵检测。
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
## 获取应用程序
### GrapheneOS应用商店
GrapheneOS的应用商店可在 [GitHub](https://github.com/GrapheneOS/Apps/releases)。 它支持Android 12及更高版本并且能够自行更新。 该应用商店有GrapheneOS项目建立的独立应用 [Auditor](https://attestation.app/) [Camera](https://github.com/GrapheneOS/Camera) [PDF Viewer](https://github.com/GrapheneOS/PdfViewer)。 如果你正在寻找这些应用程序我们强烈建议你从GrapheneOS的应用程序商店而不是Play商店获得它们因为他们商店的应用程序是由GrapheneOS的项目自己的签名而谷歌无法访问。
GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
### 奥罗拉商店Aurora Store
Google Play商店需要一个Google账户来登录这对隐私来说不是很好。 你可以通过使用一个替代的客户端,如Aurora Store,来解决这个问题。
The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
!!! recommendation
@@ -263,47 +249,36 @@ Google Play商店需要一个Google账户来登录这对隐私来说不是很
??? 下载
- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
Aurora Store不允许您下载具有匿名帐户功能的付费应用程序。 您可以选择使用Aurora Store登录您的Google帐户下载您购买的应用程序这确实可以访问您安装到Google的应用程序列表但是您仍然可以从不需要完整的Google Play客户端和Google Play服务或设备上的microG中受益。
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
### 手动使用RSS通知
对于在GitHubGitLab等平台上发布的应用程序,你也许可以在你的 [新闻聚合器](/news-aggregators) 添加一个RSS源这将有助于你跟踪新版本。
![RSS应用](./assets/img/android/rss-apk-light.png#only-light) ![RSS应用](./assets/img/android/rss-apk-dark.png#only-dark) ![APK 变更](./assets/img/android/rss-changes-light.png#only-light) ![APK 变更](./assets/img/android/rss-changes-dark.png#only-dark)
For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases.
![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
#### GitHub
GitHub上,以 [安全相机](#secure-camera) 为例,你可以导航到它的 [发布页](https://github.com/GrapheneOS/Camera/releases) 并在URL上附加 `.atom`
On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
`https://github.com/GrapheneOS/Camera/releases.atom`
#### GitLab
GitLab上,以 [Aurora Store](#aurora-store) 为例,你可以导航到它的 [项目库](https://gitlab.com/AuroraOSS/AuroraStore) 并在URL上附加 `/-/tags?format=atom`
On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
#### Verifying APK Fingerprints
如果你下载APK文件进行手动安装你可以用 [`apksigner`](https://developer.android.com/studio/command-line/apksigner) 工具验证其签名,这是Android [build-tools](https://developer.android.com/studio/releases/build-tools)的一部分。
If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
1. 安装 [Java JDK](https://www.oracle.com/java/technologies/downloads/)。
2. 下载 [Android Studio命令行工具](https://developer.android.com/studio#command-tools)。
3. 解压缩下载的存档:
3. 解压缩下载的存档:
```bash
unzip commandlinetools-*.zip
@@ -311,19 +286,13 @@ Aurora Store不允许您下载具有匿名帐户功能的付费应用程序。
./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
```
4. 运行签名验证命令。
4. 运行签名验证命令。
```bash
./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
```
5. 然后,所产生的哈希值可以与另一个来源进行比较。 一些开发商如Signal [,在其网站上显示了指纹](https://signal.org/android/apk/)。
5. 然后,所产生的哈希值可以与另一个来源进行比较。 一些开发商如Signal [,在其网站上显示了指纹](https://signal.org/android/apk/)。
```bash
Signer #1 certificate DN: CN=GrapheneOS
@@ -332,27 +301,21 @@ Aurora Store不允许您下载具有匿名帐户功能的付费应用程序。
Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
```
### F-Droid
![F-Droid徽标](assets/img/android/f-droid.svg){ align=right width=120px }
![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
==我们 **,而不是** 目前推荐F-Droid作为获取应用程序的一种方式。==F-Droid经常被推荐为Google Play的替代品特别是在隐私社区。 添加第三方资源库并不局限于谷歌的围墙花园这一选择导致了它的流行。 F-Droid另外还有 [可复制的构建](https://f-droid.org/en/docs/Reproducible_Builds/) ,用于一些应用程序,并致力于自由和开源软件。 然而,有 [显著的问题](https://privsec.dev/posts/android/f-droid-security-issues/) 官方F-Droid客户端他们的质量控制以及他们如何建立、签署和交付包裹。
==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages.
由于他们构建应用程序的过程F-Droid官方资源库中的应用程序经常在更新上落后。 F-Droid维护者在用自己的密钥签署应用程序时也会重复使用包的ID这并不理想因为它给了F-Droid团队最终的信任。
Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust.
其他流行的第三方资源库,如 [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) ,缓解了其中的一些担忧。 IzzyOnDroid存储库直接从GitHub拉取构建是开发者自己存储库的下一个最好的东西。 However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. 虽然这是有道理的因为该特定仓库的目标是在应用程序被接受到F-Droid主仓库之前托管它们但它可能会让你安装的应用程序不再收到更新。
Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. 重要的是要记住,这些资源库中的一些应用程序已经多年没有更新,可能依赖于不支持的库等,构成潜在的安全风险。 在通过这种方法寻找新的应用程序时,你应该使用你的最佳判断力。
That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method.
!!! note
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it.
## Criteria
@@ -361,36 +324,27 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### 服务供应商
- 它必须是开源软件。
- 必须支持引导器锁定支持自定义AVB密钥。
- 必须在发布后0-1个月内接受主要的安卓系统更新。
- 必须在发布后0-14天内收到安卓功能更新小版本
- 必须在发布后0-5天内收到定期安全补丁。
- 必须 **,而不是** ,开箱即 被"root"了。
- 必须 **,而不是** 默认启用Google Play服务。
- 必须 **,而不是** ,需要修改系统以支持Google Play服务。
- Must support bootloader locking with custom AVB key support.
- Must receive major Android updates within 0-1 months of release.
- Must receive Android feature updates (minor version) within 0-14 days of release.
- Must receive regular security patches within 0-5 days of release.
- Must **not** be "rooted" out of the box.
- Must **not** enable Google Play Services by default.
- Must **not** require system modification to support Google Play Services.
### 设备
- 必须支持至少一个我们推荐的定制操作系统。
- 必须是目前在商店里销售的新产品。
- 必须接受至少5年的安全更新。
- 必须有专门的安全要素硬件。
- Must support at least one of our recommended custom operating systems.
- Must be currently sold new in stores.
- Must receive a minimum of 5 years of security updates.
- Must have dedicated secure element hardware.
### 应用程序
- 本页的应用程序不得适用于网站上的任何其他软件类别。
- 一般的应用程序应该扩展或取代核心系统功能。
- 应用程序应定期得到更新和维护。
--8<-- "includes/abbreviations.zh.txt"
- Applications on this page must not be applicable to any other software category on the site.
- General applications should extend or replace core system functionality.
- Applications should receive regular updates and maintenance.

