diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 8a1ee6c8..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright (c) 2021-2023 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -version: 2 - -registries: - github-privacyguides: - type: git - url: https://github.com - username: x-access-token - password: ${{secrets.REPO_PAT}} - -updates: - # Maintain dependencies for GitHub Actions - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "monthly" - assignees: - - "jonaharagon" - reviewers: - - "jonaharagon" - labels: - - "fix:github_actions" - - # Maintain submodules - - package-ecosystem: "gitsubmodule" - directory: "/" - registries: - - github-privacyguides - schedule: - interval: "monthly" - labels: - - "fix:submodules" - - - package-ecosystem: "devcontainers" - directory: "/" - schedule: - interval: weekly - - - package-ecosystem: "docker" - directory: "/" - schedule: - interval: weekly -# Disabled because some updates tend to remove needed dependencies for some reason - -# # Maintain dependencies for pipenv -# - package-ecosystem: "pip" -# directory: "/" -# insecure-external-code-execution: allow -# registries: -# - github-privacyguides -# schedule: -# interval: "daily" -# assignees: -# - "jonaharagon" -# reviewers: -# - "jonaharagon" -# labels: -# - "fix:python" diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml index 2207afd4..ebc1db61 100644 --- a/.github/workflows/build-container.yml +++ b/.github/workflows/build-container.yml @@ -79,7 +79,7 @@ jobs: # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - name: Build and push Docker image - uses: docker/build-push-action@v6.7.0 + uses: docker/build-push-action@v6.9.0 with: context: . push: true diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e8e2a4df..26edc9ac 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,9 @@ on: strict: type: boolean default: false + cache: + type: boolean + default: true permissions: contents: read @@ -57,6 +60,12 @@ jobs: echo "BUILD_INSIDERS=true" >> "$GITHUB_ENV" echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --insiders"" >> "$GITHUB_ENV" + - name: Set Metadata for International Builds + if: inputs.lang != 'en' + run: | + echo "GITREVISIONDATE=false" >> "$GITHUB_ENV" + echo "GITAUTHORS=false" >> "$GITHUB_ENV" + - name: Set Metadata for Offline Mode if: inputs.config == 'offline' run: | @@ -113,6 +122,7 @@ jobs: - name: Restore Privacy Plugin Cache uses: actions/cache/restore@v4.0.2 id: privacy_cache_restore + if: inputs.cache with: key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }} path: | @@ -125,6 +135,7 @@ jobs: - name: Restore Social Plugin Cache uses: actions/cache/restore@v4.0.2 id: social_cache_restore + if: inputs.cache with: key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} path: | @@ -137,6 +148,7 @@ jobs: - name: Restore Optimize Plugin Cache uses: actions/cache/restore@v4.0.2 id: optimize_cache_restore + if: inputs.cache with: key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} path: | @@ -170,7 +182,7 @@ jobs: - name: Find Privacy Plugin Cache uses: actions/cache/restore@v4.0.2 - if: steps.privacy_cache_restore.outputs.cache-hit != 'true' + if: steps.privacy_cache_restore.outputs.cache-hit != 'true' && inputs.cache id: privacy_cache_test with: key: privacy-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/privacy/**') }} @@ -180,7 +192,7 @@ jobs: - name: Find Social Plugin Cache uses: actions/cache/restore@v4.0.2 - if: steps.social_cache_restore.outputs.cache-hit != 'true' + if: steps.social_cache_restore.outputs.cache-hit != 'true' && inputs.cache id: social_cache_test with: key: social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} @@ -191,7 +203,7 @@ jobs: - name: Find Optimize Plugin Cache uses: actions/cache/restore@v4.0.2 - if: steps.optimize_cache_restore.outputs.cache-hit != 'true' + if: steps.optimize_cache_restore.outputs.cache-hit != 'true' && inputs.cache id: optimize_cache_test with: key: optimize-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} @@ -201,14 +213,14 @@ jobs: - name: Save Privacy Plugin Cache uses: actions/cache/save@v4.0.2 - if: steps.privacy_cache_test.outputs.cache-hit != 'true' + if: steps.privacy_cache_test.outputs.cache-hit != 'true' && inputs.cache with: key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }} path: .cache/plugin/privacy - name: Save Social Plugin Cache uses: actions/cache/save@v4.0.2 - if: steps.social_cache_test.outputs.cache-hit != 'true' + if: steps.social_cache_test.outputs.cache-hit != 'true' && inputs.cache with: key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} path: | @@ -217,7 +229,7 @@ jobs: - name: Save Optimize Plugin Cache uses: actions/cache/save@v4.0.2 - if: steps.optimize_cache_test.outputs.cache-hit != 'true' + if: steps.optimize_cache_test.outputs.cache-hit != 'true' && inputs.cache with: key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }} path: .cache/plugin/optimize diff --git a/.github/workflows/publish-mirror.yml b/.github/workflows/publish-mirror.yml index 116ae80c..b5216fa1 100644 --- a/.github/workflows/publish-mirror.yml +++ b/.github/workflows/publish-mirror.yml @@ -51,14 +51,3 @@ jobs: with: source-repo: "git@github.com:privacyguides/privacyguides.org.git" destination-repo: "git@codeberg.org:privacyguides/privacyguides.org.git" - - sourcehut: - runs-on: ubuntu-latest - steps: - - name: Mirror to SourceHut - uses: wearerequired/git-mirror-action@v1 - env: - SSH_PRIVATE_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - with: - source-repo: "git@github.com:privacyguides/privacyguides.org.git" - destination-repo: "git@git.sr.ht:~jonaharagon/privacyguides.org" diff --git a/.github/workflows/publish-pr.yml b/.github/workflows/publish-pr.yml index 65f1a8ff..962d91d8 100644 --- a/.github/workflows/publish-pr.yml +++ b/.github/workflows/publish-pr.yml @@ -87,7 +87,7 @@ jobs: echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT" echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT" - deploy: + deploy_netlify: needs: metadata permissions: contents: read @@ -99,13 +99,27 @@ jobs: secrets: NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + deploy_garage: + needs: metadata + permissions: + contents: read + + uses: privacyguides/webserver/.github/workflows/deploy-garage-preview.yml@main + with: + alias: ${{ needs.metadata.outputs.pr_number }} + bucket: ${{ vars.PREVIEW_GARAGE_BUCKET }} + hostname: ${{ vars.PREVIEW_GARAGE_HOSTNAME }} + secrets: + PREVIEW_GARAGE_KEY_ID: ${{ secrets.PREVIEW_GARAGE_KEY_ID }} + PREVIEW_GARAGE_SECRET_KEY: ${{ secrets.PREVIEW_GARAGE_SECRET_KEY }} + comment: permissions: pull-requests: write - needs: [deploy, metadata] + needs: [deploy_netlify, metadata] runs-on: ubuntu-latest env: - address: ${{ needs.deploy.outputs.address }} + address: ${{ needs.deploy_netlify.outputs.address }} steps: - uses: thollander/actions-comment-pull-request@v2.5.0 with: diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index d5c25113..c04d40c0 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -62,6 +62,17 @@ jobs: lang: ${{ matrix.lang }} context: production continue-on-error: false + cache: false + + build_blog: + needs: submodule + permissions: + contents: read + uses: ./.github/workflows/build-blog.yml + with: + repo: ${{ github.repository }} + ref: ${{ github.ref }} + continue-on-error: false release: name: Create release notes @@ -84,12 +95,14 @@ jobs: makeLatest: true deploy: - needs: build + needs: [build, build_blog] uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main secrets: NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }} PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }} + PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }} + PROD_GARAGE_SECRET_KEY: ${{ secrets.PROD_GARAGE_SECRET_KEY }} CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }} CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} CLUSTER_USERNAME: ${{ secrets.CLUSTER_USERNAME }} @@ -99,5 +112,5 @@ jobs: cleanup: if: ${{ always() }} - needs: build + needs: [build, build_blog] uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/upload-crowdin.yml b/.github/workflows/upload-crowdin.yml index ed775054..49504a31 100644 --- a/.github/workflows/upload-crowdin.yml +++ b/.github/workflows/upload-crowdin.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@v4 - name: crowdin action - uses: crowdin/github-action@v2.1.1 + uses: crowdin/github-action@v2.2.0 with: upload_sources: true upload_sources_args: "--auto-update --delete-obsolete" diff --git a/Dockerfile b/Dockerfile index 39c666ba..d05c98d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.12-alpine as base +FROM python:3.13-alpine as base LABEL org.opencontainers.image.source="https://github.com/privacyguides/privacyguides.org" diff --git a/Pipfile b/Pipfile index 6e209f05..bd8c8b1b 100644 --- a/Pipfile +++ b/Pipfile @@ -30,6 +30,7 @@ mkdocs-git-authors-plugin = "~=0.8" mkdocs-macros-plugin = "~=1.0" jieba = "~=0.42" mkdocs-rss-plugin = "*" +mkdocs-glightbox = "*" [dev-packages] scour = "~=0.38" diff --git a/Pipfile.lock b/Pipfile.lock index fa24a9c9..91b0a3b9 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "0d44b05fce332feadac5f751987ba261ffa2aa8c851364ef94fc1bd91c6feb77" + "sha256": "4707be3ca5e170a9f90dc4dc36c99880bdc9d78df9387779096f23246a63ee0a" }, "pipfile-spec": 6, "requires": { @@ -18,11 +18,11 @@ "default": { "babel": { "hashes": [ - "sha256:08706bdad8d0a3413266ab61bd6c34d0c28d6e1e7badf40a2cebe67644e2e1fb", - "sha256:8daf0e265d05768bc6c7a314cf1321e9a123afc328cc635c18622a2f30a04413" + "sha256:368b5b98b37c06b7daf6696391c3240c938b37767d4584413e8438c5c435fa8b", + "sha256:d1f3554ca26605fe173f3de0c65f750f5a42f924499bf134de6423582298e316" ], "markers": "python_version >= '3.8'", - "version": "==2.15.0" + "version": "==2.16.0" }, "cachecontrol": { "extras": [ @@ -52,180 +52,195 @@ }, "certifi": { "hashes": [ - "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b", - "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90" + "sha256:922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8", + "sha256:bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9" ], "markers": "python_version >= '3.6'", - "version": "==2024.7.4" + "version": "==2024.8.30" }, "cffi": { "hashes": [ - "sha256:011aff3524d578a9412c8b3cfaa50f2c0bd78e03eb7af7aa5e0df59b158efb2f", - "sha256:0a048d4f6630113e54bb4b77e315e1ba32a5a31512c31a273807d0027a7e69ab", - "sha256:0bb15e7acf8ab35ca8b24b90af52c8b391690ef5c4aec3d31f38f0d37d2cc499", - "sha256:0d46ee4764b88b91f16661a8befc6bfb24806d885e27436fdc292ed7e6f6d058", - "sha256:0e60821d312f99d3e1569202518dddf10ae547e799d75aef3bca3a2d9e8ee693", - "sha256:0fdacad9e0d9fc23e519efd5ea24a70348305e8d7d85ecbb1a5fa66dc834e7fb", - "sha256:14b9cbc8f7ac98a739558eb86fabc283d4d564dafed50216e7f7ee62d0d25377", - "sha256:17c6d6d3260c7f2d94f657e6872591fe8733872a86ed1345bda872cfc8c74885", - "sha256:1a2ddbac59dc3716bc79f27906c010406155031a1c801410f1bafff17ea304d2", - "sha256:2404f3de742f47cb62d023f0ba7c5a916c9c653d5b368cc966382ae4e57da401", - "sha256:24658baf6224d8f280e827f0a50c46ad819ec8ba380a42448e24459daf809cf4", - "sha256:24aa705a5f5bd3a8bcfa4d123f03413de5d86e497435693b638cbffb7d5d8a1b", - "sha256:2770bb0d5e3cc0e31e7318db06efcbcdb7b31bcb1a70086d3177692a02256f59", - "sha256:331ad15c39c9fe9186ceaf87203a9ecf5ae0ba2538c9e898e3a6967e8ad3db6f", - "sha256:3aa9d43b02a0c681f0bfbc12d476d47b2b2b6a3f9287f11ee42989a268a1833c", - "sha256:41f4915e09218744d8bae14759f983e466ab69b178de38066f7579892ff2a555", - "sha256:4304d4416ff032ed50ad6bb87416d802e67139e31c0bde4628f36a47a3164bfa", - "sha256:435a22d00ec7d7ea533db494da8581b05977f9c37338c80bc86314bec2619424", - "sha256:45f7cd36186db767d803b1473b3c659d57a23b5fa491ad83c6d40f2af58e4dbb", - "sha256:48b389b1fd5144603d61d752afd7167dfd205973a43151ae5045b35793232aa2", - "sha256:4e67d26532bfd8b7f7c05d5a766d6f437b362c1bf203a3a5ce3593a645e870b8", - "sha256:516a405f174fd3b88829eabfe4bb296ac602d6a0f68e0d64d5ac9456194a5b7e", - "sha256:5ba5c243f4004c750836f81606a9fcb7841f8874ad8f3bf204ff5e56332b72b9", - "sha256:5bdc0f1f610d067c70aa3737ed06e2726fd9d6f7bfee4a351f4c40b6831f4e82", - "sha256:6107e445faf057c118d5050560695e46d272e5301feffda3c41849641222a828", - "sha256:6327b572f5770293fc062a7ec04160e89741e8552bf1c358d1a23eba68166759", - "sha256:669b29a9eca6146465cc574659058ed949748f0809a2582d1f1a324eb91054dc", - "sha256:6ce01337d23884b21c03869d2f68c5523d43174d4fc405490eb0091057943118", - "sha256:6d872186c1617d143969defeadac5a904e6e374183e07977eedef9c07c8953bf", - "sha256:6f76a90c345796c01d85e6332e81cab6d70de83b829cf1d9762d0a3da59c7932", - "sha256:70d2aa9fb00cf52034feac4b913181a6e10356019b18ef89bc7c12a283bf5f5a", - "sha256:7cbc78dc018596315d4e7841c8c3a7ae31cc4d638c9b627f87d52e8abaaf2d29", - "sha256:856bf0924d24e7f93b8aee12a3a1095c34085600aa805693fb7f5d1962393206", - "sha256:8a98748ed1a1df4ee1d6f927e151ed6c1a09d5ec21684de879c7ea6aa96f58f2", - "sha256:93a7350f6706b31f457c1457d3a3259ff9071a66f312ae64dc024f049055f72c", - "sha256:964823b2fc77b55355999ade496c54dde161c621cb1f6eac61dc30ed1b63cd4c", - "sha256:a003ac9edc22d99ae1286b0875c460351f4e101f8c9d9d2576e78d7e048f64e0", - "sha256:a0ce71725cacc9ebf839630772b07eeec220cbb5f03be1399e0457a1464f8e1a", - "sha256:a47eef975d2b8b721775a0fa286f50eab535b9d56c70a6e62842134cf7841195", - "sha256:a8b5b9712783415695663bd463990e2f00c6750562e6ad1d28e072a611c5f2a6", - "sha256:a9015f5b8af1bb6837a3fcb0cdf3b874fe3385ff6274e8b7925d81ccaec3c5c9", - "sha256:aec510255ce690d240f7cb23d7114f6b351c733a74c279a84def763660a2c3bc", - "sha256:b00e7bcd71caa0282cbe3c90966f738e2db91e64092a877c3ff7f19a1628fdcb", - "sha256:b50aaac7d05c2c26dfd50c3321199f019ba76bb650e346a6ef3616306eed67b0", - "sha256:b7b6ea9e36d32582cda3465f54c4b454f62f23cb083ebc7a94e2ca6ef011c3a7", - "sha256:bb9333f58fc3a2296fb1d54576138d4cf5d496a2cc118422bd77835e6ae0b9cb", - "sha256:c1c13185b90bbd3f8b5963cd8ce7ad4ff441924c31e23c975cb150e27c2bf67a", - "sha256:c3b8bd3133cd50f6b637bb4322822c94c5ce4bf0d724ed5ae70afce62187c492", - "sha256:c5d97162c196ce54af6700949ddf9409e9833ef1003b4741c2b39ef46f1d9720", - "sha256:c815270206f983309915a6844fe994b2fa47e5d05c4c4cef267c3b30e34dbe42", - "sha256:cab2eba3830bf4f6d91e2d6718e0e1c14a2f5ad1af68a89d24ace0c6b17cced7", - "sha256:d1df34588123fcc88c872f5acb6f74ae59e9d182a2707097f9e28275ec26a12d", - "sha256:d6bdcd415ba87846fd317bee0774e412e8792832e7805938987e4ede1d13046d", - "sha256:db9a30ec064129d605d0f1aedc93e00894b9334ec74ba9c6bdd08147434b33eb", - "sha256:dbc183e7bef690c9abe5ea67b7b60fdbca81aa8da43468287dae7b5c046107d4", - "sha256:dca802c8db0720ce1c49cce1149ff7b06e91ba15fa84b1d59144fef1a1bc7ac2", - "sha256:dec6b307ce928e8e112a6bb9921a1cb00a0e14979bf28b98e084a4b8a742bd9b", - "sha256:df8bb0010fdd0a743b7542589223a2816bdde4d94bb5ad67884348fa2c1c67e8", - "sha256:e4094c7b464cf0a858e75cd14b03509e84789abf7b79f8537e6a72152109c76e", - "sha256:e4760a68cab57bfaa628938e9c2971137e05ce48e762a9cb53b76c9b569f1204", - "sha256:eb09b82377233b902d4c3fbeeb7ad731cdab579c6c6fda1f763cd779139e47c3", - "sha256:eb862356ee9391dc5a0b3cbc00f416b48c1b9a52d252d898e5b7696a5f9fe150", - "sha256:ef9528915df81b8f4c7612b19b8628214c65c9b7f74db2e34a646a0a2a0da2d4", - "sha256:f3157624b7558b914cb039fd1af735e5e8049a87c817cc215109ad1c8779df76", - "sha256:f3e0992f23bbb0be00a921eae5363329253c3b86287db27092461c887b791e5e", - "sha256:f9338cc05451f1942d0d8203ec2c346c830f8e86469903d5126c1f0a13a2bcbb", - "sha256:ffef8fd58a36fb5f1196919638f73dd3ae0db1a878982b27a9a5a176ede4ba91" + "sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8", + "sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2", + "sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1", + "sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15", + "sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36", + "sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824", + "sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8", + "sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36", + "sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17", + "sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf", + "sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc", + "sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3", + "sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed", + "sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702", + "sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1", + "sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8", + "sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903", + "sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6", + "sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d", + "sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b", + "sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e", + "sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be", + "sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c", + "sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683", + "sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9", + "sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c", + "sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8", + "sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1", + "sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4", + "sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655", + "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67", + "sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595", + "sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0", + "sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65", + "sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41", + "sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6", + "sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401", + "sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6", + "sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3", + "sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16", + "sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93", + "sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e", + "sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4", + "sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964", + "sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c", + "sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576", + "sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0", + "sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3", + "sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662", + "sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3", + "sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff", + "sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5", + "sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd", + "sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f", + "sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5", + "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14", + "sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d", + "sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9", + "sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7", + "sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382", + "sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a", + "sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e", + "sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a", + "sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4", + "sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99", + "sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87", + "sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b" ], "markers": "python_version >= '3.8'", - "version": "==1.17.0" + "version": "==1.17.1" }, "charset-normalizer": { "hashes": [ - "sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027", - "sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087", - "sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786", - "sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8", - "sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09", - "sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185", - "sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574", - "sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e", - "sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519", - "sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898", - "sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269", - "sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3", - "sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f", - "sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6", - "sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8", - "sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a", - "sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73", - "sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc", - "sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714", - "sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2", - "sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc", - "sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce", - "sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d", - "sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e", - "sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6", - "sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269", - "sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96", - "sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d", - "sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a", - "sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4", - "sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77", - "sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d", - "sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0", - "sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed", - "sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068", - "sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac", - "sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25", - "sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8", - "sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab", - "sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26", - "sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2", - "sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db", - "sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f", - "sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5", - "sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99", - "sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c", - "sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d", - "sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811", - "sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa", - "sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a", - "sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03", - "sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b", - "sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04", - "sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c", - "sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001", - "sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458", - "sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389", - "sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99", - "sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985", - "sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537", - "sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238", - "sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f", - "sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d", - "sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796", - "sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a", - "sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143", - "sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8", - "sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c", - "sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5", - "sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5", - "sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711", - "sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4", - "sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6", - "sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c", - "sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7", - "sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4", - "sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b", - "sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae", - "sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12", - "sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c", - "sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae", - "sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8", - "sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887", - "sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b", - "sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4", - "sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f", - "sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5", - "sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33", - "sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519", - "sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561" + "sha256:0099d79bdfcf5c1f0c2c72f91516702ebf8b0b8ddd8905f97a8aecf49712c621", + "sha256:0713f3adb9d03d49d365b70b84775d0a0d18e4ab08d12bc46baa6132ba78aaf6", + "sha256:07afec21bbbbf8a5cc3651aa96b980afe2526e7f048fdfb7f1014d84acc8b6d8", + "sha256:0b309d1747110feb25d7ed6b01afdec269c647d382c857ef4663bbe6ad95a912", + "sha256:0d99dd8ff461990f12d6e42c7347fd9ab2532fb70e9621ba520f9e8637161d7c", + "sha256:0de7b687289d3c1b3e8660d0741874abe7888100efe14bd0f9fd7141bcbda92b", + "sha256:1110e22af8ca26b90bd6364fe4c763329b0ebf1ee213ba32b68c73de5752323d", + "sha256:130272c698667a982a5d0e626851ceff662565379baf0ff2cc58067b81d4f11d", + "sha256:136815f06a3ae311fae551c3df1f998a1ebd01ddd424aa5603a4336997629e95", + "sha256:14215b71a762336254351b00ec720a8e85cada43b987da5a042e4ce3e82bd68e", + "sha256:1db4e7fefefd0f548d73e2e2e041f9df5c59e178b4c72fbac4cc6f535cfb1565", + "sha256:1ffd9493de4c922f2a38c2bf62b831dcec90ac673ed1ca182fe11b4d8e9f2a64", + "sha256:2006769bd1640bdf4d5641c69a3d63b71b81445473cac5ded39740a226fa88ab", + "sha256:20587d20f557fe189b7947d8e7ec5afa110ccf72a3128d61a2a387c3313f46be", + "sha256:223217c3d4f82c3ac5e29032b3f1c2eb0fb591b72161f86d93f5719079dae93e", + "sha256:27623ba66c183eca01bf9ff833875b459cad267aeeb044477fedac35e19ba907", + "sha256:285e96d9d53422efc0d7a17c60e59f37fbf3dfa942073f666db4ac71e8d726d0", + "sha256:2de62e8801ddfff069cd5c504ce3bc9672b23266597d4e4f50eda28846c322f2", + "sha256:2f6c34da58ea9c1a9515621f4d9ac379871a8f21168ba1b5e09d74250de5ad62", + "sha256:309a7de0a0ff3040acaebb35ec45d18db4b28232f21998851cfa709eeff49d62", + "sha256:35c404d74c2926d0287fbd63ed5d27eb911eb9e4a3bb2c6d294f3cfd4a9e0c23", + "sha256:3710a9751938947e6327ea9f3ea6332a09bf0ba0c09cae9cb1f250bd1f1549bc", + "sha256:3d59d125ffbd6d552765510e3f31ed75ebac2c7470c7274195b9161a32350284", + "sha256:40d3ff7fc90b98c637bda91c89d51264a3dcf210cade3a2c6f838c7268d7a4ca", + "sha256:425c5f215d0eecee9a56cdb703203dda90423247421bf0d67125add85d0c4455", + "sha256:43193c5cda5d612f247172016c4bb71251c784d7a4d9314677186a838ad34858", + "sha256:44aeb140295a2f0659e113b31cfe92c9061622cadbc9e2a2f7b8ef6b1e29ef4b", + "sha256:47334db71978b23ebcf3c0f9f5ee98b8d65992b65c9c4f2d34c2eaf5bcaf0594", + "sha256:4796efc4faf6b53a18e3d46343535caed491776a22af773f366534056c4e1fbc", + "sha256:4a51b48f42d9358460b78725283f04bddaf44a9358197b889657deba38f329db", + "sha256:4b67fdab07fdd3c10bb21edab3cbfe8cf5696f453afce75d815d9d7223fbe88b", + "sha256:4ec9dd88a5b71abfc74e9df5ebe7921c35cbb3b641181a531ca65cdb5e8e4dea", + "sha256:4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6", + "sha256:54b6a92d009cbe2fb11054ba694bc9e284dad30a26757b1e372a1fdddaf21920", + "sha256:55f56e2ebd4e3bc50442fbc0888c9d8c94e4e06a933804e2af3e89e2f9c1c749", + "sha256:5726cf76c982532c1863fb64d8c6dd0e4c90b6ece9feb06c9f202417a31f7dd7", + "sha256:5d447056e2ca60382d460a604b6302d8db69476fd2015c81e7c35417cfabe4cd", + "sha256:5ed2e36c3e9b4f21dd9422f6893dec0abf2cca553af509b10cd630f878d3eb99", + "sha256:5ff2ed8194587faf56555927b3aa10e6fb69d931e33953943bc4f837dfee2242", + "sha256:62f60aebecfc7f4b82e3f639a7d1433a20ec32824db2199a11ad4f5e146ef5ee", + "sha256:63bc5c4ae26e4bc6be6469943b8253c0fd4e4186c43ad46e713ea61a0ba49129", + "sha256:6b40e8d38afe634559e398cc32b1472f376a4099c75fe6299ae607e404c033b2", + "sha256:6b493a043635eb376e50eedf7818f2f322eabbaa974e948bd8bdd29eb7ef2a51", + "sha256:6dba5d19c4dfab08e58d5b36304b3f92f3bd5d42c1a3fa37b5ba5cdf6dfcbcee", + "sha256:6fd30dc99682dc2c603c2b315bded2799019cea829f8bf57dc6b61efde6611c8", + "sha256:707b82d19e65c9bd28b81dde95249b07bf9f5b90ebe1ef17d9b57473f8a64b7b", + "sha256:7706f5850360ac01d80c89bcef1640683cc12ed87f42579dab6c5d3ed6888613", + "sha256:7782afc9b6b42200f7362858f9e73b1f8316afb276d316336c0ec3bd73312742", + "sha256:79983512b108e4a164b9c8d34de3992f76d48cadc9554c9e60b43f308988aabe", + "sha256:7f683ddc7eedd742e2889d2bfb96d69573fde1d92fcb811979cdb7165bb9c7d3", + "sha256:82357d85de703176b5587dbe6ade8ff67f9f69a41c0733cf2425378b49954de5", + "sha256:84450ba661fb96e9fd67629b93d2941c871ca86fc38d835d19d4225ff946a631", + "sha256:86f4e8cca779080f66ff4f191a685ced73d2f72d50216f7112185dc02b90b9b7", + "sha256:8cda06946eac330cbe6598f77bb54e690b4ca93f593dee1568ad22b04f347c15", + "sha256:8ce7fd6767a1cc5a92a639b391891bf1c268b03ec7e021c7d6d902285259685c", + "sha256:8ff4e7cdfdb1ab5698e675ca622e72d58a6fa2a8aa58195de0c0061288e6e3ea", + "sha256:9289fd5dddcf57bab41d044f1756550f9e7cf0c8e373b8cdf0ce8773dc4bd417", + "sha256:92a7e36b000bf022ef3dbb9c46bfe2d52c047d5e3f3343f43204263c5addc250", + "sha256:92db3c28b5b2a273346bebb24857fda45601aef6ae1c011c0a997106581e8a88", + "sha256:95c3c157765b031331dd4db3c775e58deaee050a3042fcad72cbc4189d7c8dca", + "sha256:980b4f289d1d90ca5efcf07958d3eb38ed9c0b7676bf2831a54d4f66f9c27dfa", + "sha256:9ae4ef0b3f6b41bad6366fb0ea4fc1d7ed051528e113a60fa2a65a9abb5b1d99", + "sha256:9c98230f5042f4945f957d006edccc2af1e03ed5e37ce7c373f00a5a4daa6149", + "sha256:9fa2566ca27d67c86569e8c85297aaf413ffab85a8960500f12ea34ff98e4c41", + "sha256:a14969b8691f7998e74663b77b4c36c0337cb1df552da83d5c9004a93afdb574", + "sha256:a8aacce6e2e1edcb6ac625fb0f8c3a9570ccc7bfba1f63419b3769ccf6a00ed0", + "sha256:a8e538f46104c815be19c975572d74afb53f29650ea2025bbfaef359d2de2f7f", + "sha256:aa41e526a5d4a9dfcfbab0716c7e8a1b215abd3f3df5a45cf18a12721d31cb5d", + "sha256:aa693779a8b50cd97570e5a0f343538a8dbd3e496fa5dcb87e29406ad0299654", + "sha256:ab22fbd9765e6954bc0bcff24c25ff71dcbfdb185fcdaca49e81bac68fe724d3", + "sha256:ab2e5bef076f5a235c3774b4f4028a680432cded7cad37bba0fd90d64b187d19", + "sha256:ab973df98fc99ab39080bfb0eb3a925181454d7c3ac8a1e695fddfae696d9e90", + "sha256:af73657b7a68211996527dbfeffbb0864e043d270580c5aef06dc4b659a4b578", + "sha256:b197e7094f232959f8f20541ead1d9862ac5ebea1d58e9849c1bf979255dfac9", + "sha256:b295729485b06c1a0683af02a9e42d2caa9db04a373dc38a6a58cdd1e8abddf1", + "sha256:b8831399554b92b72af5932cdbbd4ddc55c55f631bb13ff8fe4e6536a06c5c51", + "sha256:b8dcd239c743aa2f9c22ce674a145e0a25cb1566c495928440a181ca1ccf6719", + "sha256:bcb4f8ea87d03bc51ad04add8ceaf9b0f085ac045ab4d74e73bbc2dc033f0236", + "sha256:bd7af3717683bea4c87acd8c0d3d5b44d56120b26fd3f8a692bdd2d5260c620a", + "sha256:bf4475b82be41b07cc5e5ff94810e6a01f276e37c2d55571e3fe175e467a1a1c", + "sha256:c3e446d253bd88f6377260d07c895816ebf33ffffd56c1c792b13bff9c3e1ade", + "sha256:c57516e58fd17d03ebe67e181a4e4e2ccab1168f8c2976c6a334d4f819fe5944", + "sha256:c94057af19bc953643a33581844649a7fdab902624d2eb739738a30e2b3e60fc", + "sha256:cab5d0b79d987c67f3b9e9c53f54a61360422a5a0bc075f43cab5621d530c3b6", + "sha256:ce031db0408e487fd2775d745ce30a7cd2923667cf3b69d48d219f1d8f5ddeb6", + "sha256:cee4373f4d3ad28f1ab6290684d8e2ebdb9e7a1b74fdc39e4c211995f77bec27", + "sha256:d5b054862739d276e09928de37c79ddeec42a6e1bfc55863be96a36ba22926f6", + "sha256:dbe03226baf438ac4fda9e2d0715022fd579cb641c4cf639fa40d53b2fe6f3e2", + "sha256:dc15e99b2d8a656f8e666854404f1ba54765871104e50c8e9813af8a7db07f12", + "sha256:dcaf7c1524c0542ee2fc82cc8ec337f7a9f7edee2532421ab200d2b920fc97cf", + "sha256:dd4eda173a9fcccb5f2e2bd2a9f423d180194b1bf17cf59e3269899235b2a114", + "sha256:dd9a8bd8900e65504a305bf8ae6fa9fbc66de94178c420791d0293702fce2df7", + "sha256:de7376c29d95d6719048c194a9cf1a1b0393fbe8488a22008610b0361d834ecf", + "sha256:e7fdd52961feb4c96507aa649550ec2a0d527c086d284749b2f582f2d40a2e0d", + "sha256:e91f541a85298cf35433bf66f3fab2a4a2cff05c127eeca4af174f6d497f0d4b", + "sha256:e9e3c4c9e1ed40ea53acf11e2a386383c3304212c965773704e4603d589343ed", + "sha256:ee803480535c44e7f5ad00788526da7d85525cfefaf8acf8ab9a310000be4b03", + "sha256:f09cb5a7bbe1ecae6e87901a2eb23e0256bb524a79ccc53eb0b7629fbe7677c4", + "sha256:f19c1585933c82098c2a520f8ec1227f20e339e33aca8fa6f956f6691b784e67", + "sha256:f1a2f519ae173b5b6a2c9d5fa3116ce16e48b3462c8b96dfdded11055e3d6365", + "sha256:f28f891ccd15c514a0981f3b9db9aa23d62fe1a99997512b0491d2ed323d229a", + "sha256:f3e73a4255342d4eb26ef6df01e3962e73aa29baa3124a8e824c5d3364a65748", + "sha256:f606a1881d2663630ea5b8ce2efe2111740df4b687bd78b34a8131baa007f79b", + "sha256:fe9f97feb71aa9896b81973a7bbada8c49501dc73e58a10fcef6663af95e5079", + "sha256:ffc519621dce0c767e96b9c53f09c5d215578e10b02c285809f76509a3931482" ], "markers": "python_full_version >= '3.7.0'", - "version": "==3.3.2" + "version": "==3.4.0" }, "click": { "hashes": [ @@ -261,10 +276,10 @@ }, "filelock": { "hashes": [ - "sha256:2207938cbc1844345cb01a5a95524dae30f0ce089eba5b00378295a17e3e90cb", - "sha256:6ca1fffae96225dab4c6eaf1c4f4f28cd2568d3ec2a44e15a08520504de468e7" + "sha256:2082e5703d51fbf98ea75855d9d5527e33d8ff23099bec374a134febee6946b0", + "sha256:c249fbfcd5db47e5e2d6d62198e565475ee65e4831e2561c8e313fa7eb961435" ], - "version": "==3.15.4" + "version": "==3.16.1" }, "ghp-import": { "hashes": [ @@ -289,13 +304,20 @@ "markers": "python_version >= '3.7'", "version": "==3.1.43" }, + "hjson": { + "hashes": [ + "sha256:55af475a27cf83a7969c808399d7bccdec8fb836a07ddbd574587593b9cdcf75", + "sha256:65713cdcf13214fb554eb8b4ef803419733f4f5e551047c9b711098ab7186b89" + ], + "version": "==3.1.0" + }, "idna": { "hashes": [ - "sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc", - "sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0" + "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", + "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" ], - "markers": "python_version >= '3.5'", - "version": "==3.7" + "markers": "python_version >= '3.6'", + "version": "==3.10" }, "jieba": { "hashes": [ @@ -314,77 +336,78 @@ }, "markdown": { "hashes": [ - "sha256:48f276f4d8cfb8ce6527c8f79e2ee29708508bf4d40aa410fbc3b4ee832c850f", - "sha256:ed4f41f6daecbeeb96e576ce414c41d2d876daa9a16cb35fa8ed8c2ddfad0224" + "sha256:2ae2471477cfd02dbbf038d5d9bc226d40def84b4fe2986e49b59b6b472bbed2", + "sha256:7eb6df5690b81a1d7942992c97fad2938e956e79df20cbc6186e9c3a77b1c803" ], "markers": "python_version >= '3.8'", - "version": "==3.6" + "version": "==3.7" }, "markupsafe": { "hashes": [ - "sha256:00e046b6dd71aa03a41079792f8473dc494d564611a8f89bbbd7cb93295ebdcf", - "sha256:075202fa5b72c86ad32dc7d0b56024ebdbcf2048c0ba09f1cde31bfdd57bcfff", - "sha256:0e397ac966fdf721b2c528cf028494e86172b4feba51d65f81ffd65c63798f3f", - "sha256:17b950fccb810b3293638215058e432159d2b71005c74371d784862b7e4683f3", - "sha256:1f3fbcb7ef1f16e48246f704ab79d79da8a46891e2da03f8783a5b6fa41a9532", - "sha256:2174c595a0d73a3080ca3257b40096db99799265e1c27cc5a610743acd86d62f", - "sha256:2b7c57a4dfc4f16f7142221afe5ba4e093e09e728ca65c51f5620c9aaeb9a617", - "sha256:2d2d793e36e230fd32babe143b04cec8a8b3eb8a3122d2aceb4a371e6b09b8df", - "sha256:30b600cf0a7ac9234b2638fbc0fb6158ba5bdcdf46aeb631ead21248b9affbc4", - "sha256:397081c1a0bfb5124355710fe79478cdbeb39626492b15d399526ae53422b906", - "sha256:3a57fdd7ce31c7ff06cdfbf31dafa96cc533c21e443d57f5b1ecc6cdc668ec7f", - "sha256:3c6b973f22eb18a789b1460b4b91bf04ae3f0c4234a0a6aa6b0a92f6f7b951d4", - "sha256:3e53af139f8579a6d5f7b76549125f0d94d7e630761a2111bc431fd820e163b8", - "sha256:4096e9de5c6fdf43fb4f04c26fb114f61ef0bf2e5604b6ee3019d51b69e8c371", - "sha256:4275d846e41ecefa46e2015117a9f491e57a71ddd59bbead77e904dc02b1bed2", - "sha256:4c31f53cdae6ecfa91a77820e8b151dba54ab528ba65dfd235c80b086d68a465", - "sha256:4f11aa001c540f62c6166c7726f71f7573b52c68c31f014c25cc7901deea0b52", - "sha256:5049256f536511ee3f7e1b3f87d1d1209d327e818e6ae1365e8653d7e3abb6a6", - "sha256:58c98fee265677f63a4385256a6d7683ab1832f3ddd1e66fe948d5880c21a169", - "sha256:598e3276b64aff0e7b3451b72e94fa3c238d452e7ddcd893c3ab324717456bad", - "sha256:5b7b716f97b52c5a14bffdf688f971b2d5ef4029127f1ad7a513973cfd818df2", - "sha256:5dedb4db619ba5a2787a94d877bc8ffc0566f92a01c0ef214865e54ecc9ee5e0", - "sha256:619bc166c4f2de5caa5a633b8b7326fbe98e0ccbfacabd87268a2b15ff73a029", - "sha256:629ddd2ca402ae6dbedfceeba9c46d5f7b2a61d9749597d4307f943ef198fc1f", - "sha256:656f7526c69fac7f600bd1f400991cc282b417d17539a1b228617081106feb4a", - "sha256:6ec585f69cec0aa07d945b20805be741395e28ac1627333b1c5b0105962ffced", - "sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5", - "sha256:7502934a33b54030eaf1194c21c692a534196063db72176b0c4028e140f8f32c", - "sha256:7a68b554d356a91cce1236aa7682dc01df0edba8d043fd1ce607c49dd3c1edcf", - "sha256:7b2e5a267c855eea6b4283940daa6e88a285f5f2a67f2220203786dfa59b37e9", - "sha256:823b65d8706e32ad2df51ed89496147a42a2a6e01c13cfb6ffb8b1e92bc910bb", - "sha256:8590b4ae07a35970728874632fed7bd57b26b0102df2d2b233b6d9d82f6c62ad", - "sha256:8dd717634f5a044f860435c1d8c16a270ddf0ef8588d4887037c5028b859b0c3", - "sha256:8dec4936e9c3100156f8a2dc89c4b88d5c435175ff03413b443469c7c8c5f4d1", - "sha256:97cafb1f3cbcd3fd2b6fbfb99ae11cdb14deea0736fc2b0952ee177f2b813a46", - "sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc", - "sha256:a549b9c31bec33820e885335b451286e2969a2d9e24879f83fe904a5ce59d70a", - "sha256:ac07bad82163452a6884fe8fa0963fb98c2346ba78d779ec06bd7a6262132aee", - "sha256:ae2ad8ae6ebee9d2d94b17fb62763125f3f374c25618198f40cbb8b525411900", - "sha256:b91c037585eba9095565a3556f611e3cbfaa42ca1e865f7b8015fe5c7336d5a5", - "sha256:bc1667f8b83f48511b94671e0e441401371dfd0f0a795c7daa4a3cd1dde55bea", - "sha256:bec0a414d016ac1a18862a519e54b2fd0fc8bbfd6890376898a6c0891dd82e9f", - "sha256:bf50cd79a75d181c9181df03572cdce0fbb75cc353bc350712073108cba98de5", - "sha256:bff1b4290a66b490a2f4719358c0cdcd9bafb6b8f061e45c7a2460866bf50c2e", - "sha256:c061bb86a71b42465156a3ee7bd58c8c2ceacdbeb95d05a99893e08b8467359a", - "sha256:c8b29db45f8fe46ad280a7294f5c3ec36dbac9491f2d1c17345be8e69cc5928f", - "sha256:ce409136744f6521e39fd8e2a24c53fa18ad67aa5bc7c2cf83645cce5b5c4e50", - "sha256:d050b3361367a06d752db6ead6e7edeb0009be66bc3bae0ee9d97fb326badc2a", - "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b", - "sha256:d9fad5155d72433c921b782e58892377c44bd6252b5af2f67f16b194987338a4", - "sha256:daa4ee5a243f0f20d528d939d06670a298dd39b1ad5f8a72a4275124a7819eff", - "sha256:db0b55e0f3cc0be60c1f19efdde9a637c32740486004f20d1cff53c3c0ece4d2", - "sha256:e61659ba32cf2cf1481e575d0462554625196a1f2fc06a1c777d3f48e8865d46", - "sha256:ea3d8a3d18833cf4304cd2fc9cbb1efe188ca9b5efef2bdac7adc20594a0e46b", - "sha256:ec6a563cff360b50eed26f13adc43e61bc0c04d94b8be985e6fb24b81f6dcfdf", - "sha256:f5dfb42c4604dddc8e4305050aa6deb084540643ed5804d7455b5df8fe16f5e5", - "sha256:fa173ec60341d6bb97a89f5ea19c85c5643c1e7dedebc22f5181eb73573142c5", - "sha256:fa9db3f79de01457b03d4f01b34cf91bc0048eb2c3846ff26f66687c2f6d16ab", - "sha256:fce659a462a1be54d2ffcacea5e3ba2d74daa74f30f5f143fe0c58636e355fdd", - "sha256:ffee1f21e5ef0d712f9033568f8344d5da8cc2869dbd08d87c84656e6a2d2f68" + "sha256:0bff5e0ae4ef2e1ae4fdf2dfd5b76c75e5c2fa4132d05fc1b0dabcd20c7e28c4", + "sha256:0f4ca02bea9a23221c0182836703cbf8930c5e9454bacce27e767509fa286a30", + "sha256:1225beacc926f536dc82e45f8a4d68502949dc67eea90eab715dea3a21c1b5f0", + "sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9", + "sha256:15ab75ef81add55874e7ab7055e9c397312385bd9ced94920f2802310c930396", + "sha256:1a9d3f5f0901fdec14d8d2f66ef7d035f2157240a433441719ac9a3fba440b13", + "sha256:1c99d261bd2d5f6b59325c92c73df481e05e57f19837bdca8413b9eac4bd8028", + "sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca", + "sha256:2181e67807fc2fa785d0592dc2d6206c019b9502410671cc905d132a92866557", + "sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832", + "sha256:3169b1eefae027567d1ce6ee7cae382c57fe26e82775f460f0b2778beaad66c0", + "sha256:3809ede931876f5b2ec92eef964286840ed3540dadf803dd570c3b7e13141a3b", + "sha256:38a9ef736c01fccdd6600705b09dc574584b89bea478200c5fbf112a6b0d5579", + "sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a", + "sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c", + "sha256:48032821bbdf20f5799ff537c7ac3d1fba0ba032cfc06194faffa8cda8b560ff", + "sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c", + "sha256:52305740fe773d09cffb16f8ed0427942901f00adedac82ec8b67752f58a1b22", + "sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094", + "sha256:57cb5a3cf367aeb1d316576250f65edec5bb3be939e9247ae594b4bcbc317dfb", + "sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e", + "sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5", + "sha256:6af100e168aa82a50e186c82875a5893c5597a0c1ccdb0d8b40240b1f28b969a", + "sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d", + "sha256:6e296a513ca3d94054c2c881cc913116e90fd030ad1c656b3869762b754f5f8a", + "sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b", + "sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8", + "sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225", + "sha256:88416bd1e65dcea10bc7569faacb2c20ce071dd1f87539ca2ab364bf6231393c", + "sha256:88b49a3b9ff31e19998750c38e030fc7bb937398b1f78cfa599aaef92d693144", + "sha256:8c4e8c3ce11e1f92f6536ff07154f9d49677ebaaafc32db9db4620bc11ed480f", + "sha256:8e06879fc22a25ca47312fbe7c8264eb0b662f6db27cb2d3bbbc74b1df4b9b87", + "sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d", + "sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93", + "sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf", + "sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158", + "sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84", + "sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb", + "sha256:ad10d3ded218f1039f11a75f8091880239651b52e9bb592ca27de44eed242a48", + "sha256:b424c77b206d63d500bcb69fa55ed8d0e6a3774056bdc4839fc9298a7edca171", + "sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c", + "sha256:ba8062ed2cf21c07a9e295d5b8a2a5ce678b913b45fdf68c32d95d6c1291e0b6", + "sha256:ba9527cdd4c926ed0760bc301f6728ef34d841f405abf9d4f959c478421e4efd", + "sha256:bbcb445fa71794da8f178f0f6d66789a28d7319071af7a496d4d507ed566270d", + "sha256:bcf3e58998965654fdaff38e58584d8937aa3096ab5354d493c77d1fdd66d7a1", + "sha256:c0ef13eaeee5b615fb07c9a7dadb38eac06a0608b41570d8ade51c56539e509d", + "sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca", + "sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a", + "sha256:cfad01eed2c2e0c01fd0ecd2ef42c492f7f93902e39a42fc9ee1692961443a29", + "sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe", + "sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798", + "sha256:e07c3764494e3776c602c1e78e298937c3315ccc9043ead7e685b7f2b8d47b3c", + "sha256:e17c96c14e19278594aa4841ec148115f9c7615a47382ecb6b82bd8fea3ab0c8", + "sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f", + "sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f", + "sha256:eaa0a10b7f72326f1372a713e73c3f739b524b3af41feb43e4921cb529f5929a", + "sha256:eb7972a85c54febfb25b5c4b4f3af4dcc731994c7da0d8a0b4a6eb0640e1d178", + "sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0", + "sha256:f3818cb119498c0678015754eba762e0d61e5b52d34c8b13d770f0719f7b1d79", + "sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430", + "sha256:fcabf5ff6eea076f859677f5f0b6b5c1a51e70a376b0579e0eadef8db48c6b50" ], - "markers": "python_version >= '3.7'", - "version": "==2.1.5" + "markers": "python_version >= '3.9'", + "version": "==3.0.2" }, "mergedeep": { "hashes": [ @@ -396,11 +419,11 @@ }, "mkdocs": { "hashes": [ - "sha256:1eb5cb7676b7d89323e62b56235010216319217d4af5ddc543a91beb8d125ea7", - "sha256:a73f735824ef83a4f3bcb7a231dcab23f5a838f88b7efc54a0eef5fbdbc3c512" + "sha256:7b432f01d928c084353ab39c57282f29f92136665bdd6abf7c1ec8d822ef86f2", + "sha256:db91759624d1647f3f34aa0c3f327dd2601beae39a366d6e064c03468d35c20e" ], "markers": "python_version >= '3.8'", - "version": "==1.6.0" + "version": "==1.6.1" }, "mkdocs-get-deps": { "hashes": [ @@ -412,30 +435,38 @@ }, "mkdocs-git-authors-plugin": { "hashes": [ - "sha256:380730a05eeb947a7e84be05fdb1c5ae2a7bc70fd9f6eda941f187c87ae37052", - "sha256:6161f63b87064481a48d9ad01c23e43c3e758930c3a9cc167fe482909ceb9eac" + "sha256:60b291603479c765c3ca49fc4bda88a58989d9703c5e396fa1e81ae7de8a2836", + "sha256:b719fdab2199dc1633c4f69296ac66ec4adb6365ddd998409aefc87b1d2790ac" ], "index": "pypi", - "markers": "python_version >= '3.7'", - "version": "==0.9.0" + "markers": "python_version >= '3.8'", + "version": "==0.9.1" }, "mkdocs-git-revision-date-localized-plugin": { "hashes": [ - "sha256:e432942ce4ee8aa9b9f4493e993dee9d2cc08b3ea2b40a3d6b03ca0f2a4bcaa2", - "sha256:f015cb0f3894a39b33447b18e270ae391c4e25275cac5a626e80b243784e2692" + "sha256:439e2f14582204050a664c258861c325064d97cdc848c541e48bb034a6c4d0cb", + "sha256:c99377ee119372d57a9e47cff4e68f04cce634a74831c06bc89b33e456e840a1" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==1.2.6" + "version": "==1.3.0" + }, + "mkdocs-glightbox": { + "hashes": [ + "sha256:392b34207bf95991071a16d5f8916d1d2f2cd5d5bb59ae2997485ccd778c70d9", + "sha256:e0107beee75d3eb7380ac06ea2d6eac94c999eaa49f8c3cbab0e7be2ac006ccf" + ], + "index": "pypi", + "version": "==0.4.0" }, "mkdocs-macros-plugin": { "hashes": [ - "sha256:f60e26f711f5a830ddf1e7980865bf5c0f1180db56109803cdd280073c1a050a", - "sha256:fe348d75f01c911f362b6d998c57b3d85b505876dde69db924f2c512c395c328" + "sha256:02432033a5b77fb247d6ec7924e72fc4ceec264165b1644ab8d0dc159c22ce59", + "sha256:17c7fd1a49b94defcdb502fd453d17a1e730f8836523379d21292eb2be4cb523" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==1.0.5" + "version": "==1.3.7" }, "mkdocs-material": { "extras": [ @@ -454,74 +485,82 @@ }, "mkdocs-rss-plugin": { "hashes": [ - "sha256:7308ac13f0976c0479db5a62cb7ef9b10fdd74b6521e459bb66a13e2cfe69d4b", - "sha256:92995ed6c77b2ae1f5f2913e62282c27e50c35d618c4291b5b939e50badd7504" + "sha256:be66b11300f1e951d3393ce8da60ca6d730108f731434cc256670b3b8e0cffb3", + "sha256:f0e275c933be69a77ee7af92256d88e2969e10c36c5ee1ecdb663a4ea4aa08ea" ], "index": "pypi", - "markers": "python_version >= '3.8' and python_version < '4'", - "version": "==1.15.0" + "markers": "python_version >= '3.9' and python_version < '4'", + "version": "==1.16.0" }, "msgpack": { "hashes": [ - "sha256:00e073efcba9ea99db5acef3959efa45b52bc67b61b00823d2a1a6944bf45982", - "sha256:0726c282d188e204281ebd8de31724b7d749adebc086873a59efb8cf7ae27df3", - "sha256:0ceea77719d45c839fd73abcb190b8390412a890df2f83fb8cf49b2a4b5c2f40", - "sha256:114be227f5213ef8b215c22dde19532f5da9652e56e8ce969bf0a26d7c419fee", - "sha256:13577ec9e247f8741c84d06b9ece5f654920d8365a4b636ce0e44f15e07ec693", - "sha256:1876b0b653a808fcd50123b953af170c535027bf1d053b59790eebb0aeb38950", - "sha256:1ab0bbcd4d1f7b6991ee7c753655b481c50084294218de69365f8f1970d4c151", - "sha256:1cce488457370ffd1f953846f82323cb6b2ad2190987cd4d70b2713e17268d24", - "sha256:26ee97a8261e6e35885c2ecd2fd4a6d38252246f94a2aec23665a4e66d066305", - "sha256:3528807cbbb7f315bb81959d5961855e7ba52aa60a3097151cb21956fbc7502b", - "sha256:374a8e88ddab84b9ada695d255679fb99c53513c0a51778796fcf0944d6c789c", - "sha256:376081f471a2ef24828b83a641a02c575d6103a3ad7fd7dade5486cad10ea659", - "sha256:3923a1778f7e5ef31865893fdca12a8d7dc03a44b33e2a5f3295416314c09f5d", - "sha256:4916727e31c28be8beaf11cf117d6f6f188dcc36daae4e851fee88646f5b6b18", - "sha256:493c5c5e44b06d6c9268ce21b302c9ca055c1fd3484c25ba41d34476c76ee746", - "sha256:505fe3d03856ac7d215dbe005414bc28505d26f0c128906037e66d98c4e95868", - "sha256:5845fdf5e5d5b78a49b826fcdc0eb2e2aa7191980e3d2cfd2a30303a74f212e2", - "sha256:5c330eace3dd100bdb54b5653b966de7f51c26ec4a7d4e87132d9b4f738220ba", - "sha256:5dbf059fb4b7c240c873c1245ee112505be27497e90f7c6591261c7d3c3a8228", - "sha256:5e390971d082dba073c05dbd56322427d3280b7cc8b53484c9377adfbae67dc2", - "sha256:5fbb160554e319f7b22ecf530a80a3ff496d38e8e07ae763b9e82fadfe96f273", - "sha256:64d0fcd436c5683fdd7c907eeae5e2cbb5eb872fafbc03a43609d7941840995c", - "sha256:69284049d07fce531c17404fcba2bb1df472bc2dcdac642ae71a2d079d950653", - "sha256:6a0e76621f6e1f908ae52860bdcb58e1ca85231a9b0545e64509c931dd34275a", - "sha256:73ee792784d48aa338bba28063e19a27e8d989344f34aad14ea6e1b9bd83f596", - "sha256:74398a4cf19de42e1498368c36eed45d9528f5fd0155241e82c4082b7e16cffd", - "sha256:7938111ed1358f536daf311be244f34df7bf3cdedb3ed883787aca97778b28d8", - "sha256:82d92c773fbc6942a7a8b520d22c11cfc8fd83bba86116bfcf962c2f5c2ecdaa", - "sha256:83b5c044f3eff2a6534768ccfd50425939e7a8b5cf9a7261c385de1e20dcfc85", - "sha256:8db8e423192303ed77cff4dce3a4b88dbfaf43979d280181558af5e2c3c71afc", - "sha256:9517004e21664f2b5a5fd6333b0731b9cf0817403a941b393d89a2f1dc2bd836", - "sha256:95c02b0e27e706e48d0e5426d1710ca78e0f0628d6e89d5b5a5b91a5f12274f3", - "sha256:99881222f4a8c2f641f25703963a5cefb076adffd959e0558dc9f803a52d6a58", - "sha256:9ee32dcb8e531adae1f1ca568822e9b3a738369b3b686d1477cbc643c4a9c128", - "sha256:a22e47578b30a3e199ab067a4d43d790249b3c0587d9a771921f86250c8435db", - "sha256:b5505774ea2a73a86ea176e8a9a4a7c8bf5d521050f0f6f8426afe798689243f", - "sha256:bd739c9251d01e0279ce729e37b39d49a08c0420d3fee7f2a4968c0576678f77", - "sha256:d16a786905034e7e34098634b184a7d81f91d4c3d246edc6bd7aefb2fd8ea6ad", - "sha256:d3420522057ebab1728b21ad473aa950026d07cb09da41103f8e597dfbfaeb13", - "sha256:d56fd9f1f1cdc8227d7b7918f55091349741904d9520c65f0139a9755952c9e8", - "sha256:d661dc4785affa9d0edfdd1e59ec056a58b3dbb9f196fa43587f3ddac654ac7b", - "sha256:dfe1f0f0ed5785c187144c46a292b8c34c1295c01da12e10ccddfc16def4448a", - "sha256:e1dd7839443592d00e96db831eddb4111a2a81a46b028f0facd60a09ebbdd543", - "sha256:e2872993e209f7ed04d963e4b4fbae72d034844ec66bc4ca403329db2074377b", - "sha256:e2f879ab92ce502a1e65fce390eab619774dda6a6ff719718069ac94084098ce", - "sha256:e3aa7e51d738e0ec0afbed661261513b38b3014754c9459508399baf14ae0c9d", - "sha256:e532dbd6ddfe13946de050d7474e3f5fb6ec774fbb1a188aaf469b08cf04189a", - "sha256:e6b7842518a63a9f17107eb176320960ec095a8ee3b4420b5f688e24bf50c53c", - "sha256:e75753aeda0ddc4c28dce4c32ba2f6ec30b1b02f6c0b14e547841ba5b24f753f", - "sha256:eadb9f826c138e6cf3c49d6f8de88225a3c0ab181a9b4ba792e006e5292d150e", - "sha256:ed59dd52075f8fc91da6053b12e8c89e37aa043f8986efd89e61fae69dc1b011", - "sha256:ef254a06bcea461e65ff0373d8a0dd1ed3aa004af48839f002a0c994a6f72d04", - "sha256:f3709997b228685fe53e8c433e2df9f0cdb5f4542bd5114ed17ac3c0129b0480", - "sha256:f51bab98d52739c50c56658cc303f190785f9a2cd97b823357e7aeae54c8f68a", - "sha256:f9904e24646570539a8950400602d66d2b2c492b9010ea7e965025cb71d0c86d", - "sha256:f9af38a89b6a5c04b7d18c492c8ccf2aee7048aff1ce8437c4683bb5a1df893d" + "sha256:06f5fd2f6bb2a7914922d935d3b8bb4a7fff3a9a91cfce6d06c13bc42bec975b", + "sha256:071603e2f0771c45ad9bc65719291c568d4edf120b44eb36324dcb02a13bfddf", + "sha256:0907e1a7119b337971a689153665764adc34e89175f9a34793307d9def08e6ca", + "sha256:0f92a83b84e7c0749e3f12821949d79485971f087604178026085f60ce109330", + "sha256:115a7af8ee9e8cddc10f87636767857e7e3717b7a2e97379dc2054712693e90f", + "sha256:13599f8829cfbe0158f6456374e9eea9f44eee08076291771d8ae93eda56607f", + "sha256:17fb65dd0bec285907f68b15734a993ad3fc94332b5bb21b0435846228de1f39", + "sha256:2137773500afa5494a61b1208619e3871f75f27b03bcfca7b3a7023284140247", + "sha256:3180065ec2abbe13a4ad37688b61b99d7f9e012a535b930e0e683ad6bc30155b", + "sha256:398b713459fea610861c8a7b62a6fec1882759f308ae0795b5413ff6a160cf3c", + "sha256:3d364a55082fb2a7416f6c63ae383fbd903adb5a6cf78c5b96cc6316dc1cedc7", + "sha256:3df7e6b05571b3814361e8464f9304c42d2196808e0119f55d0d3e62cd5ea044", + "sha256:41c991beebf175faf352fb940bf2af9ad1fb77fd25f38d9142053914947cdbf6", + "sha256:42f754515e0f683f9c79210a5d1cad631ec3d06cea5172214d2176a42e67e19b", + "sha256:452aff037287acb1d70a804ffd022b21fa2bb7c46bee884dbc864cc9024128a0", + "sha256:4676e5be1b472909b2ee6356ff425ebedf5142427842aa06b4dfd5117d1ca8a2", + "sha256:46c34e99110762a76e3911fc923222472c9d681f1094096ac4102c18319e6468", + "sha256:471e27a5787a2e3f974ba023f9e265a8c7cfd373632247deb225617e3100a3c7", + "sha256:4a1964df7b81285d00a84da4e70cb1383f2e665e0f1f2a7027e683956d04b734", + "sha256:4b51405e36e075193bc051315dbf29168d6141ae2500ba8cd80a522964e31434", + "sha256:4d1b7ff2d6146e16e8bd665ac726a89c74163ef8cd39fa8c1087d4e52d3a2325", + "sha256:53258eeb7a80fc46f62fd59c876957a2d0e15e6449a9e71842b6d24419d88ca1", + "sha256:534480ee5690ab3cbed89d4c8971a5c631b69a8c0883ecfea96c19118510c846", + "sha256:58638690ebd0a06427c5fe1a227bb6b8b9fdc2bd07701bec13c2335c82131a88", + "sha256:58dfc47f8b102da61e8949708b3eafc3504509a5728f8b4ddef84bd9e16ad420", + "sha256:59caf6a4ed0d164055ccff8fe31eddc0ebc07cf7326a2aaa0dbf7a4001cd823e", + "sha256:5dbad74103df937e1325cc4bfeaf57713be0b4f15e1c2da43ccdd836393e2ea2", + "sha256:5e1da8f11a3dd397f0a32c76165cf0c4eb95b31013a94f6ecc0b280c05c91b59", + "sha256:646afc8102935a388ffc3914b336d22d1c2d6209c773f3eb5dd4d6d3b6f8c1cb", + "sha256:64fc9068d701233effd61b19efb1485587560b66fe57b3e50d29c5d78e7fef68", + "sha256:65553c9b6da8166e819a6aa90ad15288599b340f91d18f60b2061f402b9a4915", + "sha256:685ec345eefc757a7c8af44a3032734a739f8c45d1b0ac45efc5d8977aa4720f", + "sha256:6ad622bf7756d5a497d5b6836e7fc3752e2dd6f4c648e24b1803f6048596f701", + "sha256:73322a6cc57fcee3c0c57c4463d828e9428275fb85a27aa2aa1a92fdc42afd7b", + "sha256:74bed8f63f8f14d75eec75cf3d04ad581da6b914001b474a5d3cd3372c8cc27d", + "sha256:79ec007767b9b56860e0372085f8504db5d06bd6a327a335449508bbee9648fa", + "sha256:7a946a8992941fea80ed4beae6bff74ffd7ee129a90b4dd5cf9c476a30e9708d", + "sha256:7ad442d527a7e358a469faf43fda45aaf4ac3249c8310a82f0ccff9164e5dccd", + "sha256:7c9a35ce2c2573bada929e0b7b3576de647b0defbd25f5139dcdaba0ae35a4cc", + "sha256:7e7b853bbc44fb03fbdba34feb4bd414322180135e2cb5164f20ce1c9795ee48", + "sha256:879a7b7b0ad82481c52d3c7eb99bf6f0645dbdec5134a4bddbd16f3506947feb", + "sha256:8a706d1e74dd3dea05cb54580d9bd8b2880e9264856ce5068027eed09680aa74", + "sha256:8a84efb768fb968381e525eeeb3d92857e4985aacc39f3c47ffd00eb4509315b", + "sha256:8cf9e8c3a2153934a23ac160cc4cba0ec035f6867c8013cc6077a79823370346", + "sha256:8da4bf6d54ceed70e8861f833f83ce0814a2b72102e890cbdfe4b34764cdd66e", + "sha256:8e59bca908d9ca0de3dc8684f21ebf9a690fe47b6be93236eb40b99af28b6ea6", + "sha256:914571a2a5b4e7606997e169f64ce53a8b1e06f2cf2c3a7273aa106236d43dd5", + "sha256:a51abd48c6d8ac89e0cfd4fe177c61481aca2d5e7ba42044fd218cfd8ea9899f", + "sha256:a52a1f3a5af7ba1c9ace055b659189f6c669cf3657095b50f9602af3a3ba0fe5", + "sha256:ad33e8400e4ec17ba782f7b9cf868977d867ed784a1f5f2ab46e7ba53b6e1e1b", + "sha256:b4c01941fd2ff87c2a934ee6055bda4ed353a7846b8d4f341c428109e9fcde8c", + "sha256:bce7d9e614a04d0883af0b3d4d501171fbfca038f12c77fa838d9f198147a23f", + "sha256:c40ffa9a15d74e05ba1fe2681ea33b9caffd886675412612d93ab17b58ea2fec", + "sha256:c5a91481a3cc573ac8c0d9aace09345d989dc4a0202b7fcb312c88c26d4e71a8", + "sha256:c921af52214dcbb75e6bdf6a661b23c3e6417f00c603dd2070bccb5c3ef499f5", + "sha256:d46cf9e3705ea9485687aa4001a76e44748b609d260af21c4ceea7f2212a501d", + "sha256:d8ce0b22b890be5d252de90d0e0d119f363012027cf256185fc3d474c44b1b9e", + "sha256:dd432ccc2c72b914e4cb77afce64aab761c1137cc698be3984eee260bcb2896e", + "sha256:e0856a2b7e8dcb874be44fea031d22e5b3a19121be92a1e098f46068a11b0870", + "sha256:e1f3c3d21f7cf67bcf2da8e494d30a75e4cf60041d98b3f79875afb5b96f3a3f", + "sha256:f1ba6136e650898082d9d5a5217d5906d1e138024f836ff48691784bbe1adf96", + "sha256:f3e9b4936df53b970513eac1758f3882c88658a220b58dcc1e39606dccaaf01c", + "sha256:f80bc7d47f76089633763f952e67f8214cb7b3ee6bfa489b3cb6a84cfac114cd", + "sha256:fd2906780f25c8ed5d7b323379f6138524ba793428db5d0e9d226d3fa6aa1788" ], "markers": "python_version >= '3.8'", - "version": "==1.0.8" + "version": "==1.1.0" }, "packaging": { "hashes": [ @@ -533,9 +572,10 @@ }, "paginate": { "hashes": [ - "sha256:5e6007b6a9398177a7e1648d04fdd9f8c9766a1a945bceac82f1929e8c78af2d" + "sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945", + "sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591" ], - "version": "==0.5.6" + "version": "==0.5.7" }, "pathspec": { "hashes": [ @@ -632,11 +672,11 @@ }, "platformdirs": { "hashes": [ - "sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee", - "sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3" + "sha256:357fb2acbc885b0419afd3ce3ed34564c13c9b95c89360cd9563f73aa5e2b907", + "sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb" ], "markers": "python_version >= '3.8'", - "version": "==4.2.2" + "version": "==4.3.6" }, "pycparser": { "hashes": [ @@ -656,11 +696,11 @@ }, "pymdown-extensions": { "hashes": [ - "sha256:6ff740bcd99ec4172a938970d42b96128bdc9d4b9bcad72494f29921dc69b753", - "sha256:d323f7e90d83c86113ee78f3fe62fc9dee5f56b54d912660703ea1816fed5626" + "sha256:41cdde0a77290e480cf53892f5c5e50921a7ee3e5cd60ba91bf19837b33badcf", + "sha256:bc8847ecc9e784a098efd35e20cba772bc5a1b529dfcef9dc1972db9021a1049" ], "markers": "python_version >= '3.8'", - "version": "==10.9" + "version": "==10.11.2" }, "python-dateutil": { "hashes": [ @@ -672,11 +712,11 @@ }, "pytz": { "hashes": [ - "sha256:2a29735ea9c18baf14b448846bde5a48030ed267578472d8955cd0e7443a9812", - "sha256:328171f4e3623139da4983451950b28e95ac706e13f3f2630a879749e7a8b319" + "sha256:2aa355083c50a0f93fa581709deac0c9ad65cca8a9e9beac660adcbd493c798a", + "sha256:31c7c1817eb7fae7ca4b8c7ee50c72f93aa2dd863de768e1ef4245d426aa0725" ], "markers": "python_version < '3.9'", - "version": "==2024.1" + "version": "==2024.2" }, "pyyaml": { "hashes": [ @@ -747,88 +787,103 @@ }, "regex": { "hashes": [ - "sha256:01b689e887f612610c869421241e075c02f2e3d1ae93a037cb14f88ab6a8934c", - "sha256:04ce29e2c5fedf296b1a1b0acc1724ba93a36fb14031f3abfb7abda2806c1535", - "sha256:0ffe3f9d430cd37d8fa5632ff6fb36d5b24818c5c986893063b4e5bdb84cdf24", - "sha256:18300a1d78cf1290fa583cd8b7cde26ecb73e9f5916690cf9d42de569c89b1ce", - "sha256:185e029368d6f89f36e526764cf12bf8d6f0e3a2a7737da625a76f594bdfcbfc", - "sha256:19c65b00d42804e3fbea9708f0937d157e53429a39b7c61253ff15670ff62cb5", - "sha256:228b0d3f567fafa0633aee87f08b9276c7062da9616931382993c03808bb68ce", - "sha256:23acc72f0f4e1a9e6e9843d6328177ae3074b4182167e34119ec7233dfeccf53", - "sha256:25419b70ba00a16abc90ee5fce061228206173231f004437730b67ac77323f0d", - "sha256:2dfbb8baf8ba2c2b9aa2807f44ed272f0913eeeba002478c4577b8d29cde215c", - "sha256:2f1baff13cc2521bea83ab2528e7a80cbe0ebb2c6f0bfad15be7da3aed443908", - "sha256:33e2614a7ce627f0cdf2ad104797d1f68342d967de3695678c0cb84f530709f8", - "sha256:3426de3b91d1bc73249042742f45c2148803c111d1175b283270177fdf669024", - "sha256:382281306e3adaaa7b8b9ebbb3ffb43358a7bbf585fa93821300a418bb975281", - "sha256:3d974d24edb231446f708c455fd08f94c41c1ff4f04bcf06e5f36df5ef50b95a", - "sha256:3f3b6ca8eae6d6c75a6cff525c8530c60e909a71a15e1b731723233331de4169", - "sha256:3fac296f99283ac232d8125be932c5cd7644084a30748fda013028c815ba3364", - "sha256:416c0e4f56308f34cdb18c3f59849479dde5b19febdcd6e6fa4d04b6c31c9faa", - "sha256:438d9f0f4bc64e8dea78274caa5af971ceff0f8771e1a2333620969936ba10be", - "sha256:43affe33137fcd679bdae93fb25924979517e011f9dea99163f80b82eadc7e53", - "sha256:44fc61b99035fd9b3b9453f1713234e5a7c92a04f3577252b45feefe1b327759", - "sha256:45104baae8b9f67569f0f1dca5e1f1ed77a54ae1cd8b0b07aba89272710db61e", - "sha256:4fdd1384619f406ad9037fe6b6eaa3de2749e2e12084abc80169e8e075377d3b", - "sha256:538d30cd96ed7d1416d3956f94d54e426a8daf7c14527f6e0d6d425fcb4cca52", - "sha256:558a57cfc32adcf19d3f791f62b5ff564922942e389e3cfdb538a23d65a6b610", - "sha256:5eefee9bfe23f6df09ffb6dfb23809f4d74a78acef004aa904dc7c88b9944b05", - "sha256:64bd50cf16bcc54b274e20235bf8edbb64184a30e1e53873ff8d444e7ac656b2", - "sha256:65fd3d2e228cae024c411c5ccdffae4c315271eee4a8b839291f84f796b34eca", - "sha256:66b4c0731a5c81921e938dcf1a88e978264e26e6ac4ec96a4d21ae0354581ae0", - "sha256:68a8f8c046c6466ac61a36b65bb2395c74451df2ffb8458492ef49900efed293", - "sha256:6a1141a1dcc32904c47f6846b040275c6e5de0bf73f17d7a409035d55b76f289", - "sha256:6b9fc7e9cc983e75e2518496ba1afc524227c163e43d706688a6bb9eca41617e", - "sha256:6f51f9556785e5a203713f5efd9c085b4a45aecd2a42573e2b5041881b588d1f", - "sha256:7214477bf9bd195894cf24005b1e7b496f46833337b5dedb7b2a6e33f66d962c", - "sha256:731fcd76bbdbf225e2eb85b7c38da9633ad3073822f5ab32379381e8c3c12e94", - "sha256:74007a5b25b7a678459f06559504f1eec2f0f17bca218c9d56f6a0a12bfffdad", - "sha256:7a5486ca56c8869070a966321d5ab416ff0f83f30e0e2da1ab48815c8d165d46", - "sha256:7c479f5ae937ec9985ecaf42e2e10631551d909f203e31308c12d703922742f9", - "sha256:7df9ea48641da022c2a3c9c641650cd09f0cd15e8908bf931ad538f5ca7919c9", - "sha256:7e37e809b9303ec3a179085415cb5f418ecf65ec98cdfe34f6a078b46ef823ee", - "sha256:80c811cfcb5c331237d9bad3bea2c391114588cf4131707e84d9493064d267f9", - "sha256:836d3cc225b3e8a943d0b02633fb2f28a66e281290302a79df0e1eaa984ff7c1", - "sha256:84c312cdf839e8b579f504afcd7b65f35d60b6285d892b19adea16355e8343c9", - "sha256:86b17ba823ea76256b1885652e3a141a99a5c4422f4a869189db328321b73799", - "sha256:871e3ab2838fbcb4e0865a6e01233975df3a15e6fce93b6f99d75cacbd9862d1", - "sha256:88ecc3afd7e776967fa16c80f974cb79399ee8dc6c96423321d6f7d4b881c92b", - "sha256:8bc593dcce679206b60a538c302d03c29b18e3d862609317cb560e18b66d10cf", - "sha256:8fd5afd101dcf86a270d254364e0e8dddedebe6bd1ab9d5f732f274fa00499a5", - "sha256:945352286a541406f99b2655c973852da7911b3f4264e010218bbc1cc73168f2", - "sha256:973335b1624859cb0e52f96062a28aa18f3a5fc77a96e4a3d6d76e29811a0e6e", - "sha256:994448ee01864501912abf2bad9203bffc34158e80fe8bfb5b031f4f8e16da51", - "sha256:9cfd009eed1a46b27c14039ad5bbc5e71b6367c5b2e6d5f5da0ea91600817506", - "sha256:a2ec4419a3fe6cf8a4795752596dfe0adb4aea40d3683a132bae9c30b81e8d73", - "sha256:a4997716674d36a82eab3e86f8fa77080a5d8d96a389a61ea1d0e3a94a582cf7", - "sha256:a512eed9dfd4117110b1881ba9a59b31433caed0c4101b361f768e7bcbaf93c5", - "sha256:a82465ebbc9b1c5c50738536fdfa7cab639a261a99b469c9d4c7dcbb2b3f1e57", - "sha256:ae2757ace61bc4061b69af19e4689fa4416e1a04840f33b441034202b5cd02d4", - "sha256:b16582783f44fbca6fcf46f61347340c787d7530d88b4d590a397a47583f31dd", - "sha256:ba2537ef2163db9e6ccdbeb6f6424282ae4dea43177402152c67ef869cf3978b", - "sha256:bf7a89eef64b5455835f5ed30254ec19bf41f7541cd94f266ab7cbd463f00c41", - "sha256:c0abb5e4e8ce71a61d9446040c1e86d4e6d23f9097275c5bd49ed978755ff0fe", - "sha256:c414cbda77dbf13c3bc88b073a1a9f375c7b0cb5e115e15d4b73ec3a2fbc6f59", - "sha256:c51edc3541e11fbe83f0c4d9412ef6c79f664a3745fab261457e84465ec9d5a8", - "sha256:c5e69fd3eb0b409432b537fe3c6f44ac089c458ab6b78dcec14478422879ec5f", - "sha256:c918b7a1e26b4ab40409820ddccc5d49871a82329640f5005f73572d5eaa9b5e", - "sha256:c9bb87fdf2ab2370f21e4d5636e5317775e5d51ff32ebff2cf389f71b9b13750", - "sha256:ca5b2028c2f7af4e13fb9fc29b28d0ce767c38c7facdf64f6c2cd040413055f1", - "sha256:d0a07763776188b4db4c9c7fb1b8c494049f84659bb387b71c73bbc07f189e96", - "sha256:d33a0021893ede5969876052796165bab6006559ab845fd7b515a30abdd990dc", - "sha256:d55588cba7553f0b6ec33130bc3e114b355570b45785cebdc9daed8c637dd440", - "sha256:dac8e84fff5d27420f3c1e879ce9929108e873667ec87e0c8eeb413a5311adfe", - "sha256:eaef80eac3b4cfbdd6de53c6e108b4c534c21ae055d1dbea2de6b3b8ff3def38", - "sha256:eb462f0e346fcf41a901a126b50f8781e9a474d3927930f3490f38a6e73b6950", - "sha256:eb563dd3aea54c797adf513eeec819c4213d7dbfc311874eb4fd28d10f2ff0f2", - "sha256:f273674b445bcb6e4409bf8d1be67bc4b58e8b46fd0d560055d515b8830063cd", - "sha256:f6442f0f0ff81775eaa5b05af8a0ffa1dda36e9cf6ec1e0d3d245e8564b684ce", - "sha256:fb168b5924bef397b5ba13aabd8cf5df7d3d93f10218d7b925e360d436863f66", - "sha256:fbf8c2f00904eaf63ff37718eb13acf8e178cb940520e47b2f05027f5bb34ce3", - "sha256:fe4ebef608553aff8deb845c7f4f1d0740ff76fa672c011cc0bacb2a00fbde86" + "sha256:01c2acb51f8a7d6494c8c5eafe3d8e06d76563d8a8a4643b37e9b2dd8a2ff623", + "sha256:02087ea0a03b4af1ed6ebab2c54d7118127fee8d71b26398e8e4b05b78963199", + "sha256:040562757795eeea356394a7fb13076ad4f99d3c62ab0f8bdfb21f99a1f85664", + "sha256:042c55879cfeb21a8adacc84ea347721d3d83a159da6acdf1116859e2427c43f", + "sha256:079400a8269544b955ffa9e31f186f01d96829110a3bf79dc338e9910f794fca", + "sha256:07f45f287469039ffc2c53caf6803cd506eb5f5f637f1d4acb37a738f71dd066", + "sha256:09d77559e80dcc9d24570da3745ab859a9cf91953062e4ab126ba9d5993688ca", + "sha256:0cbff728659ce4bbf4c30b2a1be040faafaa9eca6ecde40aaff86f7889f4ab39", + "sha256:0e12c481ad92d129c78f13a2a3662317e46ee7ef96c94fd332e1c29131875b7d", + "sha256:0ea51dcc0835eea2ea31d66456210a4e01a076d820e9039b04ae8d17ac11dee6", + "sha256:0ffbcf9221e04502fc35e54d1ce9567541979c3fdfb93d2c554f0ca583a19b35", + "sha256:1494fa8725c285a81d01dc8c06b55287a1ee5e0e382d8413adc0a9197aac6408", + "sha256:16e13a7929791ac1216afde26f712802e3df7bf0360b32e4914dca3ab8baeea5", + "sha256:18406efb2f5a0e57e3a5881cd9354c1512d3bb4f5c45d96d110a66114d84d23a", + "sha256:18e707ce6c92d7282dfce370cd205098384b8ee21544e7cb29b8aab955b66fa9", + "sha256:220e92a30b426daf23bb67a7962900ed4613589bab80382be09b48896d211e92", + "sha256:23b30c62d0f16827f2ae9f2bb87619bc4fba2044911e2e6c2eb1af0161cdb766", + "sha256:23f9985c8784e544d53fc2930fc1ac1a7319f5d5332d228437acc9f418f2f168", + "sha256:297f54910247508e6e5cae669f2bc308985c60540a4edd1c77203ef19bfa63ca", + "sha256:2b08fce89fbd45664d3df6ad93e554b6c16933ffa9d55cb7e01182baaf971508", + "sha256:2cce2449e5927a0bf084d346da6cd5eb016b2beca10d0013ab50e3c226ffc0df", + "sha256:313ea15e5ff2a8cbbad96ccef6be638393041b0a7863183c2d31e0c6116688cf", + "sha256:323c1f04be6b2968944d730e5c2091c8c89767903ecaa135203eec4565ed2b2b", + "sha256:35f4a6f96aa6cb3f2f7247027b07b15a374f0d5b912c0001418d1d55024d5cb4", + "sha256:3b37fa423beefa44919e009745ccbf353d8c981516e807995b2bd11c2c77d268", + "sha256:3ce4f1185db3fbde8ed8aa223fc9620f276c58de8b0d4f8cc86fd1360829edb6", + "sha256:46989629904bad940bbec2106528140a218b4a36bb3042d8406980be1941429c", + "sha256:4838e24ee015101d9f901988001038f7f0d90dc0c3b115541a1365fb439add62", + "sha256:49b0e06786ea663f933f3710a51e9385ce0cba0ea56b67107fd841a55d56a231", + "sha256:4db21ece84dfeefc5d8a3863f101995de646c6cb0536952c321a2650aa202c36", + "sha256:54c4a097b8bc5bb0dfc83ae498061d53ad7b5762e00f4adaa23bee22b012e6ba", + "sha256:54d9ff35d4515debf14bc27f1e3b38bfc453eff3220f5bce159642fa762fe5d4", + "sha256:55b96e7ce3a69a8449a66984c268062fbaa0d8ae437b285428e12797baefce7e", + "sha256:57fdd2e0b2694ce6fc2e5ccf189789c3e2962916fb38779d3e3521ff8fe7a822", + "sha256:587d4af3979376652010e400accc30404e6c16b7df574048ab1f581af82065e4", + "sha256:5b513b6997a0b2f10e4fd3a1313568e373926e8c252bd76c960f96fd039cd28d", + "sha256:5ddcd9a179c0a6fa8add279a4444015acddcd7f232a49071ae57fa6e278f1f71", + "sha256:6113c008a7780792efc80f9dfe10ba0cd043cbf8dc9a76ef757850f51b4edc50", + "sha256:635a1d96665f84b292e401c3d62775851aedc31d4f8784117b3c68c4fcd4118d", + "sha256:64ce2799bd75039b480cc0360907c4fb2f50022f030bf9e7a8705b636e408fad", + "sha256:69dee6a020693d12a3cf892aba4808fe168d2a4cef368eb9bf74f5398bfd4ee8", + "sha256:6a2644a93da36c784e546de579ec1806bfd2763ef47babc1b03d765fe560c9f8", + "sha256:6b41e1adc61fa347662b09398e31ad446afadff932a24807d3ceb955ed865cc8", + "sha256:6c188c307e8433bcb63dc1915022deb553b4203a70722fc542c363bf120a01fd", + "sha256:6edd623bae6a737f10ce853ea076f56f507fd7726bee96a41ee3d68d347e4d16", + "sha256:73d6d2f64f4d894c96626a75578b0bf7d9e56dcda8c3d037a2118fdfe9b1c664", + "sha256:7a22ccefd4db3f12b526eccb129390942fe874a3a9fdbdd24cf55773a1faab1a", + "sha256:7fb89ee5d106e4a7a51bce305ac4efb981536301895f7bdcf93ec92ae0d91c7f", + "sha256:846bc79ee753acf93aef4184c040d709940c9d001029ceb7b7a52747b80ed2dd", + "sha256:85ab7824093d8f10d44330fe1e6493f756f252d145323dd17ab6b48733ff6c0a", + "sha256:8dee5b4810a89447151999428fe096977346cf2f29f4d5e29609d2e19e0199c9", + "sha256:8e5fb5f77c8745a60105403a774fe2c1759b71d3e7b4ca237a5e67ad066c7199", + "sha256:98eeee2f2e63edae2181c886d7911ce502e1292794f4c5ee71e60e23e8d26b5d", + "sha256:9d4a76b96f398697fe01117093613166e6aa8195d63f1b4ec3f21ab637632963", + "sha256:9e8719792ca63c6b8340380352c24dcb8cd7ec49dae36e963742a275dfae6009", + "sha256:a0b2b80321c2ed3fcf0385ec9e51a12253c50f146fddb2abbb10f033fe3d049a", + "sha256:a4cc92bb6db56ab0c1cbd17294e14f5e9224f0cc6521167ef388332604e92679", + "sha256:a738b937d512b30bf75995c0159c0ddf9eec0775c9d72ac0202076c72f24aa96", + "sha256:a8f877c89719d759e52783f7fe6e1c67121076b87b40542966c02de5503ace42", + "sha256:a906ed5e47a0ce5f04b2c981af1c9acf9e8696066900bf03b9d7879a6f679fc8", + "sha256:ae2941333154baff9838e88aa71c1d84f4438189ecc6021a12c7573728b5838e", + "sha256:b0d0a6c64fcc4ef9c69bd5b3b3626cc3776520a1637d8abaa62b9edc147a58f7", + "sha256:b5b029322e6e7b94fff16cd120ab35a253236a5f99a79fb04fda7ae71ca20ae8", + "sha256:b7aaa315101c6567a9a45d2839322c51c8d6e81f67683d529512f5bcfb99c802", + "sha256:be1c8ed48c4c4065ecb19d882a0ce1afe0745dfad8ce48c49586b90a55f02366", + "sha256:c0256beda696edcf7d97ef16b2a33a8e5a875affd6fa6567b54f7c577b30a137", + "sha256:c157bb447303070f256e084668b702073db99bbb61d44f85d811025fcf38f784", + "sha256:c57d08ad67aba97af57a7263c2d9006d5c404d721c5f7542f077f109ec2a4a29", + "sha256:c69ada171c2d0e97a4b5aa78fbb835e0ffbb6b13fc5da968c09811346564f0d3", + "sha256:c94bb0a9f1db10a1d16c00880bdebd5f9faf267273b8f5bd1878126e0fbde771", + "sha256:cb130fccd1a37ed894824b8c046321540263013da72745d755f2d35114b81a60", + "sha256:ced479f601cd2f8ca1fd7b23925a7e0ad512a56d6e9476f79b8f381d9d37090a", + "sha256:d05ac6fa06959c4172eccd99a222e1fbf17b5670c4d596cb1e5cde99600674c4", + "sha256:d552c78411f60b1fdaafd117a1fca2f02e562e309223b9d44b7de8be451ec5e0", + "sha256:dd4490a33eb909ef5078ab20f5f000087afa2a4daa27b4c072ccb3cb3050ad84", + "sha256:df5cbb1fbc74a8305b6065d4ade43b993be03dbe0f8b30032cced0d7740994bd", + "sha256:e28f9faeb14b6f23ac55bfbbfd3643f5c7c18ede093977f1df249f73fd22c7b1", + "sha256:e464b467f1588e2c42d26814231edecbcfe77f5ac414d92cbf4e7b55b2c2a776", + "sha256:e4c22e1ac1f1ec1e09f72e6c44d8f2244173db7eb9629cc3a346a8d7ccc31142", + "sha256:e53b5fbab5d675aec9f0c501274c467c0f9a5d23696cfc94247e1fb56501ed89", + "sha256:e93f1c331ca8e86fe877a48ad64e77882c0c4da0097f2212873a69bbfea95d0c", + "sha256:e997fd30430c57138adc06bba4c7c2968fb13d101e57dd5bb9355bf8ce3fa7e8", + "sha256:e9a091b0550b3b0207784a7d6d0f1a00d1d1c8a11699c1a4d93db3fbefc3ad35", + "sha256:eab4bb380f15e189d1313195b062a6aa908f5bd687a0ceccd47c8211e9cf0d4a", + "sha256:eb1ae19e64c14c7ec1995f40bd932448713d3c73509e82d8cd7744dc00e29e86", + "sha256:ecea58b43a67b1b79805f1a0255730edaf5191ecef84dbc4cc85eb30bc8b63b9", + "sha256:ee439691d8c23e76f9802c42a95cfeebf9d47cf4ffd06f18489122dbb0a7ad64", + "sha256:eee9130eaad130649fd73e5cd92f60e55708952260ede70da64de420cdcad554", + "sha256:f47cd43a5bfa48f86925fe26fbdd0a488ff15b62468abb5d2a1e092a4fb10e85", + "sha256:f6fff13ef6b5f29221d6904aa816c34701462956aa72a77f1f151a8ec4f56aeb", + "sha256:f745ec09bc1b0bd15cfc73df6fa4f726dcc26bb16c23a03f9e3367d357eeedd0", + "sha256:f8404bf61298bb6f8224bb9176c1424548ee1181130818fcd2cbffddc768bed8", + "sha256:f9268774428ec173654985ce55fc6caf4c6d11ade0f6f914d48ef4719eb05ebb", + "sha256:faa3c142464efec496967359ca99696c896c591c56c53506bac1ad465f66e919" ], "markers": "python_version >= '3.8'", - "version": "==2024.7.24" + "version": "==2024.9.11" }, "requests": { "hashes": [ @@ -854,67 +909,73 @@ "markers": "python_version >= '3.7'", "version": "==5.0.1" }, - "termcolor": { + "super-collections": { "hashes": [ - "sha256:9297c0df9c99445c2412e832e882a7884038a25617c60cea2ad69488d4040d63", - "sha256:aab9e56047c8ac41ed798fa36d892a37aca6b3e9159f3e0c24bc64a9b3ac7b7a" + "sha256:907d35b25dc4070910e8254bf2f5c928348af1cf8a1f1e8259e06c666e902cff", + "sha256:94c1ec96c0a0d5e8e7d389ed8cde6882ac246940507c5e6b86e91945c2968d46" ], "markers": "python_version >= '3.8'", - "version": "==2.4.0" + "version": "==0.5.3" + }, + "termcolor": { + "hashes": [ + "sha256:37b17b5fc1e604945c2642c872a3764b5d547a48009871aea3edd3afa180afb8", + "sha256:998d8d27da6d48442e8e1f016119076b690d962507531df4890fcd2db2ef8a6f" + ], + "markers": "python_version >= '3.9'", + "version": "==2.5.0" }, "tinycss2": { "hashes": [ - "sha256:152f9acabd296a8375fbca5b84c961ff95971fcfc32e79550c8df8e29118c54d", - "sha256:54a8dbdffb334d536851be0226030e9505965bb2f30f21a4a82c55fb2a80fae7" + "sha256:10c0972f6fc0fbee87c3edb76549357415e94548c1ae10ebccdea16fb404a9b7", + "sha256:3a49cf47b7675da0b15d0c6e1df8df4ebd96e9394bb905a5775adb0d884c5289" ], "markers": "python_version >= '3.8'", - "version": "==1.3.0" + "version": "==1.4.0" }, "urllib3": { "hashes": [ - "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472", - "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168" + "sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac", + "sha256:e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9" ], "markers": "python_version >= '3.8'", - "version": "==2.2.2" + "version": "==2.2.3" }, "watchdog": { "hashes": [ - "sha256:0144c0ea9997b92615af1d94afc0c217e07ce2c14912c7b1a5731776329fcfc7", - "sha256:03e70d2df2258fb6cb0e95bbdbe06c16e608af94a3ffbd2b90c3f1e83eb10767", - "sha256:093b23e6906a8b97051191a4a0c73a77ecc958121d42346274c6af6520dec175", - "sha256:123587af84260c991dc5f62a6e7ef3d1c57dfddc99faacee508c71d287248459", - "sha256:17e32f147d8bf9657e0922c0940bcde863b894cd871dbb694beb6704cfbd2fb5", - "sha256:206afc3d964f9a233e6ad34618ec60b9837d0582b500b63687e34011e15bb429", - "sha256:4107ac5ab936a63952dea2a46a734a23230aa2f6f9db1291bf171dac3ebd53c6", - "sha256:4513ec234c68b14d4161440e07f995f231be21a09329051e67a2118a7a612d2d", - "sha256:611be3904f9843f0529c35a3ff3fd617449463cb4b73b1633950b3d97fa4bfb7", - "sha256:62c613ad689ddcb11707f030e722fa929f322ef7e4f18f5335d2b73c61a85c28", - "sha256:667f3c579e813fcbad1b784db7a1aaa96524bed53437e119f6a2f5de4db04235", - "sha256:6e8c70d2cd745daec2a08734d9f63092b793ad97612470a0ee4cbb8f5f705c57", - "sha256:7577b3c43e5909623149f76b099ac49a1a01ca4e167d1785c76eb52fa585745a", - "sha256:998d2be6976a0ee3a81fb8e2777900c28641fb5bfbd0c84717d89bca0addcdc5", - "sha256:a3c2c317a8fb53e5b3d25790553796105501a235343f5d2bf23bb8649c2c8709", - "sha256:ab998f567ebdf6b1da7dc1e5accfaa7c6992244629c0fdaef062f43249bd8dee", - "sha256:ac7041b385f04c047fcc2951dc001671dee1b7e0615cde772e84b01fbf68ee84", - "sha256:bca36be5707e81b9e6ce3208d92d95540d4ca244c006b61511753583c81c70dd", - "sha256:c9904904b6564d4ee8a1ed820db76185a3c96e05560c776c79a6ce5ab71888ba", - "sha256:cad0bbd66cd59fc474b4a4376bc5ac3fc698723510cbb64091c2a793b18654db", - "sha256:d10a681c9a1d5a77e75c48a3b8e1a9f2ae2928eda463e8d33660437705659682", - "sha256:d4925e4bf7b9bddd1c3de13c9b8a2cdb89a468f640e66fbfabaf735bd85b3e35", - "sha256:d7b9f5f3299e8dd230880b6c55504a1f69cf1e4316275d1b215ebdd8187ec88d", - "sha256:da2dfdaa8006eb6a71051795856bedd97e5b03e57da96f98e375682c48850645", - "sha256:dddba7ca1c807045323b6af4ff80f5ddc4d654c8bce8317dde1bd96b128ed253", - "sha256:e7921319fe4430b11278d924ef66d4daa469fafb1da679a2e48c935fa27af193", - "sha256:e93f451f2dfa433d97765ca2634628b789b49ba8b504fdde5837cdcf25fdb53b", - "sha256:eebaacf674fa25511e8867028d281e602ee6500045b57f43b08778082f7f8b44", - "sha256:ef0107bbb6a55f5be727cfc2ef945d5676b97bffb8425650dadbb184be9f9a2b", - "sha256:f0de0f284248ab40188f23380b03b59126d1479cd59940f2a34f8852db710625", - "sha256:f27279d060e2ab24c0aa98363ff906d2386aa6c4dc2f1a374655d4e02a6c5e5e", - "sha256:f8affdf3c0f0466e69f5b3917cdd042f89c8c63aebdb9f7c078996f607cdb0f5" + "sha256:0f9332243355643d567697c3e3fa07330a1d1abf981611654a1f2bf2175612b7", + "sha256:1021223c08ba8d2d38d71ec1704496471ffd7be42cfb26b87cd5059323a389a1", + "sha256:108f42a7f0345042a854d4d0ad0834b741d421330d5f575b81cb27b883500176", + "sha256:1e9679245e3ea6498494b3028b90c7b25dbb2abe65c7d07423ecfc2d6218ff7c", + "sha256:223160bb359281bb8e31c8f1068bf71a6b16a8ad3d9524ca6f523ac666bb6a1e", + "sha256:26dd201857d702bdf9d78c273cafcab5871dd29343748524695cecffa44a8d97", + "sha256:294b7a598974b8e2c6123d19ef15de9abcd282b0fbbdbc4d23dfa812959a9e05", + "sha256:349c9488e1d85d0a58e8cb14222d2c51cbc801ce11ac3936ab4c3af986536926", + "sha256:49f4d36cb315c25ea0d946e018c01bb028048023b9e103d3d3943f58e109dd45", + "sha256:53a3f10b62c2d569e260f96e8d966463dec1a50fa4f1b22aec69e3f91025060e", + "sha256:53adf73dcdc0ef04f7735066b4a57a4cd3e49ef135daae41d77395f0b5b692cb", + "sha256:560135542c91eaa74247a2e8430cf83c4342b29e8ad4f520ae14f0c8a19cfb5b", + "sha256:720ef9d3a4f9ca575a780af283c8fd3a0674b307651c1976714745090da5a9e8", + "sha256:752fb40efc7cc8d88ebc332b8f4bcbe2b5cc7e881bccfeb8e25054c00c994ee3", + "sha256:78864cc8f23dbee55be34cc1494632a7ba30263951b5b2e8fc8286b95845f82c", + "sha256:85527b882f3facda0579bce9d743ff7f10c3e1e0db0a0d0e28170a7d0e5ce2ea", + "sha256:90a67d7857adb1d985aca232cc9905dd5bc4803ed85cfcdcfcf707e52049eda7", + "sha256:91b522adc25614cdeaf91f7897800b82c13b4b8ac68a42ca959f992f6990c490", + "sha256:9413384f26b5d050b6978e6fcd0c1e7f0539be7a4f1a885061473c5deaa57221", + "sha256:94d11b07c64f63f49876e0ab8042ae034674c8653bfcdaa8c4b32e71cfff87e8", + "sha256:950f531ec6e03696a2414b6308f5c6ff9dab7821a768c9d5788b1314e9a46ca7", + "sha256:a2e8f3f955d68471fa37b0e3add18500790d129cc7efe89971b8a4cc6fdeb0b2", + "sha256:ae6deb336cba5d71476caa029ceb6e88047fc1dc74b62b7c4012639c0b563906", + "sha256:b8ca4d854adcf480bdfd80f46fdd6fb49f91dd020ae11c89b3a79e19454ec627", + "sha256:c66f80ee5b602a9c7ab66e3c9f36026590a0902db3aea414d59a2f55188c1f49", + "sha256:d52db5beb5e476e6853da2e2d24dbbbed6797b449c8bf7ea118a4ee0d2c9040e", + "sha256:dd021efa85970bd4824acacbb922066159d0f9e546389a4743d56919b6758b91", + "sha256:e25adddab85f674acac303cf1f5835951345a56c5f7f582987d266679979c75b", + "sha256:f00b4cf737f568be9665563347a910f8bdc76f88c2970121c86243c8cfdf90e9", + "sha256:f01f4a3565a387080dc49bdd1fefe4ecc77f894991b88ef927edbfa45eb10818" ], - "markers": "python_version >= '3.8'", - "version": "==4.0.1" + "markers": "python_version >= '3.9'", + "version": "==5.0.3" }, "webencodings": { "hashes": [ diff --git a/README.md b/README.md index abcf01aa..216635dc 100644 --- a/README.md +++ b/README.md @@ -30,8 +30,8 @@ - - + + diff --git a/blog/assets/images/onion-browser-review/21A92967-2E47-4317-AB2E-C0F732673C3E_1_102_o.jpeg b/blog/assets/images/onion-browser-review/21A92967-2E47-4317-AB2E-C0F732673C3E_1_102_o.jpeg new file mode 100644 index 00000000..69e8d5e0 Binary files /dev/null and b/blog/assets/images/onion-browser-review/21A92967-2E47-4317-AB2E-C0F732673C3E_1_102_o.jpeg differ diff --git a/blog/assets/images/onion-browser-review/2774018C-C4DD-419C-9D77-9BE8E5A51A19_1_102_o.jpeg b/blog/assets/images/onion-browser-review/2774018C-C4DD-419C-9D77-9BE8E5A51A19_1_102_o.jpeg new file mode 100644 index 00000000..accd4e92 Binary files /dev/null and b/blog/assets/images/onion-browser-review/2774018C-C4DD-419C-9D77-9BE8E5A51A19_1_102_o.jpeg differ diff --git a/blog/assets/images/onion-browser-review/51B33FA1-D9B4-4EF4-82C6-259568C845EC_1_102_o.jpeg b/blog/assets/images/onion-browser-review/51B33FA1-D9B4-4EF4-82C6-259568C845EC_1_102_o.jpeg new file mode 100644 index 00000000..7b38fb3e Binary files /dev/null and b/blog/assets/images/onion-browser-review/51B33FA1-D9B4-4EF4-82C6-259568C845EC_1_102_o.jpeg differ diff --git a/blog/assets/images/onion-browser-review/757A93D0-CCCB-4743-8AF2-17B001EC774A_1_102_o.jpeg b/blog/assets/images/onion-browser-review/757A93D0-CCCB-4743-8AF2-17B001EC774A_1_102_o.jpeg new file mode 100644 index 00000000..cdfa89e5 Binary files /dev/null and b/blog/assets/images/onion-browser-review/757A93D0-CCCB-4743-8AF2-17B001EC774A_1_102_o.jpeg differ diff --git a/blog/assets/images/onion-browser-review/87651D0E-EFE0-4C0F-98E7-9898EBA74334_1_102_o.jpeg b/blog/assets/images/onion-browser-review/87651D0E-EFE0-4C0F-98E7-9898EBA74334_1_102_o.jpeg new file mode 100644 index 00000000..664885e1 Binary files /dev/null and b/blog/assets/images/onion-browser-review/87651D0E-EFE0-4C0F-98E7-9898EBA74334_1_102_o.jpeg differ diff --git a/blog/assets/images/onion-browser-review/8A3E82E7-128E-4B3B-B8BB-276063226D41_1_102_o.jpeg b/blog/assets/images/onion-browser-review/8A3E82E7-128E-4B3B-B8BB-276063226D41_1_102_o.jpeg new file mode 100644 index 00000000..12faf910 Binary files /dev/null and b/blog/assets/images/onion-browser-review/8A3E82E7-128E-4B3B-B8BB-276063226D41_1_102_o.jpeg differ diff --git a/blog/assets/images/onion-browser-review/C3252F74-C6C1-4616-B3CD-17EA1183BE0C_1_102_o.jpeg b/blog/assets/images/onion-browser-review/C3252F74-C6C1-4616-B3CD-17EA1183BE0C_1_102_o.jpeg new file mode 100644 index 00000000..4aa896d2 Binary files /dev/null and b/blog/assets/images/onion-browser-review/C3252F74-C6C1-4616-B3CD-17EA1183BE0C_1_102_o.jpeg differ diff --git a/blog/assets/images/onion-browser-review/D0A2D20B-5550-4C1F-8FC6-F6D84AEBDF13_1_102_o.jpeg b/blog/assets/images/onion-browser-review/D0A2D20B-5550-4C1F-8FC6-F6D84AEBDF13_1_102_o.jpeg new file mode 100644 index 00000000..5c43c6aa Binary files /dev/null and b/blog/assets/images/onion-browser-review/D0A2D20B-5550-4C1F-8FC6-F6D84AEBDF13_1_102_o.jpeg differ diff --git a/blog/author/dngray.md b/blog/author/dngray.md new file mode 100644 index 00000000..88504813 --- /dev/null +++ b/blog/author/dngray.md @@ -0,0 +1 @@ +# Daniel Gray diff --git a/blog/author/jonah.md b/blog/author/jonah.md index 9e1d6a8c..19eea7f3 100644 --- a/blog/author/jonah.md +++ b/blog/author/jonah.md @@ -1,3 +1,30 @@ +--- +description: Jonah Aragon is the Project Director and staff writer at Privacy Guides. His role includes researching and writing for this website, system administration, creating Privacy Guides Online Learning course content, reviewing the products recommended here, and most other day-to-day tasks. +schema: + - + "@context": https://schema.org + "@type": ProfilePage + dateCreated: "2019-10-31T00:00:00Z" + dateModified: "2024-09-09T00:00:00Z" + mainEntity: + - + "@context": https://schema.org + "@type": Person + name: Jonah Aragon + jobTitle: Project Director + description: Jonah Aragon is the Project Director and staff writer at Privacy Guides. + url: https://www.privacyguides.org/articles/author/jonah/ + image: https://www.privacyguides.org/articles/assets/external/github.com/jonaharagon.png.jpg + sameAs: + - https://www.jonaharagon.com + - https://discuss.privacyguides.net/u/jonah + - https://shop.jonaharagon.com + - https://jonaharagon.me + - https://mastodon.neat.computer/@jonah + - https://www.youtube.com/@jonaharagon + - https://www.wikidata.org/wiki/Q117304062 +--- + # Jonah Aragon ![Profile picture](https://github.com/jonaharagon.png){ align=right } @@ -7,20 +34,3 @@ He is also known for his work on the Techlore YouTube channel, including the Techlore Talks podcast he co-hosts. [:simple-mastodon: @jonah@neat.computer](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){ .md-button rel=me } - - diff --git a/blog/category/announcements.md b/blog/category/announcements.md new file mode 100644 index 00000000..ca25553b --- /dev/null +++ b/blog/category/announcements.md @@ -0,0 +1,7 @@ +--- +description: The latest announcements and updates from the Privacy Guides team. +--- + +# Announcements + +Follow this page for the latest updates & announcements from the Privacy Guides team, and join the [announcements category](https://discuss.privacyguides.net/c/announcements/5) on our forum to discuss anything you read here! diff --git a/blog/category/news.md b/blog/category/news.md new file mode 100644 index 00000000..2275c4f4 --- /dev/null +++ b/blog/category/news.md @@ -0,0 +1,7 @@ +--- +description: Privacy Guides News presents the latest tech news about the world's best (and occasionally worst) software, hardware, and services in the privacy world. +--- + +# News + +The latest tech news about the world's best (and occasionally worst) software, hardware, and services in the privacy world. *Privacy Guides News* has you covered for any important information you might need on your privacy journey. diff --git a/blog/category/reviews.md b/blog/category/reviews.md new file mode 100644 index 00000000..6125ff23 --- /dev/null +++ b/blog/category/reviews.md @@ -0,0 +1,7 @@ +--- +description: Read the latest privacy product reviews and stories from Privacy Guides contributing writers. +--- + +# Reviews + +Looking for alternatives to privacy-invasive apps you use everyday? Do you just want to know all the details behind your favorite privacy tools? *Privacy Guides Reviews* is the place to find all that and more. This is your one stop to find the latest advice and recommendations on things we use every day directly from Privacy Guides contributors. diff --git a/blog/editorial.md b/blog/editorial.md new file mode 100644 index 00000000..10a5a39a --- /dev/null +++ b/blog/editorial.md @@ -0,0 +1,107 @@ +--- +title: Editorial Policy +--- + +This page provides transparent information about Privacy Guides, its editorial process, and how Privacy Guides creates trustworthy news, articles, and reviews. + +Moreover, it is a part of Privacy Guides' commitment to [**The Trust Project**](https://thetrustproject.org/), "an international consortium of news organizations implementing transparency standards and working with technology platforms to affirm and amplify journalism’s commitment to transparency, accuracy, inclusion and fairness so that the public can make informed news choices." Privacy Guides is not currently a news partner of the program, but wholeheartedly supports its mission and values. + +## Coverage Priorities + +First and foremost, Privacy Guides is committed to publishing content related to the personal privacy and cybersecurity industry and communities. We firmly believe that privacy is a human right, which should not be intruded upon by any corporation, government, or other entity. + +To further our beliefs, Privacy Guides strives to create coverage that promotes the ideals of personal privacy and security in online spaces, encourages companies to engage in privacy-friendly behavior, and holds privacy and security invasive entities accountable for their actions. + +## Our Philosophy + +Privacy Guides strongly believes in independent information published by independent people with varying points of view. As an organization, we are firm proponents of freedom of speech, expression, and the press. Privacy Guides contributors are free to share their own opinions, even when they are controversial. Every opinion article is clearly labeled as such at the beginning of the news content. + +## Ethics Policy + +Privacy Guides' ethical code is based in our willingness to be accurate, fair, and complete, and for all of our writers to act with honesty, transparency, and independence. + +### Truth and Accuracy + +Privacy Guides contributors are expected to be as accurate as possible. Getting facts from reliable sources is the defining principle of journalism. Privacy Guides always strives to provide all the relevant facts available, ensure those facts have been verified, and generally hold ourselves to the highest standards of accuracy and truth. When we are unable to corroborate certain information, Privacy Guides always makes that clear to readers. + +### Independence + +Privacy Guides contributors must always be independent voices in the privacy community. Privacy Guides does not act on behalf of special interests, whether corporate, political, or cultural, and whether formally or informally. Independent fact-checking is always involved in the publication process. + +### Fairness and Impartiality + +Many stories have at least two sides. While we are not obligated to present every viewpoint in every article we publish, our stories are balanced and add context. Our impertial reporting is a significant part of why our community has trust and confidence in our work. + +### Humanity + +Privacy Guides contributors do no harm. We are aware of the impact of our words on the lives of others. Private persons have privacy rights that must be balanced against the public interest in reporting information about them. Our pursuit of the news is not a license for arrogance, and we will always treat the subject of any story with respect. + +### Accountability + +As professional and responsible journalists, we will always hold ourselves accountable for our work. Corrections are published when errors are discovered, and we always listen to the concerns of our audience. + +## Corrections Policy + +Privacy Guides believes in transparency and honesty. Therefore, we will correct mistakes promptly and ensure our readers are notified. In the online world of journalism, completeness and freshness of content are huge values, and we believe accuracy is equally essential. We will ensure expediency when making corrections as needed. + +When an error is detected in an article, Privacy Guides will immediately work to find the correct information, clearly display the correction within the affected article, and include the following: + +- The correct information. +- What was originally published that was incorrect. +- The severity of the error. +- The date when the change took place. + +When errors cannot be amended within the body of an article's content, corrections are displayed in the last paragraph of the content. Rather than remove completely the content containing a mistake, we provide clarification and admittance of our mistakes to preserve transparency. + +## Verification & Fact-Checking + +Privacy Guides prides itself on the validity of its content, and therefore does whatever it can to ensure that the information presented by its contributors is accurate. As a well-known global publication, Privacy Guides understands the importance of approaching claims with skepticism, thinking critically, and upholding accuracy in whatever way possible. + +Privacy Guides encourages its writers to keep the following considerations in mind before publishing content: + +- Always credit, acknowledge, and verify the source(s) of your information. +- Consider whether you know enough about the information to qualify as a trustable source yourself. +- Think critically when addressing claims. +- Never make assumptions. + +We trust the integrity of our contributors and the accuracy of content published on this website. In the case that a mistake is made, we understand the importance of admitting to them and working diligently to provide the correct information. We always encourage our readers, sources, and other contributors to provide us with feedback on any of our content. + +## Unnamed Sources Policy + +Privacy Guides will only used unnamed sources in our news reporting if: + +1. The material is informative, not opinion or speculation. +2. The material is vital to the news report. +3. The source is reliable, and in a position to have accurate information. +4. The information provided is not available except under conditions of anonymity imposed by the source. + +Privacy Guides will always identify sources whenever possible. Our readership is entitled to as much information as possible in order to judge the reliability of our sources themselves. + +: Privacy Guides' credibility is our most important asset. If our readers don't have faith that the stories they are reading here are accurate and fair, or if they suspect content within the stories we publish is fabricated, then we would lose that credibility. For our contributors to protect their own credibility, they must use every available avenue to confirm and attribute information before relying on unnamed sources. If the only way to publish a story is to use unnamed sources, our contributors owe it to our readership to identify the sources as clearly as possible without exposing the identity of the individual granted anonymity. + +Our contributors should always question the motives behind a source requesting anonymity. + +: Always keep your promises, but clarify conditions attached to any promise made in exchange for information beforehand. You must not take information from an anonymous support without the approval of our editorial team. We only use unnamed sources to tell important stories that would otherwise go unreported. + +The decision