3
i18n/zh/basics/account-creation.md
View File

@@ -1,6 +1,7 @@
---
title: "账户创建"
icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
人们经常不假思索地注册服务。 也许它是一个流媒体服务,这样你就可以看到每个人都在谈论的新节目,或者一个为你最喜欢的快餐店提供折扣的账户。 无论情况如何,你应该考虑现在和以后对你的数据的影响。
@@ -78,5 +79,3 @@ SSO在那些你可以从服务之间的深度整合中获益的情况下
### 用户名和密码
有些服务允许你不使用电子邮件地址进行注册,只要求你设置一个用户名和密码。 这些服务在与VPN或Tor结合使用时可以提供更多的匿名性。 **请记住,对于这些账户,如果你忘记了你的用户名或密码,很可能没有办法恢复你的账户**
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/basics/account-deletion.md
View File

@@ -1,6 +1,7 @@
---
title: "删除帐户"
icon: '资料/账户-删除'
description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection.
---
随着时间的推移,很容易积累一些在线账户,其中许多账户你可能不再使用。 删除这些未使用的账户是找回隐私的一个重要步骤,因为休眠账户很容易受到数据泄露的影响。 数据泄露是指一项服务的安全性受到损害,受保护的信息被未经授权的人查看、传输或窃取。 不幸的是,而今数据泄露 [太过于常见](https://haveibeenpwned.com/PwnedWebsites) ,因此保持良好的数字卫生是将它们对你生活的影响降到最低的最好方法。 本指南的目标就是引导您经由令人讨厌的帐户删除过程来优化你的线上生活,这些过程通常采用了 [欺骗性设计](https://www.deceptive.design/)使得其变得更加困难。
@@ -59,5 +60,3 @@ icon: '资料/账户-删除'
## 避免新账户
老话说,"上医治未病"。 每当你觉得被诱惑去注册一个新账户时,问问自己,"我真的需要这个吗? 没有账户,我可以完成我需要的东西吗?" 删除一个账户往往比创建一个账户要难得多。 而且,即使在删除或改变你的账户信息后,可能还有一个来自第三方的缓存版本,如 [Internet Archive](https://archive.org/)。 当你能够避免诱惑时--你未来的自己会感谢你的。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/basics/common-misconceptions.md
View File

@@ -1,6 +1,7 @@
---
title: "常见误区"
icon: 'material/robot-confused'
description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation.
---
## “开源软件始终是安全的”或“专有软件更安全”
@@ -56,6 +57,4 @@ icon: 'material/robot-confused'
使用Tor可以帮助解决这个问题。 还值得注意的是,通过异步通信可以实现更大的匿名性。实时通信容易受到打字模式的分析(即超过一段文字,在论坛上分发,通过电子邮件等)。
--8<-- "includes/abbreviations.zh.txt"
[^1]: 其中一个明显的例子是 [2021年明尼苏达大学的研究人员将三个漏洞引入了Linux内核开发项目的事件](https://cse.umn.edu/cs/linux-incident)。

3
i18n/zh/basics/common-threats.md
View File

@@ -1,6 +1,7 @@
---
title: "常见威胁"
icon: '资料/视野'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
广义而言,可以将我们有关[威胁](threat-modeling.md) 或者适用于大多数人的目标的建议分为这几类。 ==你可能关注其中零个、 一个、 几个、 或所有这些可能性== 你应该使用的工具和服务取决于你的目标。 你可能也有这些类别之外的特定威胁,这完全可以! 重要的是要去了解您选择的这些工具的优缺点,因为也许任何工具都不能够保护您免受所有可以想象到的威胁。
@@ -140,8 +141,6 @@ icon: '资料/视野'
你必须始终考虑试图绕过审查制度的风险,潜在的后果,以及你的对手可能有多复杂。 你应该谨慎地选择软件,并有一个备份计划,以防被发现。
--8<-- "includes/abbreviations.zh.txt"
[^1]: 美国隐私和公民自由监督委员会。 [关于根据第215条进行的电话记录计划的报告](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
[^2]: 维基百科: [监控资本主义](https://en.wikipedia.org/wiki/Surveillance_capitalism)
[^3]: 维基百科。 [*监视资本主义*](https://en.wikipedia.org/wiki/Surveillance_capitalism)

3
i18n/zh/basics/email-security.md
View File

@@ -1,6 +1,7 @@
---
title: 电子邮件安全
icon: material/email
description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
---
电子邮件在默认情况下是一种不安全的通信形式。 你可以用OpenPGP等工具来提高你的电子邮件的安全性这些工具为你的邮件增加了端对端加密功能但OpenPGP与其他消息应用程序的加密相比仍有一些缺点而且由于电子邮件的设计方式一些电子邮件数据永远无法得到固有的加密。
@@ -38,5 +39,3 @@ icon: material/email
### 为什么元数据不能被端到端加密?
电子邮件元数据对于电子邮件最基本的功能(它从哪里来,又要到哪里去)至关重要。 E2EE最初没有内置于电子邮件协议中而是需要像OpenPGP这样的附加软件。 因为OpenPGP信息仍然要与传统的电子邮件供应商合作它不能对电子邮件元数据进行加密只能对信息主体本身进行加密。 这意味着即使使用OpenPGP外部观察者也可以看到你的信息的很多信息如你给谁发电子邮件主题行你什么时候发电子邮件等等。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/basics/multi-factor-authentication.md
View File

@@ -1,6 +1,7 @@
---
title: "多因认证"
icon: '资料/双因认证'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
**多因素认证** 是一种安全机制,除了输入用户名(或电子邮件)和密码外,还需要其他步骤。 最常见的方法可能是你需要从短信或应用程序中收到限时代码。
@@ -162,5 +163,3 @@ SSH MFA也可以使用TOTP进行设置。 DigitalOcean提供了一个教程 [如
### KeePass (和KeePassXC)
KeePass和KeePassXC数据库可以使用质询响应或HOTP作为第二因素身份验证进行保护。 Yubico为KeePass提供了一份文件 [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) ,在 [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) 网站上也有一份。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/basics/passwords-overview.md
View File

@@ -1,6 +1,7 @@
---
title: "密码简介"
icon: 'material/form-textbox-password'
description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure.
---
密码是我们日常数字生活的重要组成部分。 我们用它们来保护我们的账户、我们的设备和我们的秘密。 尽管密码可能是挡在觊觎我们私人信息的对手前的唯一屏障,但人们并没有在密码上花很多心思,这往往导致使用的密码很容易被猜出或被破解。
@@ -108,5 +109,3 @@ Diceware是一种创建密码的方法这种密码容易记忆但很难猜
### 备份
你应该在多个存储设备或云存储提供商上存储 [加密的](../encryption.md) 密码备份。 如果你的主要设备或你正在使用的服务发生意外,这可以帮助你访问你的密码。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/basics/threat-modeling.md
View File

@@ -1,6 +1,7 @@
---
title: "威胁模型"
icon: '资料/目标账户'
description: 在安全、隐私和可用性之间取得平衡是你在隐私之路上面临的首要和最困难的任务之一。
---
在安全、隐私和可用性之间取得平衡是你在隐私之路上面临的首要和最困难的任务之一。 每件事都是一种权衡:越是安全的东西,一般来说限制性越强或越不方便,等等。 人们经常会发现这些推荐的工具最大的问题就是太难于上手使用!
@@ -107,5 +108,3 @@ icon: '资料/目标账户'
## 资料来源
- [EFF 监控自我防卫: 你的安全计划](https://ssd.eff.org/en/module/your-security-plan)
--8<-- "includes/abbreviations.zh.txt"

5
i18n/zh/basics/vpn-overview.md
View File

@@ -1,11 +1,12 @@
---
title: VPN概述
icon: 资料/vpn
description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind.
---
虚拟专用网络是一种将你的网络末端延伸到世界其他地方的方式。 ISP可以看到进入和离开你的网络终端设备即调制解调器的互联网流量。
互联网上普遍使用HTTPS等加密协议因此他们可能无法准确看到你所发布或阅读的内容但他们可以了解到你所请求的 [](dns-overview.md#why-shouldnt-i-use-encrypted-dns)
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
VPN可以提供帮助因为它可以将信任转移到世界其他地方的服务器上。 因此ISP只看到你连接到了VPN而对你传入的活动一无所知。
@@ -74,5 +75,3 @@ VPN在各种情况下仍可能对您有用例如:
- [免费VPN应用调查](https://www.top10vpn.com/free-vpn-app-investigation/)
- [揭开隐蔽VPN所有者的面纱101个VPN产品仅由23家公司运营](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [这家中国公司秘密地在24个流行的应用程序背后寻求危险的权限](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/calendar.md
View File

@@ -1,6 +1,7 @@
---
title: "VPN供应商"
icon: material/calendar
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
---
日历包含一些最敏感的数据;使用静态实现E2EE的产品以防止提供商读取它们。
@@ -65,5 +66,3 @@ icon: material/calendar
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- 如果适用的话,应该与本地操作系统的日历和联系人管理应用程序集成。
--8<-- "includes/abbreviations.zh.txt"

4
i18n/zh/cloud.md
View File

@@ -1,6 +1,7 @@
---
title: "路由器固件"
icon: material/file-cloud
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
---
许多云存储供应商需要你完全信任他们不会查看你的文件。 下面列出的替代方案通过让你控制你的数据或通过实施E2EE来消除对信任的需求。
@@ -29,7 +30,6 @@ icon: material/file-cloud
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
- [:simple-appstore: Web](https://apps.apple.com/app/id1509667851)
Proton Drive的移动客户端于2022年12月发布目前尚未开源。 Proton公司历来将他们的源代码发布时间推迟到初始产品发布之后 [计划在2023年底之前](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) ,发布源代码。 Proton Drive桌面客户端仍在开发中。
## Criteria
@@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
- 这些客户端应该与云存储供应商的本地操作系统工具集成如iOS上的Files应用集成或Android上的DocumentsProvider功能。
- 应支持与其他用户轻松分享文件。
- 应在网络界面上至少提供基本的文件预览和编辑功能。
--8<-- "includes/abbreviations.zh.txt"

53
i18n/zh/cryptocurrency.md Normal file
View File

@@ -0,0 +1,53 @@
---
title: Cryptocurrency
icon: material/bank-circle
---
Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
!!! 危险
Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
## Monero
!!! recommendation
![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right }
**Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.
[:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute }
With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include:
- [Official Monero client](https://getmonero.org/downloads) (Desktop)
- [Cake Wallet](https://cakewallet.com/) (iOS, Android)
- Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/).
- [Feather Wallet](https://featherwallet.org/) (Desktop)
- [Monerujo](https://www.monerujo.io/) (Android)
For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another persons node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone elses Monero node over Tor or i2p.
In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022.
Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations.
Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Cryptocurrency must provide private/untraceable transactions by default.

3
i18n/zh/data-redaction.md
View File

@@ -1,6 +1,7 @@
---
title: "日历/联系人同步"
icon: material/tag-remove
description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share.
---
共享文件时,请务必删除关联的元数据。 图像文件通常包括 [Exif](https://en.wikipedia.org/wiki/Exif) 数据。 照片有时甚至包括文件元数据中的GPS坐标。
@@ -142,5 +143,3 @@ icon: material/tag-remove
- 为开源操作系统开发的应用程序必须是开源的。
- 应用程序必须是免费的,不应包括广告或其他限制。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/desktop-browsers.md
View File

@@ -1,6 +1,7 @@
---
title: "电脑浏览器"
icon: material/laptop
description: Firefox and Brave are our recommendations for standard/non-anonymous browsing.
---
这些是我们目前推荐的用于标准/非匿名浏览的桌面网络浏览器和配置。 如果您需要匿名浏览互联网,则应使用 [Tor](tor.md) 。 一般来说,我们建议尽量减少你的浏览器扩展;它们在你的浏览器内有特权访问,需要你信任开发者,可以使你 [,突出](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint),并且 [,削弱](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) 网站隔离。
@@ -304,8 +305,6 @@ Our best-case criteria represents what we would like to see from the perfect pro
- 不得复制内置浏览器或操作系统的功能。
- 必须直接影响用户隐私,即不能简单地提供信息。
--8<-- "includes/abbreviations.zh.txt"
[^1]:

3
i18n/zh/desktop.md
View File

@@ -1,6 +1,7 @@
---
title: "Android 应用"
icon: simple/linux
description: 由于隐私保护和软件自由Linux发行版被普遍推荐。
---
由于隐私保护和软件自由Linux发行版被普遍推荐。 如果你还没有使用Linux下面是我们建议尝试的一些发行版以及一些适用于许多Linux发行版的一般隐私和安全改进提示。
@@ -180,5 +181,3 @@ Qubes OS操作系统通过将子系统如网络、USB等和应用程序隔
- 在安装过程中必须支持全盘加密。
- 不得将定期发布的信息冻结1年以上。 我们 [,不建议将](os/linux-overview.md#release-cycle) "长期支持 "或 "稳定 "的发行版用于桌面使用。
- 必须支持各种各样的硬件。
--8<-- "includes/abbreviations.zh.txt"

137
i18n/zh/dns.md
View File

@@ -1,142 +1,139 @@
---
title: "DNS Resolvers"
title: "DNS解析器"
icon: material/dns
description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.
---
!!! question "Should I use encrypted DNS?"
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. 加密的DNS不会帮助你隐藏任何浏览活动。
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
[Learn more about DNS](advanced/dns-overview.md){ .md-button }
[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button}
## 推荐的供应商
| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering |
| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH/3 <br> DoT | Some[^2] | No | Based on server choice. |
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH/3 <br> DoT <br> DoQ | Optional[^3] | No | Based on server choice. |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH/3 <br> DoT | Optional[^5] | Optional | Based on server choice. |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. |
| DNS供应商 | 隐私政策 | 协议 | 日志记录 | ECS | 筛选 |
| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------ | --- | ----------------------------------------------------------------------------------------------------- |
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DNSCrypt | 一些[^1] | No | 基于服务器的选择。 正在使用的过滤器列表可以在这里找到。 [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH/3 <br> DoT | 一些[^2] | No | 基于服务器的选择。 |
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH/3 <br> DoT <br> DoQ | 可选[^3] | No | 基于服务器的选择。 |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | 基于服务器的选择。 正在使用的过滤器列表可以在这里找到。 [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH/3 <br> DoT | 可选[^5] | 可选 | 基于服务器的选择。 |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | 一些[^6] | 可选 | 基于服务器的选择,默认为恶意软件拦截。 |
## Criteria
## 标准
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**请注意,我们与我们推荐的任何项目都没有关系。** 除了 [我们的标准标准](about/criteria.md),我们还制定了一套明确的要求,使我们能够提供客观的建议。 我们建议你在选择使用一个项目之前熟悉这个清单,并进行自己的研究以确保它是你的正确选择。
!!! example "This section is new"
!!! 例如 "本节是新的"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我们正在努力为我们网站的每个部分建立确定的标准,这可能会有变化。 如果你对我们的标准有任何疑问,请[在我们的论坛上提问](https://discuss.privacyguides.net/latest),如果这里没有列出,不要以为我们在做推荐时没有考虑到什么。 当我们推荐一个项目时,有许多因素被考虑和讨论,而记录每一个因素是一项正在进行的工作。
- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled.
- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support.
- 必须支持 [DNSSEC](advanced/dns-overview.md#what-is-dnssec)
- [QNAME最小化](advanced/dns-overview.md#what-is-qname-minimization).
- 允许 [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) 被禁用。
- 倾向于 [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) 支持或地理转向支持。
## Native Operating System Support
## 本地操作系统支持
### 安卓
Android 9 and above support DNS over TLS. The settings can be found in: **Settings** &rarr; **Network & Internet** &rarr; **Private DNS**.