to use an unnamed source is not a decision made solely by the writer. To use an unnamed source, a contributor must have the written consent of a member of our editorial team: [Daniel](author/dngray.md), [Freddy](author/freddy.md), [Jonah](author/jonah.md), or [Niek](author/niek-de-wilde.md). + +Our editorial team will grant consent to the use of unnamed sources if the source is considered to be accurate and reliable, and if there is substantial justification for using the source's information without attribution. Privacy Guides should never be in the position of having to verify any factors within this policy after a story has been published. + +## Actionable Feedback + +Privacy Guides is committed to engaging with our readers and taking action based on their suggestions, complaints, and other feedback. + +Readers may help us develop an individual story or line of coverage, answer questions that a story may raise, identify related or under-covered issues, and teach us about new and diverse sources, experts, and perspectives. We believe that news organizations have a responsibility to engage with the public on the values, issues, and ideas of the times, and that news organizations have much to gain in return. In fact, actionable feedback may: + +- Further develop an individual story or line of coverage. +- Help answer questions that a story may raise. +- Help identify related questions or issues that the audience, including demographic segments of that audience, is discussing or are concerned about. +- Yield new and diverse sources and experts. + +**We strongly encourage our readers to participate in our community forum: ** + +Our staff contributors are also [listed](https://www.privacyguides.org/en/about/) alongside verified email links and other contact information, where you can ask them questions or report a complaint. Each article within our news section also clearly lists the author's byline, including contact and social media information when available. + +When necessary, we will make updates to our articles based on our readership's comments and feedback. + +We are proud of keeping this openness a top priority, in line with the nature of our community. diff --git a/blog/index.md b/blog/index.md index 8dc20c0f..3441e732 100644 --- a/blog/index.md +++ b/blog/index.md @@ -1,5 +1,11 @@ --- -title: Latest Articles +description: Privacy-related news stories, product reviews, opinion pieces, and other important articles from Privacy Guides contributors. hide: - footer --- + +# Latest Articles + +This is our home for privacy-related news stories, product reviews, opinion pieces, and other important articles. + +Unlike the rest of our website, these articles don't represent a consensus viewpoint of our community. Instead, they present the opinions of trusted authors within our community as-is. You may even find multiple articles on the same topic with competing viewpoints, intended to further [privacy discussion](https://discuss.privacyguides.net/). diff --git a/blog/posts/choosing-the-right-messenger.md b/blog/posts/choosing-the-right-messenger.md index 3c5575c0..48dd4066 100644 --- a/blog/posts/choosing-the-right-messenger.md +++ b/blog/posts/choosing-the-right-messenger.md @@ -11,6 +11,8 @@ links: tags: - Instant Messengers license: BY-SA +description: Choosing an instant messenger is a challenge. How can you be sure you’re using the most secure, privacy respecting platform? +schema_type: AnalysisNewsArticle --- # Choosing the Right Messenger diff --git a/blog/posts/delisting-startpage.md b/blog/posts/delisting-startpage.md index 36d5e332..8ced8ceb 100644 --- a/blog/posts/delisting-startpage.md +++ b/blog/posts/delisting-startpage.md @@ -10,6 +10,8 @@ links: - Search Engines: https://www.privacyguides.org/en/search-engines/ tags: - Search Engines +description: Startpage has been removed from Privacy Guides' recommendations following their acquisition by System1. +schema_type: NewsArticle --- # Delisting Startpage From Privacy Guides diff --git a/blog/posts/delisting-wire.md b/blog/posts/delisting-wire.md index a9ee6bb4..4347e80f 100644 --- a/blog/posts/delisting-wire.md +++ b/blog/posts/delisting-wire.md @@ -10,6 +10,8 @@ links: - Types of Communication Networks: https://www.privacyguides.org/en/advanced/communication-network-types/ tags: - Instant Messengers +description: Wire has been removed from Privacy Guides' recommendations following their acquisition by a US holding company and VC investments. +schema_type: NewsArticle --- # Delisting Wire From Privacy Guides diff --git a/blog/posts/firefox-privacy-2021-update.md b/blog/posts/firefox-privacy-2021-update.md index f6ecf600..cac405c7 100644 --- a/blog/posts/firefox-privacy-2021-update.md +++ b/blog/posts/firefox-privacy-2021-update.md @@ -11,6 +11,7 @@ tags: - Browsers - Firefox license: CC0 +schema_type: AnalysisNewsArticle --- # Firefox Privacy: 2021 Update diff --git a/blog/posts/firefox-privacy.md b/blog/posts/firefox-privacy.md index 6fae02e9..ed9919ed 100644 --- a/blog/posts/firefox-privacy.md +++ b/blog/posts/firefox-privacy.md @@ -11,6 +11,7 @@ tags: - Browsers - Firefox license: BY-SA +schema_type: AnalysisNewsArticle --- # Firefox Privacy: Tips and Tricks for Better Browsing diff --git a/blog/posts/grapheneos-or-calyxos.md b/blog/posts/grapheneos-or-calyxos.md index d91d45bd..4dcf7654 100644 --- a/blog/posts/grapheneos-or-calyxos.md +++ b/blog/posts/grapheneos-or-calyxos.md @@ -13,6 +13,7 @@ links: - Android Recommendations: https://www.privacyguides.org/android/ license: BY-SA robots: nofollow, max-snippet:-1, max-image-preview:large +schema_type: OpinionNewsArticle --- # Should You Use GrapheneOS or CalyxOS? diff --git a/blog/posts/hide-nothing.md b/blog/posts/hide-nothing.md index c804772f..d59f8a41 100644 --- a/blog/posts/hide-nothing.md +++ b/blog/posts/hide-nothing.md @@ -11,6 +11,8 @@ links: tags: - Government license: BY-SA +description: In the wake of the September 11, 2001, attack on the United States, the US government enacted laws that weakened citizen privacy in the name of national emergency. +schema_type: OpinionNewsArticle --- # Hide Nothing diff --git a/blog/posts/i18n-announcement.md b/blog/posts/i18n-announcement.md index 76e1f4a8..d44c5c84 100644 --- a/blog/posts/i18n-announcement.md +++ b/blog/posts/i18n-announcement.md @@ -10,6 +10,8 @@ authors: tags: - Privacy Guides license: BY-SA +description: It's finally here. After countless requests, Privacy Guides now has translations. +schema_type: NewsArticle --- # Privacy Guides Is Now Multilingual diff --git a/blog/posts/integrating-metadata-removal.md b/blog/posts/integrating-metadata-removal.md index 9619c25c..4cd96340 100644 --- a/blog/posts/integrating-metadata-removal.md +++ b/blog/posts/integrating-metadata-removal.md @@ -12,6 +12,8 @@ tags: - iOS - Windows license: BY-SA +description: When sharing files, it's important to remove associated metadata. Image files commonly include Exif data, and sometimes photos even include GPS coordinates within its metadata. +schema_type: AnalysisNewsArticle --- # Removing Metadata From Your Photos, Videos, and Other Files diff --git a/blog/posts/ios-configuration-guide.md b/blog/posts/ios-configuration-guide.md index 5b60930a..7cb30518 100644 --- a/blog/posts/ios-configuration-guide.md +++ b/blog/posts/ios-configuration-guide.md @@ -10,6 +10,8 @@ authors: tags: - iOS license: BY-SA +description: There are a number of privacy and security-related settings you should consider changing in the Settings app on iOS 16. +schema_type: AnalysisNewsArticle --- # iOS 16 Privacy Configuration Guide diff --git a/blog/posts/job-openings.md b/blog/posts/job-openings.md new file mode 100644 index 00000000..c50ea029 --- /dev/null +++ b/blog/posts/job-openings.md @@ -0,0 +1,43 @@ +--- +date: + created: 2024-10-28 +categories: + - Announcements +authors: + - niek-de-wilde +links: + - Job Openings: https://www.privacyguides.org/en/about/jobs/ +tags: + - Privacy Guides +description: Privacy Guides is now hiring for a video content creation position and a journalist position, as well as a 6-month internship. +schema_type: NewsArticle +--- +# Privacy Guides is Hiring + +We are thrilled to announce the opening of three new job positions aimed at enhancing our mission of promoting personal privacy and informed digital choices. As a non-profit organization dedicated to empowering individuals with the knowledge and tools they need to navigate the internet in a private manner, we are excited to expand our team with talented individuals who share our vision. They will play a key role in helping us reach new audiences to spread our message in multiple formats, and make sure we are the authoritative source for trustworthy and unbiased consumer privacy resources on the internet. + +## Content Creator + +We're seeking a passionate multimedia content creator to spearhead our video production efforts on YouTube and other platforms. This role will involve creating engaging and informative video content that for example simplifies several privacy concepts and offers practical tips for protecting personal information. The ideal candidate will have experience in video production (but this is not strictly required) and a commitment to making complex topics accessible to a wide audience. + +This is your chance to enter the tech & educational content creation space, without worrying about sponsors and advertisers diluting your message. We have no commercial interests to interfere with your content, and no agenda beyond simply providing the best privacy information out there. If you're excited about using the power of video to educate and inspire, we want to hear from you! + +[Learn more and apply here :material-arrow-right-drop-circle:](https://privacyguides.org/en/about/jobs/content-creator/) + +## Journalist + +We are also looking for a skilled journalist to join our team. This role will focus on producing in-depth articles for our blog that explore the latest trends in privacy and security, as well as the implications of emerging technologies. The ideal candidate will have a background in investigative journalism and a deep understanding of privacy issues. Your work will help inform our community and foster critical discussions about digital rights and responsibilities. + +Other tasks will be to research new subjects to cover, perform interviews, and conduct product and service reviews for our recommendations. + +[Learn more and apply here :material-arrow-right-drop-circle:](https://privacyguides.org/en/about/jobs/journalist/) + +## News Curation Internship + +Finally, we are offering a paid internship position that will focus on staying up-to-date with the latest privacy and security news, interacting with our community, and providing overall support to our volunteers. This role will involve curating relevant articles, reports, and insights to keep our team informed and engaged with current events. This is an excellent opportunity for someone passionate about privacy issues and looking to gain hands-on experience in a non-profit environment. Ideal candidates will have strong research skills and a keen interest in digital rights. + +[Learn more and apply here :material-arrow-right-drop-circle:](https://privacyguides.org/en/about/jobs/intern-news/) + +## Join us in making a difference + +At Privacy Guides, we believe that everyone deserves the right to privacy and security in the digital world. By joining our team, you will play a vital role in educating the public and advocating for stronger privacy protections. If you’re ready to make a difference and are excited about one of these roles, we encourage you to apply! diff --git a/blog/posts/linux-application-sandboxing.md b/blog/posts/linux-application-sandboxing.md index 355ff4b8..fac20139 100644 --- a/blog/posts/linux-application-sandboxing.md +++ b/blog/posts/linux-application-sandboxing.md @@ -9,6 +9,8 @@ tags: - Linux - Security license: BY-SA +description: We outline a few projects which aim to solve the poor sandboxing situation in Linux relative to operating systems like macOS and ChromeOS. +schema_type: AnalysisNewsArticle --- # Sandboxing Applications on Desktop Linux diff --git a/blog/posts/linux-system-hardening.md b/blog/posts/linux-system-hardening.md index c3100085..caa63672 100644 --- a/blog/posts/linux-system-hardening.md +++ b/blog/posts/linux-system-hardening.md @@ -10,6 +10,8 @@ tags: - Security license: BY-SA robots: nofollow, max-snippet:-1, max-image-preview:large +description: There are a number of procedures you can follow to make your Linux desktop system more secure, some more advanced than others. We cover some general techniques here. +schema_type: AnalysisNewsArticle --- # Hardening Your Desktop Linux System's Security diff --git a/blog/posts/macos-ventura-privacy-security-updates.md b/blog/posts/macos-ventura-privacy-security-updates.md index daecf2b0..51e91a40 100644 --- a/blog/posts/macos-ventura-privacy-security-updates.md +++ b/blog/posts/macos-ventura-privacy-security-updates.md @@ -11,6 +11,8 @@ tags: links: - posts/ios-configuration-guide.md license: BY-SA +description: We cover the improvements macOS Ventura will bring to Apple users when it comes to personal privacy and security. +schema_type: NewsArticle --- # New Privacy and Security Features in macOS 13 Ventura diff --git a/blog/posts/merch-announcement.md b/blog/posts/merch-announcement.md index fb813f6f..c01d9939 100644 --- a/blog/posts/merch-announcement.md +++ b/blog/posts/merch-announcement.md @@ -9,6 +9,8 @@ authors: tags: - Privacy Guides license: BY-SA +description: Privacy Guides has partnered with HELLOTUX to create what we think are the finest garments in the land. +schema_type: BackgroundNewsArticle --- # Privacy Guides Now Has Merchandise diff --git a/blog/posts/move-fast-and-break-things.md b/blog/posts/move-fast-and-break-things.md index 706730b1..41f2759d 100644 --- a/blog/posts/move-fast-and-break-things.md +++ b/blog/posts/move-fast-and-break-things.md @@ -10,6 +10,8 @@ links: tags: - Facebook license: BY-SA +description: If someone has to tell you that they care about your privacy, they probably don’t. +schema_type: OpinionNewsArticle --- # Move Fast and Break Things diff --git a/blog/posts/mozilla-disappoints-us-yet-again-2.md b/blog/posts/mozilla-disappoints-us-yet-again-2.md index 489f4c76..c230a5d7 100644 --- a/blog/posts/mozilla-disappoints-us-yet-again-2.md +++ b/blog/posts/mozilla-disappoints-us-yet-again-2.md @@ -2,12 +2,14 @@ date: created: 2024-07-14 categories: - - Opinion + - News authors: - jonah tags: - Firefox - Mozilla +description: "'No shady privacy policies or back doors for advertisers' proclaims the Firefox homepage, but that's no longer true in Firefox 128." +schema_type: AnalysisNewsArticle --- # "Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again diff --git a/blog/posts/onion-browser-review.md b/blog/posts/onion-browser-review.md new file mode 100644 index 00000000..cf235265 --- /dev/null +++ b/blog/posts/onion-browser-review.md @@ -0,0 +1,174 @@ +--- +title: "Onion Browser Review: Tor on iOS" +description: "Onion Browser is our recommended way of connecting to Tor on iOS, but it does have a number of drawbacks compared to the traditional Tor Browser on other platforms you should be aware of." +date: + created: 2024-09-18 +categories: + - Reviews +authors: + - jonah +links: + - Tor Recommendations: https://www.privacyguides.org/en/tor/ + - Tor Overview: https://www.privacyguides.org/en/advanced/tor-overview/ +tags: + - Tor + - iOS +license: BY-SA +preview: + logo: theme/assets/img/self-contained-networks/onion_browser.svg +review: + type: MobileApplication + category: BrowserApplication + subcategory: Tor Network Browser + name: Onion Browser + price: 0 + website: https://onionbrowser.com/ + rating: 3.5 + pros: + - Officially endorsed way to access Tor on iOS. + cons: + - Some inconsistent and confusing settings. + - Doesn't provide the same protections as Tor Browser. +--- +![Onion Browser logo](../assets/img/self-contained-networks/onion_browser.svg){ align=right } + +Search the App Store for "Tor Browser" and you'll be flooded with a variety of ways to connect to the Tor network from your iPhone. However, there's only one solution officially [endorsed](https://support.torproject.org/tormobile/tormobile-3/) by the Tor Project themselves: **Onion Browser**. + +[:octicons-home-16: Homepage](https://onionbrowser.com){ .md-button } +[:octicons-eye-16:](https://onionbrowser.com/privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://onionbrowser.com/faqs){ .card-link title=Documentation} +[:octicons-code-16:](https://github.com/OnionBrowser/OnionBrowser){ .card-link title="Source Code" } +[:octicons-heart-16:](https://onionbrowser.com/donate){ .card-link title=Contribute } + +Onion Browser is an open-source app created by Mike Tigas, who has worked closely with Tor Project in the past and was previously an investigative journalist at ProPublica (he is currently an advisor at the FTC). His company still maintains the app, although lately it is primarily [developed](https://github.com/OnionBrowser/OnionBrowser/graphs/contributors) by other maintainers. + +!!! info inline end "Side info" + + - [:simple-appstore: App Store download](https://apps.apple.com/app/id519296448) + +We already recommend Onion Browser for any iOS users out there, with the important caveat that it doesn't have all the privacy features that Tor Browser on *other* operating systems would provide. + +## Usage + +Of course installing Onion Browser is as easy as any other app on iOS, Apple ID unfortunately required. Onion Browser can be set as your default browser in system settings too, which is nice. + +When you open Onion Browser for the first time you're given the option to connect to Tor via [Orbot](https://www.privacyguides.org/en/tor/#orbot), or with a built-in Tor network proxy. Using the built-in option is the easiest, it connects very quickly and doesn't require a separate app. It also allows you to [use Tor alongside another VPN app](https://www.privacyguides.org/en/advanced/tor-overview/#safely-connecting-to-tor), which may be helpful in certain circumstances. The Orbot app acts as its own "VPN connection" in iOS preventing the possibility of combining it with another VPN, but it is more flexible and it extends Tor network protections to every app on your device. + +