安卓9及以上系统支持通过TLS的DNS。 这些设置可以在下面找到。 **设置** &rarr; **网络 & 互联网** &rarr; **私人DNS**
### Apple Devices
### 苹果设备
The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings).
最新版本的iOSiPadOStvOS和macOS同时支持DoT和DoH。 通过 [配置文件](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) ,或通过 [DNS设置API](https://developer.apple.com/documentation/networkextension/dns_settings),这两种协议都得到了本地支持。
After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings.
在安装配置文件或使用DNS设置API的应用程序后可以选择DNS配置。 如果VPN处于激活状态在VPN隧道内的解析将使用VPN的DNS设置而不是你整个系统的设置。
#### Signed Profiles
#### 已签名的配置文件
Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
苹果公司没有为创建加密的DNS配置文件提供本地接口。 [安全DNS配置文件创建者](https://dns.notjakob.com/tool.html) 是一个非官方的工具用于创建你自己的加密DNS配置文件然而它们将不会被签署。 签名的档案是首选;签名验证了档案的来源,有助于确保档案的完整性。 绿色的 "已验证 "标签被赋予已签署的配置文件。 关于代码签名的更多信息,见 [关于代码签名](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html)** [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html) [NextDNS](https://apple.nextdns.io) [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/)提供了签名的配置文件**。
!!! info
!!! 信息
`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
`systemd-resolved`许多Linux发行版使用它来进行DNS查询但还不[支持DoH](https://github.com/systemd/systemd/issues/8639)。 如果你想使用DoH你需要安装一个代理 [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy)和[配置它](https://wiki.archlinux.org/title/Dnscrypt-proxy)从你的系统解析器接收所有的DNS查询并通过HTTPS转发。
## Encrypted DNS Proxies
## 加密DNS代理
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns).
加密的DNS代理软件为 [未加密的DNS](advanced/dns-overview.md#unencrypted-dns) 解析器提供一个本地代理转发。 通常情况下,它被用于那些不支持 [加密DNS的平台](advanced/dns-overview.md#what-is-encrypted-dns)
### RethinkDNS
!!! recommendation
![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right }
![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }
![RethinkDNS标志](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }
**RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too.
**RethinkDNS**是一个开源的Android客户端支持 [DNS-over-HTTPS]advanced/dns-overview.md#dns-over-https-doh)、 [DNS-over-TLS]advanced/dns-overview.md#dns-over-tls-dot)、 [DNSCrypt]advanced/dns-overview.md#dnscrypt)和DNS Proxy同时还可以缓存DNS响应本地记录DNS查询也可以作为防火墙使用。
[:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" }
[:octicons-home-16: 主页](https://rethinkdns.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=文档}
[:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="源代码" }
??? downloads
??? 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
- [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases)
### dnscrypt-proxy
### dnscrypt-代理
!!! recommendation
![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right }
![dnscrypt-proxy标志](assets/img/dns/dnscrypt-proxy.svg) { align=right }
**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
**dnscrypt-proxy**是一个DNS代理支持 [DNSCrypt]advanced/dns-overview.md#dnscrypt [DNS-over-HTTPS]advanced/dns-overview.md#dns-over-https-doh),以及[Anonymized DNS]https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS)。
!!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic."
!!! 警告 "匿名DNS功能不会[***](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns)匿名化其他网络流量。"
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute }
[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title="贡献" }
??? downloads
??? 下载
- [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
- [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
- [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
## Self-hosted Solutions
## 自我托管的解决方案
A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed.
自我托管的DNS解决方案对于在智能电视和其他物联网设备等受控平台上提供过滤非常有用因为不需要客户端软件。
### AdGuard Home
!!! recommendation
![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right }
![AdGuard Home标识](assets/img/dns/adguard-home.svg){ align=right }
**AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements.
**AdGuard Home**是一个开源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole),它使用[DNS过滤](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)来阻止不需要的网络内容,如广告。
AdGuard Home features a polished web interface to view insights and manage blocked content.
AdGuard Home有一个精致的网络界面,可以查看洞察力和管理被阻止的内容。
[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
[:octicons-home-16: 主页](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="隐私政策" }
[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=文档}
[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="源代码" }
### Pi-hole
!!! recommendation
![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right }
! [Pi-hole标志](assets/img/dns/pi-hole.svg){ align=right }
**Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements.
**Pi-hole**是一个开源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole),它使用[DNS过滤](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)来阻止不需要的网络内容,如广告。
Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
Pi-hole被设计为在Raspberry Pi上托管但它并不局限于这种硬件。 该软件具有一个友好的网络界面,可以查看洞察力和管理封锁的内容。
[:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
[:octicons-home-16: 主页](https://pi-hole.net/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="隐私政策" }
[:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=文档}
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="源代码" }
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="贡献" }
--8<-- "includes/abbreviations.zh.txt"
[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy)
[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy)
[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)
[^1]: AdGuard存储其DNS服务器的汇总性能指标即对特定服务器的完整请求数、被阻止的请求数和处理请求的速度。 他们还保留并存储了过去24小时内请求的域名数据库。 "我们需要这些信息来识别和阻止新的追踪者和威胁。" "我们还记录了这个或那个追踪器被封锁的次数。 我们需要这些信息来从我们的过滤器中删除过时的规则"。 [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare只收集和存储发送到1.1.1.1解析器的有限DNS查询数据。 1.1.1.1解析器服务不记录个人数据而且大部分有限的非个人识别的查询数据只存储25小时。 [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
[^3]: Control D只记录具有自定义DNS配置文件的高级解析器。 自由解析器不记录数据。 [https://controld.com/privacy](https://controld.com/privacy)
[^4]: Mullvad的DNS服务对Mullvad VPN的订阅者和非订阅者都适用。 他们的隐私政策明确声称他们不会以任何方式记录DNS请求。 [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
[^5]: NextDNS可以在选择加入的基础上提供见解和日志记录功能。 你可以为你选择保留的任何日志选择保留时间和日志存储位置。 如果没有特别要求,就不记录数据。 [https://nextdns.io/privacy](https://nextdns.io/privacy)
[^6]: Quad9收集了一些数据用于威胁监测和应对。 然后,这些数据可能被重新混合和共享,例如为了安全研究的目的。 Quad9不会收集或记录IP地址或其他他们认为可以识别个人身份的数据。 [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)

3
i18n/zh/email-clients.md
View File

@@ -1,6 +1,7 @@
---
title: "笔记"
icon: material/email-open
description: These email clients are privacy-respecting and support OpenPGP email encryption.
---
Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft.
@@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should not collect any telemetry by default.
- Should support OpenPGP natively, i.e. without extensions.
- Should support storing OpenPGP encrypted emails locally.
--8<-- "includes/abbreviations.zh.txt"

253
i18n/zh/email.md
View File

@@ -1,143 +1,167 @@
---
title: "Email Services"
icon: material/email
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
---
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
电子邮件实际上是使用任何在线服务的必需品,但我们不建议使用它进行人与人之间的对话。 与其使用电子邮件与他人联系,不如考虑使用支持前向保密的即时通讯媒介。
[Recommended Instant Messengers](real-time-communication.md ""){.md-button}
[推荐的即时通讯工具](real-time-communication.md ""){.md-button}
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features.
对于其他一切,我们根据可持续的商业模式和内置的安全和隐私功能,推荐各种电子邮件供应商。
## OpenPGP Compatible Services
- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services)
- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers)
- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services)
- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email)
These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
## OpenPGP 兼容服务
!!! 推荐
These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. 例如Proton Mail用户可以向Mailbox.org用户发送E2EE信息或者你可以从支持OpenPGP的互联网服务中收到OpenPGP加密的通知。
When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview).
<div class="grid cards" markdown>
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
</div>
!!! 警告
当使用像OpenPGP这样的E2EE技术时电子邮件仍然会有一些元数据没有在电子邮件的标题中进行加密。 阅读更多关于[电子邮件元数据](basics/email-security.md#email-metadata-overview)。
OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys)
OpenPGP也不支持转发保密,这意味着如果你或收件人的私钥被盗,所有以前用它加密的信息都会暴露。 [如何保护我的私钥?](basics/email-security.md#how-do-i-protect-my-private-keys)
### Proton Mail
!!! recommendation
![Proton Mail logo](assets/img/email/protonmail.svg){ align=right }
! [Proton Mail徽标] (assets/img/email/protonmail.svg) {align = right}
**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
* * Proton Mail * *是一项专注于隐私、加密、安全性和易用性的电子邮件服务。 他们自**2013**以来一直在运作。 Proton公司总部位于瑞士日内瓦。 他们的免费计划中,账户一开始开始有500MB的存储空间。
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" }
[:octicons-home-16: 首页](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="洋葱服务" }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://proton.me/support/mail){ .card-link title="文档"}
[:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="源代码" }
??? downloads
??? 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail)。 ndroid)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id979659905)
- [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases)
- [:simple-github: GitHub](https://github. om/ProtonMail/proton-mail-android/releases)
- [:simple-windows11: Windows](https://proton.me/mail/bridge#download)
- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
- [:simple-apple: macOS](https://proton. e/mail/bridge#download)
- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
- [:octicons-browser-16: Web](https://mail.proton.me)
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
免费账户有一些限制,如不能搜索正文,不能访问 [Proton Mail Bridge](https://proton.me/mail/bridge),这是使用 [推荐的桌面电子邮件客户端](email-clients.md) (如Thunderbird)所需要的。 付费帐户包括Proton Mail Bridge等功能额外的存储空间和自定义域支持。 2021年11月9日 [Securitum](https://research.securitum.com)为Proton Mail的应用程序提供了一份 [的证明信](https://proton.me/blog/security-audit-all-proton-apps)。
If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
如果你有 "Proton Unlimited"、" Business "或 "Visionary "计划,你还可以免费获得 [SimpleLogin](#simplelogin) Premium
Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
</strong> Proton Mail有内部碰撞报告他们 **,不与第三方分享。 这可以在以下方面禁用。 **设置** > **转到设置** > **帐户** > **安全和隐私** > **发送崩溃报告**</p>
??? success "Custom Domains and Aliases"
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
??? success "Private Payment Methods"
#### :material-check:{ .pg-green } Private Payment Methods
Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments.
Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
??? success "Account Security"
#### :material-check:{ .pg-green } Account Security
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. 目前还不支持使用U2F安全密钥。 Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
??? success "Data Security"
#### :material-check:{ .pg-green } Data Security
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). 使用零访问加密的数据只有你才能访问。
??? success "Email Encryption"
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. 支持零访问加密的联系人字段,如电话号码,会用挂锁图标表示。
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
#### :material-check:{ .pg-green } Email Encryption
??? warning "Digital Legacy"
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. 给其他Proton Mail账户的邮件是自动加密的用OpenPGP密钥给非Proton Mail地址加密可以在账户设置中轻松启用。 They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
Proton Mail doesn't offer a digital legacy feature.
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). 这使得不使用Proton Mail的人可以轻松找到Proton Mail账户的OpenPGP密钥实现跨供应商的E2EE。
??? info "Account Termination"
#### :material-alert-outline:{ .pg-orange } Digital Legacy
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
Proton Mail不提供数字遗留功能。
??? info "Additional Functionality"
#### :material-information-outline:{ .pg-blue } Account Termination
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. 30天后你的账户将成为欠费账户不会收到来信。 在此期间,您将继续收到账单。
#### :material-information-outline:{ .pg-blue } Additional Functionality
Proton Mail提供9.99欧元/月的 "无限 "账户除了提供多个账户、域名、别名和500GB的存储空间外还能访问Proton VPN。
### Mailbox.org
!!! recommendation
![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right }
![Mailbox.org标志](assets/img/email/mailboxorg.svg){ align=right }
**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.
**Mailbox.org**是一个专注于安全、无广告、并由100%环保能源私人提供的电子邮件服务。 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 账户开始时有2GB的存储空间可根据需要升级。
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation}
[:octicons-home-16: 首页](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title="文件"}
??? downloads
?? 下载
- [:octicons-browser-16: Web](https://login.mailbox.org)
??? success "Custom Domains and Aliases"
#### :material-check:{ .pg-green } Custom Domains and Aliases
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
??? info "Private Payment Methods"
#### :material-check:{ .pg-green } Private Payment Methods
Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. 然而他们确实接受邮寄现金、向银行账户支付现金、银行转账、信用卡、贝宝和几个德国特有的处理器PaydirektSofortüberweisung
??? success "Account Security"
#### :material-check:{ .pg-green } Account Security
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
??? info "Data Security"
#### :material-information-outline:{ .pg-blue } Data Security
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
??? success "Email Encryption"
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
#### :material-check:{ .pg-green } Email Encryption
??? success "Digital Legacy"
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
??? info "Account Termination"
#### :material-check:{ .pg-green } Digital Legacy
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
??? info "Additional Functionality"
#### :material-information-outline:{ .pg-blue } Account Termination
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
#### :material-information-outline:{ .pg-blue } Additional Functionality
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
## More Providers
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
<div class="grid cards" markdown>
- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
</div>
### StartMail
@@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par
- [:octicons-browser-16: Web](https://mail.startmail.com/login)
??? success "Custom Domains and Aliases"
#### :material-check:{ .pg-green } Custom Domains and Aliases
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
??? warning "Private Payment Methods"
#### :material-alert-outline:{ .pg-orange } Private Payment Methods
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
??? success "Account Security"
#### :material-check:{ .pg-green } Account Security
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
??? info "Data Security"
#### :material-information-outline:{ .pg-blue } Data Security
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
??? success "Email Encryption"
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
#### :material-check:{ .pg-green } Email Encryption
??? warning "Digital Legacy"
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients.
StartMail does not offer a digital legacy feature.
#### :material-alert-outline:{ .pg-orange } Digital Legacy
??? info "Account Termination"
StartMail does not offer a digital legacy feature.
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
#### :material-information-outline:{ .pg-blue } Account Termination
??? info "Additional Functionality"
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
#### :material-information-outline:{ .pg-blue } Additional Functionality
## More Providers
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
### Tutanota
@@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr
Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
??? success "Custom Domains and Aliases"
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
??? warning "Private Payment Methods"
#### :material-information-outline:{ .pg-blue } Private Payment Methods
Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
??? success "Account Security"
#### :material-check:{ .pg-green } Account Security
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
??? success "Data Security"
#### :material-check:{ .pg-green } Data Security
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
??? warning "Email Encryption"
#### :material-information-outline:{ .pg-blue } Email Encryption
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
??? warning "Digital Legacy"
#### :material-alert-outline:{ .pg-orange } Digital Legacy
Tutanota doesn't offer a digital legacy feature.
Tutanota doesn't offer a digital legacy feature.
??? info "Account Termination"
#### :material-information-outline:{ .pg-blue } Account Termination
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
??? info "Additional Functionality"
#### :material-information-outline:{ .pg-blue } Additional Functionality
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
## Email Aliasing Services
An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
<div class="grid cards" markdown>
- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email)
- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email)
</div>
Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
@@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible.
**Best Case:**
- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.)
- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
### 安全性
@@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/).
- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/).
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
- Website security standards such as:
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
@@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
- Website security standards such as:
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
- [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct)
- [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/)
### Trust
@@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible:
### Additional Functionality
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/encryption.md
View File

@@ -1,6 +1,7 @@
---
title: "加密软件"
icon: material/file-lock
description: 对数据进行加密是控制谁能访问数据的唯一方法。 These tools allow you to encrypt your emails and any other files.
---
对数据进行加密是控制谁能访问数据的唯一方法。 如果你目前没有对你的硬盘、电子邮件或文件使用加密软件,你应该在这里挑选一个选项。
@@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave.
- File encryption apps should have first- or third-party support for mobile platforms.
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/file-sharing.md
View File

@@ -1,6 +1,7 @@
---
title: "加密软件"
icon: material/share-variant
description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
---
Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
@@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Has mobile clients for iOS and Android, which at least support document previews.
- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android.
--8<-- "includes/abbreviations.zh.txt"

94
i18n/zh/financial-services.md Normal file
View File

@@ -0,0 +1,94 @@
---
title: Financial Services
icon: material/bank
---
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
## Payment Masking Services
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
!!! tip "Check your current bank"
Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information.
### Privacy.com (US)
!!! recommendation
![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right }
![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right }
**Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank.
[:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation}
Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with.
### MySudo (US, Paid)
!!! recommendation
![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right }
![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right }
**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use.
[:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances.
- Cards must not require you to provide accurate billing address information to the merchant.
## Gift Card Marketplaces
These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
### Cake Pay
!!! recommendation
![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right }
**Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants.
[:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation}
### CoinCards
!!! recommendation
![CakePay logo](assets/img/financial-services/coincards.svg){ align=right }
**CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants.
[:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation}
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md).
- No ID requirement.

3
i18n/zh/frontends.md
View File

@@ -1,6 +1,7 @@
---
title: "文件共享"
icon: material/flip-to-front
description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances.
---
有时,一些服务会用烦人的弹窗阻止你访问内容,以此来强迫你注册账户。 此时如果停用JavaScript网站也会崩溃。 这些前端应用可以帮助你绕过这些限制。
@@ -264,5 +265,3 @@ When you are using a Piped instance, make sure to read the privacy policy of tha
We only consider frontends for websites which are...
- 不启用Javascript就不能正常访问。
--8<-- "includes/abbreviations.zh.txt"

4
i18n/zh/index.md
View File

@@ -3,7 +3,7 @@ template: overrides/home.zh.html
hide:
- navigation
- toc
- feedback
- 反馈
---
<!-- markdownlint-disable-next-line -->
@@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen
[:material-hand-coin-outline:](about/donate.md){ title="Support the project" }
It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/kb-archive.md
View File

@@ -1,6 +1,7 @@
---
title: KB Archive
icon: material/archive
description: Some pages that used to be in our knowledge base can now be found on our blog.
---
# Pages Moved to Blog
@@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog:
- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/)
- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/)
- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/)
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/meta/brand.md
View File

@@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand](
"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/meta/git-recommendations.md
View File

@@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR
git fetch origin
git rebase origin/main
```
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/meta/uploading-images.md
View File

@@ -87,5 +87,3 @@ scour --set-precision=5 \
--protect-ids-noninkscape \
input.svg output.svg
```
--8<-- "includes/abbreviations.zh.txt"

2
i18n/zh/meta/writing-style.md
View File

@@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio
> - “must not” for a prohibition
> - “may” for a discretionary action
> - “should” for a recommendation
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/mobile-browsers.md
View File

@@ -1,6 +1,7 @@
---
title: "移动浏览器"
icon: material/cellphone-information
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
---
这些是我们当前推荐的移动网络浏览器以及标准/非匿名互联网浏览的配置。 如果您需要匿名浏览互联网,则应使用 [Tor](tor.md) 。 一般来说,我们建议将扩展程序保持在最低限度;它们在您的浏览器中具有特权访问权限,要求您信任开发人员,可以使您 [突出](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) [弱化](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) 站点隔离。
@@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface
- 不得复制内置浏览器或操作系统的功能。
- 必须直接影响用户隐私,即不能简单地提供信息。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/multi-factor-authentication.md
View File

@@ -1,6 +1,7 @@
---
title: "Multi-Factor Authenticators"
icon: '资料/双因认证'
description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
---
## 硬件安全密钥
@@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
- Must not require internet connectivity.
- Must not sync to a third-party cloud sync/backup service.
- **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.
--8<-- "includes/abbreviations.zh.txt"

5
i18n/zh/news-aggregators.md
View File

@@ -1,9 +1,10 @@
---
title: "多因素认证工具"
icon: material/rss
description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS.
---
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites.
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites.
## Aggregator clients
@@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info
```text
https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID]
```
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/notebooks.md
View File

@@ -1,6 +1,7 @@
---
title: "Notebooks"
icon: material/notebook-edit-outline
description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party.
---
Keep track of your notes and journalings without giving them to a third-party.
@@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si
- Local backup/sync functionality should support encryption.
- Cloud-based platforms should support document sharing.
--8<-- "includes/abbreviations.zh.txt"

42
i18n/zh/os/android-overview.md
View File

@@ -1,6 +1,7 @@
---
title: Android概述
icon: simple/android
description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones.
---
安卓是一个安全的操作系统,它有强大的[应用程序沙箱](https://source.android.com/security/app-sandbox)[启动时验证](https://source.android.com/security/verifiedboot)AVB以及一个强大的[权限](https://developer.android.com/guide/topics/permissions/overview)控制系统。
@@ -53,9 +54,44 @@ AFWall+基于 [包过滤](https://en.wikipedia.org/wiki/Firewall_(computing)#Pac
## Android 权限
[Android上的权限](https://developer.android.com/guide/topics/permissions/overview) ,让你控制哪些应用程序被允许访问。 谷歌定期在每个连续的版本中对权限系统进行 [改善](https://developer.android.com/about/versions/11/privacy/permissions)。 你安装的所有应用程序都是严格的 [沙箱](https://source.android.com/security/app-sandbox),因此,没有必要安装任何杀毒软件。 使用最新版本的安卓系统的智能手机永远比使用付费杀毒软件的旧智能手机更安全。 最好不要为杀毒软件付费省下钱来买一部新的智能手机如谷歌Pixel。
[Android上的权限](https://developer.android.com/guide/topics/permissions/overview) ,让你控制哪些应用程序被允许访问。 谷歌定期在每个连续的版本中对权限系统进行 [改善](https://developer.android.com/about/versions/11/privacy/permissions)。 你安装的所有应用程序都是严格的 [沙箱](https://source.android.com/security/app-sandbox),因此,没有必要安装任何杀毒软件。
如果你想运行一个你不确定的应用程序,考虑使用用户或工作档案。
A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
Android 10:
- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there.
- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user.
Android 11:
- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once.
- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened.
- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features.
Android 12:
- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location).
- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation).
- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access.
Android 13:
- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location.
- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only.
- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission.
An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need.
[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal.
!!! 推荐
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
!!! note
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
## 媒体访问
@@ -131,5 +167,3 @@ Android 7及更高版本支持VPN killswitch ,无需安装第三方应用程
[安全网](https://developer.android.com/training/safetynet/attestation) 和 [Play Integrity APIs](https://developer.android.com/google/play/integrity) ,一般用于 [银行应用程序](https://grapheneos.org/usage#banking-apps)。 许多银行应用程序在GrapheneOS中使用沙盒游戏服务可以正常工作但是一些非金融应用程序有自己的粗略防篡改机制可能会失败。 GrapheneOS通过了 `basicIntegrity` 检查,但没有通过认证检查 `ctsProfileMatch`。 安卓8或更高版本的设备有硬件认证支持如果没有泄露的密钥或严重的漏洞就无法绕过。
至于谷歌钱包,我们不推荐这样做,因为他们的 [隐私政策](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en),其中规定如果你不希望你的信用等级和个人信息与联盟营销服务共享,你必须选择退出。
--8<-- "includes/abbreviations.zh.txt"

5
i18n/zh/os/linux-overview.md
View File

@@ -1,9 +1,10 @@
---
title: Linux概述
icon: simple/linux
description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal.
---
人们通常认为, [开源](https://en.wikipedia.org/wiki/Open-source_software) 软件本身是安全的,因为源代码是可用的。 预期社区验证会定期进行;但这并不总是 [案例](https://seirdy.one/posts/2022/02/02/floss-security/)。 这确实取决于许多因素,如项目活动、开发人员经验、应用于 [代码审查的严格程度](https://en.wikipedia.org/wiki/Code_review),以及对 [代码库](https://en.wikipedia.org/wiki/Codebase) 的特定部分给予关注的频率,这些部分可能多年未被触及。
人们通常认为, [开源](https://en.wikipedia.org/wiki/Open-source_software) 软件本身是安全的,因为源代码是可用的。 预期社区验证会定期进行;但这并不总是 [案例](https://seirdy.one/posts/2022/02/02/floss-security/)。 It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
目前桌面Linux与它们的专利同行相比确实有一些可以更好地改进的地方例如
@@ -167,5 +168,3 @@ Fedora 项目 [通过使用一个 [`countme`](https://fedoraproject.org/wiki/Cha
这个 [选项](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) ,目前默认是关闭的。 我们建议将 `countme=false` 添加到 `/etc/dnf/dnf.conf` ,以备将来启用它。 在使用 `rpm-ostree` 的系统上如Silverblue通过屏蔽 [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) 计时器来禁用 countme 选项。
openSUSE 还使用一个 [唯一的 ID](https://en.opensuse.org/openSUSE:Statistics) 来计算系统,可以通过删除 `/var/lib/zypp/AnonymousUniqueId` 文件来禁用它。
--8<-- "includes/abbreviations.zh.txt"

4
i18n/zh/os/qubes-overview.md
View File

@@ -1,6 +1,7 @@
---
title: "Qubes概述"
icon: simple/qubesos
description: Qubes is an operating system built around isolating apps within virtual machines for heightened security.
---
[**Qubes OS**](../desktop.md#qubes-os) 是一个操作系统,它使用 [Xen](https://en.wikipedia.org/wiki/Xen) 管理程序,通过隔离的虚拟机为桌面计算提供强大的安全性。 每个虚拟机被称为 *Qube* 你可以根据它的目的给每个Qube分配一个信任等级。 由于Qubes操作系统通过使用隔离来提供安全并且只允许在每个案例的基础上进行操作它与 [坏性枚举](https://www.ranum.com/security/computer_security/editorials/dumb/)。
@@ -43,7 +44,6 @@ Qubes操作系统利用 [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM
### 虚拟机之间的相互作用
[qrexec框架](https://www.qubes-os.org/doc/qrexec/) 是Qubes的一个核心部分它允许虚拟机在域之间通信。 它建立在Xen库 *vchan*的基础上,通过策略</a>,促进了
隔离。</p>
@@ -56,5 +56,3 @@ Qubes操作系统利用 [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM
- J. 鲁特科夫斯卡。 [*软件区隔与物理分离*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
- J. 鲁特科夫斯卡。 [*将我的数字生活划分为安全领域*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html)
- Qubes OS: [*相关文章*](https://www.qubes-os.org/news/categories/#articles)
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/passwords.md
View File

@@ -1,6 +1,7 @@
---
title: "生产力工具"
icon: material/form-textbox-password
description: Password managers allow you to securely store and manage passwords and other credentials.
---
Password managers allow you to securely store and manage passwords and other credentials with the use of a master password.
@@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Must be cross-platform.
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/productivity.md
View File

@@ -1,6 +1,7 @@
---
title: "实时通讯"
icon: material/file-sign
description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
---
Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints.
@@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a
[:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/real-time-communication.md
View File

@@ -1,6 +1,7 @@
---
title: "实时通讯"
icon: material/chat-processing
description: Other instant messengers make all of your private conversations available to the company that runs them.
---
这些是我们对加密实时通讯的建议。
@@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should be decentralized, i.e. federated or P2P.
- Should use E2EE for all messages by default.
- Should support Linux, macOS, Windows, Android, and iOS.
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/router.md
View File

@@ -1,6 +1,7 @@
---
title: "Router Firmware"
icon: material/router-wireless
description: These alternative operating systems can be used to secure your router or Wi-Fi access point.
---
Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc.
@@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or
- Must be open source.
- Must receive regular updates.
- 必须支持各种各样的硬件。
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/search-engines.md
View File

@@ -1,6 +1,7 @@
---
title: "Search Engines"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
---
Use a search engine that doesn't build an advertising profile based on your searches.
@@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should be based on open-source software.
- Should not block Tor exit node IP addresses.
--8<-- "includes/abbreviations.zh.txt"

55
i18n/zh/tools.md
View File

@@ -3,6 +3,7 @@ title: "隐私工具"
icon: 资料/工具
hide:
- toc
description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats.
---
如果你正在寻找某项具体解决方案,这里是一些我们推荐的各种类别的软硬件工具。 我们推荐的隐私工具主要依据它们的安全功能来选择,另外还强调了去中心化和开源。 They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs.
@@ -90,14 +91,11 @@ If you want assistance figuring out the best privacy tools and alternative progr
<div class="grid cards" markdown>
- ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ .twemoji } [Fedora Workstation](linux-desktop.md#fedora-workstation)
- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji } [OpenSUSE Tumbleweed](linux-desktop.md#opensuse-tumbleweed)
- ![Arch logo](assets/img/linux-desktop/archlinux.svg){ .twemoji } [Arch Linux](linux-desktop.md#arch-linux)
- ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ .twemoji } [Fedora Silverblue & Kinoite](linux-desktop.md#fedora-silverblue)
- ![nixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji } [NixOS](linux-desktop.md#nixos)
- ![Whonix logo](assets/img/linux-desktop/whonix.svg){ .twemoji } [Whonix (Tor)](linux-desktop.md#whonix)
- ![Tails logo](assets/img/linux-desktop/tails.svg){ .twemoji } [Tails (Live Boot)](linux-desktop.md#tails)
- ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ .twemoji } [Qubes OS (Xen VM Distribution)](qubes.md) (1)
- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera)
- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
</div>
@@ -206,6 +204,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[了解更多 :hero-arrow-circle-right-fill:](email.md#self-hosting-email)
### Financial Services
#### Payment Masking Services
<div class="grid cards" markdown>
- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free)
- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid)
</div>
[了解更多 :hero-arrow-circle-right-fill:](financial-services.md#payment-masking-services)
#### Online Gift Card Marketplaces
<div class="grid cards" markdown>
- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay)
- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards)
</div>
[了解更多 :hero-arrow-circle-right-fill:](financial-services.md#gift-card-marketplaces)
### Search Engines
<div class="grid cards" markdown>
@@ -232,9 +253,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
<div class="grid cards" markdown>
- ![Tutanota logo](assets/img/calendar-contacts/tutanota.svg){ .twemoji } [Tutanota](calendar-contacts.md#tutanota)
- ![EteSync logo](assets/img/calendar-contacts/etesync.svg){ .twemoji } [EteSync](calendar-contacts.md#etesync)
- ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ .twemoji } [Proton Calendar](calendar-contacts.md#proton-calendar)
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
</div>
@@ -255,6 +276,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[了解更多 :hero-arrow-circle-right-fill:](calendar.md)
### Cryptocurrency
<div class="grid cards" markdown>
- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero)
</div>
[了解更多 :hero-arrow-circle-right-fill:](cryptocurrency.md)
### 日历/联系人同步
<div class="grid cards" markdown>
@@ -441,5 +472,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
</div>
[了解更多 :hero-arrow-circle-right-fill:](video-streaming.md)
--8<-- "includes/abbreviations.zh.txt"

27
i18n/zh/tor.md
View File

@@ -1,11 +1,12 @@
---
title: "桌面端浏览器"
icon: simple/torproject
description: 使用Tor网络保护您的互联网浏览免受窥探 Tor网络是一个规避审查的安全网络。
---
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
**Tor** 网络是一组由志愿者操作的服务器,允许您免费连接以提高您的互联网的隐私和安全。 个人和组织也可以通过Tor网络与".onion隐藏服务"分享信息,而不损害其隐私。 由于Tor流量难以阻止和跟踪因此Tor是一种有效的审查规避工具。
[:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
@@ -13,27 +14,21 @@ The **Tor** network is a group of volunteer-operated servers that allows you to
[:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
Tor的工作原理是通过这些志愿者操作的服务器路由您的互联网流量,而不是直接连接到您试图访问的网站。 这会混淆流量的来源,并且连接路径中的任何服务器都无法看到流量来自和流向的完整路径,这意味着即使您用于连接的服务器也无法打破您的匿名性。
<figure markdown>
![Tor path](assets/img/how-tor-works/tor-path.svg#only-light)
![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark)
<figcaption>Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.</figcaption>
</figure>
[详细的Tor概述 :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button}
- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md)
## 连接到Tor
## Connecting to Tor
有多种方法可以从您的设备连接到Tor网络最常用的是 **Tor浏览器**这是Firefox的一个分支专为桌面计算机和Android的匿名浏览而设计。 除了下面列出的应用程序还有专门设计用于连接到Tor网络的操作系统例如 [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os)它提供了比标准Tor浏览器更高的安全性和保护。
There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser.
### Tor Browser
### Tor浏览器
!!! recommendation
![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
! [Tor浏览器徽标] (assets/img/browsers/tor.svg) {align = right}
**Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
* * Tor浏览器* *是您需要匿名时的选择它为您提供了对Tor网络和网桥的访问权限并且它包括默认安全的默认设置和扩展 *标准* *更安全*和*最安全*。
[:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
@@ -54,7 +49,7 @@ There are a variety of ways to connect to the Tor network from your device, the
You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
Tor浏览器旨在防止指纹识别或根据您的浏览器配置识别您。 Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
### Orbot
@@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
--8<-- "includes/abbreviations.zh.txt"

3
i18n/zh/video-streaming.md
View File

@@ -1,6 +1,7 @@
---
title: "视频串流"
icon: 资料/视频-无线
description: These networks allow you to stream internet content without building an advertising profile based on your interests.
---
使用视频流媒体平台时的主要威胁是,你的流媒体习惯和订阅名单可能被用来对你进行分析。 你应该将这些工具与 [VPN](vpn.md) 或 [Tor](https://www.torproject.org/) 结合起来,以使你的使用情况更难被分析。
@@ -52,5 +53,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: **
- Must not require a centralized account to view videos.
- Decentralized authentication, such as via a mobile wallet's private key is acceptable.
--8<-- "includes/abbreviations.zh.txt"

304
i18n/zh/vpn.md
View File

@@ -1,11 +1,20 @@
---
title: "VPN服务"
title: "VPN Services"
icon: 资料/vpn
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isnt out to spy on you.
---
选择无日志的 VPN 供应商,他们不会出卖或读取你的网络流量。
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
??? 危险 "VPNs 不提供匿名性"
<div class="grid cards" markdown>
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad)
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn)
</div>
!!! 危险 "VPNs 不提供匿名性"
使用VPN **不** 会隐藏你的浏览习惯, 它也不会为不安全(HTTP) 流量额外增加安全性。
@@ -15,17 +24,128 @@ icon: 资料/vpn
[Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](basics/tor-overview.md){ .md-button }
??? 问题 "VPN何时有用"
如果你只是想要从ISP那里、或者在使用公共Wi-Fi网络和给文件做种时提高一些**隐私**那么只要在了解相关风险的前提下VPN可能是个解决方案。
[More Info](basics/vpn-overview.md){ .md-button }
[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button}
## 推荐的供应商
!!! 摘要"准则"
我们推荐的供应商使用加密接受Monero支付 支持WireGuard & OpenVPN ,并且有无日志策略。 Read our [full list of criteria](#criteria) for more information.
我们推荐的供应商使用加密接受Monero支付 支持WireGuard & OpenVPN ,并且有无日志策略。 请阅读我们的 [full list of criteria](#our-criteria) 了解更多信息。
### IVPN
!!! recommendation
![IVPN标志](assets/img/vpn/ivpn.svg){ align=right }
**IVPN**是另一个高级VPN供应商他们自2009年以来一直在运营。 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。
这是因为到达目的地的路由较短(跳数较少)。 我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。
#### :material-check:{ .pg-green } 35 Countries
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。
{ .annotate }
1. 如果订阅2年(119.76美元)还可享受10%的折扣。
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
#### :material-check:{ .pg-green } Independently Audited
IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf).
#### :material-check:{ .pg-green } Open-Source Clients
As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
#### :material-check:{ .pg-green } Accepts Cash and Monero
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
#### :material-check:{ .pg-green } WireGuard Support
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
#### :material-check:{ .pg-green } Remote Port Forwarding
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
#### :material-check:{ .pg-green } Mobile Clients
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
#### :material-information-outline:{ .pg-blue } Additional Functionality
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
!!! recommendation
![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。
我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。 downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
- [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513)
- [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases)
- [:simple-windows11: Windows](https://mullvad.net/en/download/windows/)
- [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
- [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
#### :material-check:{ .pg-green } 41 Countries
Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。
{ .annotate }
1. 如果订阅2年(119.76美元)还可享受10%的折扣。
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
#### :material-check:{ .pg-green } Independently Audited
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded:
> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website:
> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf).
#### :material-check:{ .pg-green } Open-Source Clients
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
#### :material-check:{ .pg-green } Accepts Cash and Monero
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com)是一个较新的协议,使用最先进的 \[cryptography\](https://www.wireguard.com/protocol/)。
#### :material-check:{ .pg-green } WireGuard Support
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
#### :material-check:{ .pg-green } IPv6 Support
Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
#### :material-check:{ .pg-green } Remote Port Forwarding
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
#### :material-check:{ .pg-green } Mobile Clients
Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
#### :material-information-outline:{ .pg-blue } Additional Functionality
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
### Proton VPN
@@ -48,162 +168,48 @@ icon: 资料/vpn
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
??? 检查注释 "64个国家"
#### :material-check:{ .pg-green } 67 Countries
Proton VPN有[64个国家的服务器](https://protonvpn.com/vpn-servers) (1)。 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。
我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。
Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。
{ .annotate }
1. 如果订阅2年(119.76美元)还可享受10%的折扣。
??? 检查"独立审计"
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
截至2020年1月Proton VPN已经接受了SEC咨询公司的独立审计。 SEC Consult在Proton VPN的Windows、Android和iOS应用程序中发现了一些中度和低度风险的漏洞在报告发布前Proton VPN都已经 "妥善修复"。 所发现的问题中没有任何一个能让攻击者远程访问你的设备或流量。 你可以在 [protonvpn.com](https://protonvpn.com/blog/open-source/)查看每个平台的单独报告。 2022年4月Proton VPN接受了[另一次审计](https://protonvpn.com/blog/no-logs-audit/),报告是[由Securitum制作](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf)。 A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
#### :material-check:{ .pg-green } Independently Audited
??? 检查“开源客户端”
截至2020年1月Proton VPN已经接受了SEC咨询公司的独立审计。 SEC Consult在Proton VPN的Windows、Android和iOS应用程序中发现了一些中度和低度风险的漏洞在报告发布前Proton VPN都已经 "妥善修复"。 所发现的问题中没有任何一个能让攻击者远程访问你的设备或流量。 You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
Proton VPN在其[GitHub组织](https://github.com/ProtonVPN)中提供其桌面和移动客户端的源代码。
#### :material-check:{ .pg-green } Open-Source Clients
??? 检查"接受现金"
Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
Proton VPN除了接受信用卡/借记卡和PayPal之外还接受比特币和**现金/当地货币**作为匿名支付方式。
#### :material-check:{ .pg-green } Accepts Cash
??? 检查 "WireGuard支持"。
Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
Proton VPN主要支持WireGuard®协议。 [WireGuard](https://www.wireguard.com)是一个较新的协议,使用最先进的 [cryptography](https://www.wireguard.com/protocol/)。 此外, WireGuard旨在更简单、更高效。
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/)在其服务中使用WireGuard。 在Proton VPN的Windows、macOS、iOS、Android、ChromeOS和Android TV应用程序中WireGuard是默认协议但是在他们的Linux应用程序中该协议还没有得到 [support](https://protonvpn.com/support/how-to-change-vpn-protocols/)。
#### :material-check:{ .pg-green } WireGuard Support
??? 警告 "远程端口转发"
Proton VPN主要支持WireGuard®协议。 [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。
Proton VPN目前只支持Windows上的远程[端口转发](https://protonvpn.com/support/port-forwarding/),这可能会影响一些应用程序。 特别是点对点的应用如Torrent客户端。
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
??? success "Mobile Clients"
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. 特别是点对点的应用如Torrent客户端。
??? info "Additional Functionality"
#### :material-check:{ .pg-green } Mobile Clients
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
!!! danger "Killswitch feature is broken on Intel-based Macs"
#### :material-information-outline:{ .pg-blue } Additional Functionality
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
### IVPN
#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
!!! recommendation
![IVPN标志](assets/img/vpn/ivpn.svg){ align=right }
**IVPN**是另一个高级VPN供应商他们自2009年以来一直在运营。 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。
这是因为到达目的地的路由较短(跳数较少)。 我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。
??? 检查"独立审计"
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。
我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。
1. 如果订阅2年(119.76美元)还可享受10%的折扣。
??? 检查"独立审计"
IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf).
??? 检查“开源客户端”
As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
??? 检查 "WireGuard支持"。
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
??? 检查 "WireGuard支持"。
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com)是一个较新的协议,使用最先进的 [cryptography](https://www.wireguard.com/protocol/)。 此外, WireGuard旨在更简单、更高效。
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
??? success "Remote Port Forwarding"
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
??? success "Mobile Clients"
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
??? info "Additional Functionality"
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
!!! recommendation
![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。
我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。 downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
- [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513)
- [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases)
- [:simple-windows11: Windows](https://mullvad.net/en/download/windows/)
- [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
- [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
??? 检查"独立审计"
Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。
我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。
1. 如果订阅2年(119.76美元)还可享受10%的折扣。
??? 检查"独立审计"
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded:
> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website:
> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf).
??? 检查“开源客户端”
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
??? 检查 "WireGuard支持"。
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. [WireGuard](https://www.wireguard.com)是一个较新的协议,使用最先进的 [cryptography](https://www.wireguard.com/protocol/)。
??? 检查 "WireGuard支持"。
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com)是一个较新的协议,使用最先进的 [cryptography](https://www.wireguard.com/protocol/)。 此外, WireGuard旨在更简单、更高效。
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
??? success "IPv6 Support"
Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
??? success "Remote Port Forwarding"
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
??? success "Mobile Clients"
Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
??? info "Additional Functionality"
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
## Criteria
@@ -238,13 +244,13 @@ We prefer our recommended providers to collect as little data as possible. 不
**符合条件的最低要求。**
- Monero或现金支付选项。
- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option.
- 注册时不需要提供个人信息。最多只有用户名、密码和电子邮件。
**Best Case:**
- 接受Monero、现金和其他形式的匿名支付方式礼品卡等
- 不接受个人信息(自动生成的用户名,不需要电子邮件,等等。)
- Accepts multiple [anonymous payment options](advanced/payments.md).
- No personal information accepted (autogenerated username, no email required, etc.).
### 安全性
@@ -302,5 +308,3 @@ Responsible marketing that is both educational and useful to the consumer could
### Additional Functionality
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.
--8<-- "includes/abbreviations.zh.txt"