+ ![A screenshot asking whether you want to use Orbot or built-in Tor to connect, noting the built-in Tor has security problems.](../assets/images/onion-browser-review/757A93D0-CCCB-4743-8AF2-17B001EC774A_1_102_o.jpeg){ width="200" } +
You're presented with a choice at startup
+
+ +Using the dedicated Orbot app also provides more robust protections against IP address leaks. Onion Browser warns in its comparison that using the built-in option could leak your IP or network information to malicious JavaScript code. + +I confirmed the built-in option works perfectly fine, in fact I occasionally had trouble connecting Orbot to Onion Browser, where it would re-prompt me to start Orbot even though it was already running until I restarted the Onion Browser app. The built-in proxy generally worked seamlessly. However, for most people using Onion Browser alongside Orbot probably still makes more sense. It's the official recommendation from Tor Project and the browser's developer themselves, so that's what I'll be sticking with for the rest of this review. + +
+ ![A screenshot of check.torproject.org that says congratulations, this browser is configured to use Tor. It shows the IP address of the exit node, then states: however, it does not appear to be Tor Browser.](../assets/images/onion-browser-review/2774018C-C4DD-419C-9D77-9BE8E5A51A19_1_102_o.jpeg){ width="200" } +
You can check your connection at check.torproject.org, but you'll be warned you're not using Tor Browser
+
+ +Onion Browser comes with 6 `.onion` bookmarks preinstalled: DuckDuckGo, the New York Times, the BBC, ProPublica, Freedom of the Press Foundation, and Deutsche Welle, which provides you with a good entry point into Tor network resources. + +
+ ![A screenshot of the default new tab page, purple, with 6 bookmarks pre-installed](../assets/images/onion-browser-review/D0A2D20B-5550-4C1F-8FC6-F6D84AEBDF13_1_102_o.jpeg){ width="200" } +
You can get started right away with built-in resources
+
+ +DuckDuckGo via its `.onion` address is also the default search engine. Unlike Safari, search engines in Onion Browser are completely configurable. Included by default are a few different DuckDuckGo configurations, Google, and Startpage, but you can add your own [search engine](https://www.privacyguides.org/en/search-engines/) easily if you prefer another option. + +I ran into trouble with DuckDuckGo not being able to display results, however. Switching to the **DuckDuckGo HTML** search engine in settings helped, and I prefer that more lightweight version myself anyway. I'm curious whether this is a common issue or a momentary glitch with DuckDuckGo, but neither switching circuits nor reducing security levels fixed it. Speaking of... + +
+
+ ![A screenshot of DuckDuckGo saying sorry, we ran into an issue displaying these results, and asking to try again](../assets/images/onion-browser-review/8A3E82E7-128E-4B3B-B8BB-276063226D41_1_102_o.jpeg){ width="200" } + ![A screenshot of DuckDuckGo results loading normally when using the HTML version of the search engine](../assets/images/onion-browser-review/C3252F74-C6C1-4616-B3CD-17EA1183BE0C_1_102_o.jpeg){ width="200" } +
+
DuckDuckGo wouldn't work until I used their HTML-only version
+
+ +### Security Levels + +There are three configurable security levels in Onion Browser: Bronze, Silver (the default), and Gold. These levels roughly correlate to the *Safe, Safer, Safest* [security levels](https://tb-manual.torproject.org/security-settings/) in regular Tor Browser. + +
+ ![A screenshot showing the security level for this site settings and three options, Gold, Silver, and Bronze](../assets/images/onion-browser-review/51B33FA1-D9B4-4EF4-82C6-259568C845EC_1_102_o.jpeg){ width="200" } +
You can toggle security levels on a per-site basis with two taps
+
+ +I had no issues browsing the web in the standard Silver level, which felt similar to just using Safari. Even websites which rely a bit more on JavaScript like our own [forum](https://discuss.privacyguides.net/) were unaffected, so this seems to be a sane default for most people. + +The security level toggle next to the address bar is a bit dangerous, in my opinion. It changes the security level on a per-site basis, which can lead to inconsistent settings. I ran into this when I set the security level to Gold on privacyguides.**org**, then I navigated to our forum (hosted on privacyguides.**net**) and found the security level reset itself to Silver. Changing the security level for all sites requires going into the app's settings and changing the default security, which is something to keep in mind if you don't trust the sites you're visiting. + +That being said, I also found that even the default security level setting didn't apply itself consistently after changing it. When I set the default security to Gold and opened DuckDuckGo, it opened at the lower Silver security level. I believe this is because I had manually set DuckDuckGo to Silver using the per-site toggle earlier, but changing the default setting *really* should reset those preferences. + +The Gold browsing experience definitely broke more websites. Our forum didn't load at all, despite theoretically having a non-JavaScript version available. Other pages had broken elements: I loaded the Freedom of the Press Foundation's homepage fine, but I wasn't able to open the mobile navigation menu with the button in their header without switching back to Silver. + +Something to note is that even the Gold level protections don't go nearly as far as Safest protections in Tor Browser. For example, the Safest setting on desktop Tor Browser will block resources like external fonts, which are not blocked on any level by Onion Browser. Onion Browser is meant to be a censorship circumvention tool, but it is not ready to defend your anonymity against any more dedicated adversaries. + +### Other Settings + +Onion Browser comes with reasonable defaults and a fairly sparse number of customization options, but there's some you'll probably want to change if you're using this every day. + +The **Tab Security** setting defaults to *Forget in Background*, which I found closes your tabs even if you simply check your notifications. It's certainly good that it errs on the side of caution and closes your tabs when you do literally *anything* outside the app, but I think most people will probably prefer this set to *Forget at Shutdown* where the data is only wiped when the app is actually closed. If you're really not concerned about local data storage, you can have the browser remember tabs until you close them for a more standard browser-like experience. + +In the **Default Security** settings you can choose a different user agent, or leave it blank to send the default, in which case it sends Safari's default user agent for your device. You may find this useful to change how websites present themselves, but impersonating the user agent of another browser does **not** make you blend in with that browser from a fingerprinting perspective. There are many ways a website could determine what browser you are using outside your user agent, so don't rely on this setting to make you blend in with everyone else using Tor Browser on other devices. + +Besides leaving it blank for the default, it comes with three built-in user agent strings you can choose from, or you can enter your own. You might find it useful to use Tor Browser for Android's, but if you have no idea what any of this means it's probably best to leave the user agent settings alone. + +=== "Default (on my device)" + + ``` + Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/605.1.15 + ``` + +=== "Safari Desktop" + + ``` + Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.0 Safari/605.1.15 + ``` + +=== "Tor Browser Desktop" + + ``` + Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 + ``` + +=== "Tor Browser Android" + + ``` + Mozilla/5.0 (Android 9; Mobile; rv:78.0) Gecko/20100101 Firefox/78.0 + ``` + +The other settings in the app are fairly self-explanatory, but I don't expect many people will need to change them. + +## Drawbacks + +A large part of Onion Browser's problems come down to how iOS works. Most notably the iOS requirement for third-party browsers to use the WebKit framework built in to iOS. + +This requirement means that Onion Browser has completely separate development from Tor Browser on desktop and Android, so it can't easily make use of all the advanced privacy-protecting features the Tor Project team is constantly adding to their browser. Technically it does also mean Onion Browser has historically been immune to [Firefox-related vulnerabilities](https://blog.mozilla.org/security/2016/11/30/fixing-an-svg-animation-vulnerability/), but Safari is not known for its perfect security record either, and the number of eyes on Tor-related *WebKit* vulnerabilities is certainly far smaller than on *Firefox/Gecko*-related ones. + +The Tor Project [notes](https://blog.torproject.org/tor-heart-onion-browser-and-more-ios-tor/) another drawback to Onion Browser's use of WebKit as well: The WebKit APIs simply don't give browser developers the level of control they're used to over the rendering and execution of web pages. This relates to what we saw earlier with the "Gold" protection levels not quite matching what you'd see in Tor Browser on other platforms. + +The EU recently required Apple to let third-party browser developers use their own engines instead of WebKit. It's possible that—likely many years from now—a version of Onion Browser or Tor Browser could come to iOS alongside Tor's stricter protections found in their standard browsers. Even still, the mobile version of Tor Browser on Android which *does* use Firefox's mobile engine is leagues behind desktop Tor Browser in terms of privacy and security. It's safe to say that desktop Tor Browser is going to be the best way to access Tor for quite some time. + +## Lockdown Mode + +There is one more way to improve Onion Browser security, but we have to look outside the browser to find it. [Lockdown Mode](macos-ventura-privacy-security-updates.md#lockdown-mode) is a feature introduced in iOS 16 that reduces the attack surface of your device by disabling a myriad of features, including web browsing features that could potentially impact security. + +Because Onion Browser is built on Apple's WebKit, these security improvements extend to Onion Browser as well. Most notably, external web fonts *are* blocked in Onion Browser with Lockdown Mode enabled, just as they are in Safari. These are disabled in desktop Tor Browser's Safest mode due to both privacy concerns, and security concerns related to the font rendering engine on your device, so having the option to disable them here on iOS is very useful for those looking to maximize their security. + +
+ ![A screenshot of the Privacy Guides homepage with external fonts disabled](../assets/images/onion-browser-review/87651D0E-EFE0-4C0F-98E7-9898EBA74334_1_102_o.jpeg){ width="200" } +
External fonts and JavaScript disabled with Gold + Lockdown Mode
+
+ +However, enabling Lockdown Mode *is* detectable by websites, meaning it could potentially be used to fingerprint you. Onion Browser in any form does not really provide the same fingerprinting protections that desktop Tor Browser is able to, so this probably shouldn't stop you from using Lockdown Mode, but it is something to keep in mind. + +## Conclusion + +The decision to use Onion Browser will ultimately come down to your specific requirements. If you simply need a web browser that connects to [Tor hidden services](https://www.privacyguides.org/en/advanced/tor-overview/#path-building-to-onion-services), and you're not concerned with being tracked down, this is a perfectly reasonable choice on iOS. + +It's also a good way to promote and normalize the use of Tor in general. My browsing experience using Onion Browser, while still a bit slower than regular browsing, was perfectly acceptable for reading the news, searching the web, and other everyday browsing tasks most of us do on our phone. The more people that use Tor for their everyday traffic, the safer the overall network becomes for people who really need it. + +Just don't expect the same level of protection that desktop Tor Browser can provide. If you're concerned about serious adversaries targeting you, the safest way to use Tor is still to use it via [Whonix+Qubes](https://www.privacyguides.org/en/desktop/#whonix). diff --git a/blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md b/blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md index bcf58ef6..a374f6db 100644 --- a/blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md +++ b/blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md @@ -5,6 +5,8 @@ categories: - Announcements authors: - jonah +description: We're excited to announce a partnership with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. +schema_type: BackgroundNewsArticle --- # Privacy Guides Partners With MAGIC Grants 501(c)(3) diff --git a/blog/posts/proton-wallet-review.md b/blog/posts/proton-wallet-review.md index e24b4bbd..d84eae21 100644 --- a/blog/posts/proton-wallet-review.md +++ b/blog/posts/proton-wallet-review.md @@ -1,5 +1,8 @@ --- title: "Proton Wallet Review: Is Proton Losing Touch?" +template: review-article.html +schema_type: ReviewNewsArticle +description: "It may well be that Proton Wallet is the easiest way to start using Bitcoin, but is a Bitcoin wallet the solution people need to improve their financial privacy?" date: created: 2024-09-08 categories: @@ -14,7 +17,7 @@ license: BY-SA preview: logo: theme/assets/img/cryptocurrency/proton-wallet.svg review: - type: WebApplication + type: SoftwareApplication category: FinanceApplication subcategory: Cryptocurrency Wallet name: Proton Wallet diff --git a/blog/posts/relisting-startpage.md b/blog/posts/relisting-startpage.md index 6926ab4f..453761ed 100644 --- a/blog/posts/relisting-startpage.md +++ b/blog/posts/relisting-startpage.md @@ -9,6 +9,8 @@ links: - Search Engines: https://www.privacyguides.org/en/search-engines/ tags: - Search Engines +description: Startpage has been relisted in our search engine recommendations following their open communications with the Privacy Guides community. +schema_type: NewsArticle --- # Relisting Startpage.com diff --git a/blog/posts/restrict-act.md b/blog/posts/restrict-act.md index 5a850987..28783a56 100644 --- a/blog/posts/restrict-act.md +++ b/blog/posts/restrict-act.md @@ -12,6 +12,8 @@ tags: links: - posts/hide-nothing.md canonical: https://www.jonaharagon.com/posts/restrict-act/ +description: The RESTRICT Act would grant the government broad powers to restrict access to any site or service they claim could pose a threat to national security, akin to China's Great Firewall. +schema_type: OpinionNewsArticle --- # Worried About TikTok? The RESTRICT Act Is Not the Answer Americans Are Looking For diff --git a/blog/posts/secure-data-erasure.md b/blog/posts/secure-data-erasure.md index d58ba719..f10730a1 100644 --- a/blog/posts/secure-data-erasure.md +++ b/blog/posts/secure-data-erasure.md @@ -11,6 +11,8 @@ links: tags: - Linux license: BY-SA +description: Erasing data from your computer may seem like a simple task, but if you want to make sure the data is truly unrecoverable, there are some things you should consider. +schema_type: AnalysisNewsArticle --- # Erasing Data Securely From Your SSD or HDD diff --git a/blog/posts/security-privacy-anonymity.md b/blog/posts/security-privacy-anonymity.md index e8b350af..0d293cbb 100644 --- a/blog/posts/security-privacy-anonymity.md +++ b/blog/posts/security-privacy-anonymity.md @@ -11,6 +11,8 @@ links: tags: - Security license: BY +description: Privacy, security, and anonymity often complement each other, but they are not always dependent on each other, and they are definitely not the same thing. +schema_type: OpinionNewsArticle --- # Security, Privacy, and Anonymity diff --git a/blog/posts/signal-configuration-and-hardening.md b/blog/posts/signal-configuration-and-hardening.md index bdab3763..da6eb638 100644 --- a/blog/posts/signal-configuration-and-hardening.md +++ b/blog/posts/signal-configuration-and-hardening.md @@ -13,6 +13,8 @@ tags: - Molly - Instant Messengers license: BY-SA +description: This guide details actions you can take to configure and harden Signal in accordance with your threat model. +schema_type: AnalysisNewsArticle --- # Signal Configuration and Hardening Guide diff --git a/blog/posts/signal-number-registration-update.md b/blog/posts/signal-number-registration-update.md index 094c9264..49ccd63b 100644 --- a/blog/posts/signal-number-registration-update.md +++ b/blog/posts/signal-number-registration-update.md @@ -13,6 +13,8 @@ links: - posts/signal-configuration-and-hardening.md - Real-Time Communication: https://www.privacyguides.org/real-time-communication/ license: BY-SA +description: Signal has changed how it handles registration. This primarily affects people who are using a number for Signal that they don't have exclusive access to. +schema_type: ReportageNewsArticle --- # Important Changes to Signal Registration and Registration Lock diff --git a/blog/posts/staff-announcement.md b/blog/posts/staff-announcement.md index a5851acf..8701efec 100644 --- a/blog/posts/staff-announcement.md +++ b/blog/posts/staff-announcement.md @@ -8,6 +8,8 @@ authors: tags: - Privacy Guides license: BY-SA +description: Privacy Guides has reached a significant milestone with today's hire of our first employee, Project Director Jonah Aragon. +schema_type: NewsArticle --- # Jonah Aragon Hired as Project Director diff --git a/blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md b/blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md index 10fb839f..6f41ea68 100644 --- a/blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md +++ b/blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md @@ -2,7 +2,7 @@ date: created: 2019-11-20 categories: - - Opinion + - News authors: - jonah links: @@ -12,6 +12,8 @@ links: tags: - VPN license: BY-SA +description: There’s a massive problem in the privacy world. Many shady companies are disguising advertisements as genuine reviews, to the detriment of real news sources like Privacy Guides and to potential buyers of these services. +schema_type: AnalysisNewsArticle --- # The Trouble With VPN and Privacy Review Sites diff --git a/blog/posts/threads-launch-twitter.md b/blog/posts/threads-launch-twitter.md index a557e826..e4d13ec8 100644 --- a/blog/posts/threads-launch-twitter.md +++ b/blog/posts/threads-launch-twitter.md @@ -12,6 +12,8 @@ tags: - Twitter - Facebook license: BY-SA +description: The man behind Facebook has somehow managed to make the Twitter experience worse. +schema_type: OpinionNewsArticle --- # Threads Is the Perfect Twitter Alternative, Just Not for You diff --git a/blog/posts/virtual-insanity.md b/blog/posts/virtual-insanity.md index 4d41edbd..c2481b43 100644 --- a/blog/posts/virtual-insanity.md +++ b/blog/posts/virtual-insanity.md @@ -11,6 +11,8 @@ links: tags: - Facebook license: BY-SA +description: On Mark Zuckerberg, Facebook, and the Metaverse. +schema_type: OpinionNewsArticle --- # Virtual Insanity diff --git a/blog/posts/warning-about-signal-proxies.md b/blog/posts/warning-about-signal-proxies.md index b6b5c914..26f8b580 100644 --- a/blog/posts/warning-about-signal-proxies.md +++ b/blog/posts/warning-about-signal-proxies.md @@ -13,6 +13,8 @@ links: - Signal Configuration Guide: https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/ - Real-Time Communication: https://www.privacyguides.org/real-time-communication/ license: BY-SA +description: You should be aware of a number of issues with Signal’s current proxy implementation. +schema_type: NewsArticle --- # A Warning About Signal Proxies in Iran and Other Oppressive Countries diff --git a/blog/posts/welcome-to-privacy-guides.md b/blog/posts/welcome-to-privacy-guides.md index e521215a..66b60a59 100644 --- a/blog/posts/welcome-to-privacy-guides.md +++ b/blog/posts/welcome-to-privacy-guides.md @@ -13,6 +13,8 @@ links: tags: - Privacy Guides license: CC0 +description: Today, Privacy Guides has officially launched by our long-standing volunteer team to carry on the legacy of the now-defunct PrivacyTools project. +schema_type: NewsArticle --- # Welcome to Privacy Guides diff --git a/blog/posts/weve-joined-the-open-collective-foundation.md b/blog/posts/weve-joined-the-open-collective-foundation.md index 946bdd0e..ab74e490 100644 --- a/blog/posts/weve-joined-the-open-collective-foundation.md +++ b/blog/posts/weve-joined-the-open-collective-foundation.md @@ -10,6 +10,7 @@ links: tags: - Privacy Guides license: CC0 +schema_type: NewsArticle --- # We've Joined the Open Collective Foundation 501(c)(3) diff --git a/blog/posts/why-i-run-a-tor-relay.md b/blog/posts/why-i-run-a-tor-relay.md index 7a90a54d..4a07abf8 100644 --- a/blog/posts/why-i-run-a-tor-relay.md +++ b/blog/posts/why-i-run-a-tor-relay.md @@ -11,6 +11,8 @@ tags: - Tor - Self-Hosting license: BY-SA +description: Each Tor relay is the direct result of an individual deciding to sacrifice money, time and effort for the cause of fighting for a freer Internet. +schema_type: OpinionNewsArticle --- # Why I Decided to Run a Tor Relay diff --git a/docs/about.md b/docs/about.md index 10ccaf5f..1157f044 100644 --- a/docs/about.md +++ b/docs/about.md @@ -23,27 +23,11 @@ schema: [:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage } [:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } -## Staff +Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape. -[**Jonah Aragon**](https://www.jonaharagon.com) is the Project Director and staff writer at *Privacy Guides*. His role includes researching and writing for this website, system administration, creating *Privacy Guides Online Learning* course content, reviewing the products recommended here, and most other day-to-day tasks. +In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -
- -[:simple-discourse: Discourse (preferred): @jonah](https://discuss.privacyguides.net/u/jonah) - -[:material-email: Email: jonah@privacyguides.org](mailto:jonah@privacyguides.org) - -[:simple-mastodon: Mastodon: @jonah@neat.computer](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){rel=me} - -[:simple-signal: Signal: @jonah.01](https://signal.me/#eu/dDtlmTPv09utyEJPwCHq8UYs-AVOPlys8weinr7alfdylK5G-LNIX7GasDNJdV6y) - -
- -*The Project Director is a part-time position which reports directly to the executive committee.* - ---- - -[Open Positions :material-arrow-right-drop-circle:](about/jobs.md) +[Job Openings :material-arrow-right-drop-circle:](about/jobs.md) ## Executive Committee @@ -60,8 +44,8 @@ The project executive committee consists of five volunteers charged with managem [:material-account: Profile](https://discuss.privacyguides.net/u/dngray) - [:simple-github:]( "GitHub") - [:simple-mastodon:](https://mastodon.social/@dngray "@dngray@mastodon.social"){rel=me} + [:material-github:]( "GitHub") + [:material-mastodon:](https://mastodon.social/@dngray "@dngray@mastodon.social"){rel=me} [:material-email:](mailto:dngray@privacyguides.org "Email") - :detective:{ .lg .middle } **Freddy** @@ -72,8 +56,8 @@ The project executive committee consists of five volunteers charged with managem [:material-account: Profile](https://discuss.privacyguides.net/u/freddy) - [:simple-github:](https://github.com/freddy-m "GitHub") - [:simple-mastodon:](https://social.lol/@freddy "@freddy@social.lol"){rel=me} + [:material-github:](https://github.com/freddy-m "GitHub") + [:material-mastodon:](https://social.lol/@freddy "@freddy@social.lol"){rel=me} [:material-email:](mailto:freddy@privacyguides.org "Email") - :robot:{ .lg .middle } **Jonah Aragon** @@ -84,8 +68,9 @@ The project executive committee consists of five volunteers charged with managem [:material-account: Profile](https://discuss.privacyguides.net/u/jonah) - [:simple-github:](https://github.com/jonaharagon "GitHub") - [:simple-mastodon:](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){rel=me} + [:material-home:](https://www.jonaharagon.com "Homepage") + [:material-github:](https://github.com/jonaharagon "GitHub") + [:material-mastodon:](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){rel=me} [:material-email:](mailto:jonah@privacyguides.org "Email") - :cactus:{ .lg .middle } **Niek de Wilde** @@ -96,8 +81,8 @@ The project executive committee consists of five volunteers charged with managem [:material-account: Profile](https://discuss.privacyguides.net/u/Niek-de-Wilde) - [:simple-github:](https://github.com/blacklight447 "GitHub") - [:simple-mastodon:](https://mastodon.social/@blacklight447 "@blacklight447@mastodon.social"){rel=me} + [:material-github:](https://github.com/blacklight447 "GitHub") + [:material-mastodon:](https://mastodon.social/@blacklight447 "@blacklight447@mastodon.social"){rel=me} [:material-email:](mailto:niekdewilde@privacyguides.org "Email") - :smirk_cat:{ .lg .middle } **Olivia** @@ -108,29 +93,11 @@ The project executive committee consists of five volunteers charged with managem [:material-account: Profile](https://discuss.privacyguides.net/u/olivia) - [:simple-github:](https://github.com/hook9 "GitHub") - [:simple-mastodon:](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} + [:material-github:](https://github.com/hook9 "GitHub") + [:material-mastodon:](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -## Volunteer Team - -A number of other contributors have volunteered their time to review and approve changes to this website, and keep the website up to date. Changes require 2+ approvals from team members before they can be merged. In addition to the executive committee members above, volunteers [trusted](https://github.com/orgs/privacyguides/people) to review pull requests include: - -
- -- [:simple-github: **kimg45**](https://github.com/kimg45) -- [:simple-github: **ph00lt0**](https://github.com/ph00lt0) -- [:simple-github: **redoomed1**](https://github.com/redoomed1) - -
- -We also especially thank our dedicated moderation team on Matrix and our forum: *Austin Huang*, *namazso*, *hik*, *riley*, and *Valynor*. - -Additionally, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). - -Our team members review all changes made to the website and direct the course of the project as a whole. They do not personally profit from any contributions made to this site. Donations to Privacy Guides are generally tax-deductible in the United States. - ## In The Media > To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. @@ -141,7 +108,7 @@ Our team members review all changes made to the website and direct the course of — [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] -Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok), [Wirecutter](https://nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc) [[2](https://nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac)], [NPO Radio 1](https://nporadio1.nl/nieuws/binnenland/8eaff3a2-8b29-4f63-9b74-36d2b28b1fe1/ooit-online-eens-wat-doms-geplaatst-ga-jezelf-eens-googlen-en-kijk-dan-wat-je-tegenkomt), [Wired](https://wired.com/story/firefox-mozilla-2022) and [Fast Company](https://fastcompany.com/91167564/mozilla-wants-you-to-love-firefox-again). +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok), [Wirecutter](https://nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc) [[2](https://nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac)], [NPO Radio 1](https://nporadio1.nl/nieuws/binnenland/8eaff3a2-8b29-4f63-9b74-36d2b28b1fe1/ooit-online-eens-wat-doms-geplaatst-ga-jezelf-eens-googlen-en-kijk-dan-wat-je-tegenkomt), [Wired](https://wired.com/story/firefox-mozilla-2022), [Fast Company](https://fastcompany.com/91167564/mozilla-wants-you-to-love-firefox-again) and [404 Media](https://404media.co/privacy-service-optery-faces-backlash-after-plan-to-send-openai-user-data). ## History @@ -151,7 +118,7 @@ In 2022, we completed the transition of our main website framework from Jekyll t We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. -In 2023, we launched international translations of our website in [French](https://www.privacyguides.org/fr/), [Hebrew](https://www.privacyguides.org/he/), [Dutch](https://www.privacyguides.org/nl/), and more languages, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. +In 2023, we launched international translations of our website in [French](https://www.privacyguides.org/fr), [Hebrew](https://www.privacyguides.org/he), [Dutch](https://www.privacyguides.org/nl), and more languages, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Site License diff --git a/docs/about/contributors.md b/docs/about/contributors.md index 58995f63..cafa44bc 100644 --- a/docs/about/contributors.md +++ b/docs/about/contributors.md @@ -2,6 +2,7 @@ title: Contributors hide: - toc +description: A complete list of contributors who have collectively made an enormous impact on the Privacy Guides project. --- @@ -9,12 +10,12 @@ This project follows the [all-contributors](https://github.com/all-contributors/ | Emoji | Type | Description | --- | --- | --- -| 📖 | `doc` | A contributor to the content on [privacyguides.org](https://www.privacyguides.org/en/). +| 📖 | `doc` | A contributor to the content on [privacyguides.org](https://www.privacyguides.org/en). | 👀 | `review` | Someone who has taken the time to review [pull requests](https://github.com/privacyguides/privacyguides.org/pulls) to the site. | 📝 | `blog` | Someone who has written a [blog](https://blog.privacyguides.org) post for us. | 💬 | `question` | Someone who has been helpful when answering questions on our [forum](https://discuss.privacyguides.net) or Matrix channels. | 🌍 | `translation` | Someone who has contributed on [Crowdin](https://crowdin.com/project/privacyguides). -A huge thank you from Privacy Guides to these wonderful people ([full emoji key](https://allcontributors.org/docs/en/emoji-key)): +A huge thank you from Privacy Guides to the following wonderful people ([full emoji key](https://allcontributors.org/docs/en/emoji-key)). We also especially thank our dedicated community moderation team on Matrix and our forum: *Austin Huang*, *namazso*, *hik*, *riley*, and *Valynor*. --8<-- "includes/contributors.md" diff --git a/docs/about/criteria.md b/docs/about/criteria.md index a2bbb09c..dd2e228d 100644 --- a/docs/about/criteria.md +++ b/docs/about/criteria.md @@ -1,5 +1,6 @@ --- title: General Criteria +description: A list of general priorities we consider for all submissions to Privacy Guides. --- Below are some general priorities we consider for all submissions to Privacy Guides. Each category will have additional requirements for inclusion. diff --git a/docs/about/donate.md b/docs/about/donate.md index 17e49f80..4f168a5f 100644 --- a/docs/about/donate.md +++ b/docs/about/donate.md @@ -1,5 +1,6 @@ --- title: Donate +description: The charitable mission of Privacy Guides relies on contributions from visitors like yourself. Anything you can do to support the project is hugely appreciated. --- Donate to Privacy Guides and support our mission to defend digital rights and spread the word about mass surveillance programs and other daily privacy invasions. You can help Privacy Guides researchers, activists, and maintainers create informative content, host private digital services, and protect privacy rights at a time when the world needs it most. diff --git a/docs/about/executive-policy.md b/docs/about/executive-policy.md index d13112e0..8d4a8118 100644 --- a/docs/about/executive-policy.md +++ b/docs/about/executive-policy.md @@ -1,5 +1,6 @@ --- title: Executive Policy +description: These are policies formally adopted by our executive committee, and take precedence over all other statements expressed on this website. --- These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website. diff --git a/docs/about/jobs.md b/docs/about/jobs.md index a8e8dc1f..b907c917 100644 --- a/docs/about/jobs.md +++ b/docs/about/jobs.md @@ -1,11 +1,40 @@ --- title: Job Openings +description: Privacy Guides has a small, remote team of privacy researchers and advocates. Any open positions we may have in the future will be posted here. --- -Privacy Guides has a small, remote team of privacy researchers and advocates working to further our mission of protecting free expression and promoting privacy-respecting technology. As a non-profit, we are expanding very slowly to ensure the project is sustainable in the long term. All of our staff members are listed [here](../about.md#staff). Please consider [donating](donate.md) to support our cause. +Privacy Guides has a small, remote team of privacy researchers and advocates working to further our mission of protecting free expression and promoting privacy-respecting technology. As a non-profit, we are expanding very slowly to ensure the project is sustainable in the long term. All of our team members are listed [here](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all). Please consider [donating](donate.md) to support our cause. We are occasionally looking for strong journalistic writers, product reviewers, and privacy experts to help us out, and any open positions will be posted below. --- -*We do not have any job openings at the moment.* +## Open Positions + +
+ +- :material-video-box:{ .lg .middle } **Content Creator** + + --- + + Full-Time | Remote | \$20-$25/hour + + [View posting :material-arrow-right-drop-circle:](jobs/content-creator.md) + +- :material-file-document-edit:{ .lg .middle } **Journalist** + + --- + + Full-Time | Remote | \$20-$25/hour + + [View posting :material-arrow-right-drop-circle:](jobs/journalist.md) + +- :material-comment-account-outline:{ .lg .middle } **Intern - Community/News** + + --- + + Internship | Remote | \$15/hour + + [View posting :material-arrow-right-drop-circle:](jobs/intern-news.md) + +
diff --git a/docs/about/jobs/content-creator.md b/docs/about/jobs/content-creator.md new file mode 100644 index 00000000..c1b2ea9e --- /dev/null +++ b/docs/about/jobs/content-creator.md @@ -0,0 +1,60 @@ +--- +title: Content Creator +description: Privacy Guides is looking for a video producer and host for informative privacy-related content on YouTube and other platforms. +--- + +[:material-arrow-left-drop-circle: Job Openings](../jobs.md) + +Are you passionate about privacy and cybersecurity? + +Privacy Guides is an international nonprofit dedicated to producing top-tier, unbiased educational content and journalism, and to fostering safe and informative online communities to discuss technical topics around improving personal privacy and cybersecurity. + +Privacy Guides is looking for a focused and motivated individual to be responsible for our social media presence from end to end, with a particular emphasis on video content. You must be comfortable being on camera to succeed in this role. + +This is a unique opportunity. Your primary goal will be to create and share privacy-based educational materials, without any motive to sell a product. If you truly value being able to create the best content that you can, and if you are passionate about privacy, then this position is for you! + +Your responsibilities will include, but aren’t limited to: + +- Scripting and hosting educational video content to be posted across various social media platforms. +- Video editing, production, and other backend work required to make successful content. +- Researching new topics to cover. +- Regular, daily posting to text-based social media platforms like Mastodon. +- Regular posting of highly educational video content to social media platforms. +- Compiling news sources for and hosting a weekly news recap (livestreamed) podcast on our YouTube channel. +- Regularly communicating with the Privacy Guides committee and other team members. + +This is a highly individualized role, and we are extremely interested in hearing your ideas on how you’ll find success and make this role your own. You will be responsible for handling virtually every aspect of this role without regular supervision, so being highly self-motivated is a must. + +As a guideline, we expect your video output to be roughly 1 video and 1 *This Week In Privacy* livestream per week, since we think most videos which meet our quality standards will be a multi-day process to research and script, in addition to a day for recording and editing. We realize some videos can be completed more quickly, while others may take multiple weeks or longer before publishing. You will be empowered to use your best judgement and prioritize your work accordingly. + +Job requirements: + +- Excellent organization and communication skills. +- Flexibility to set and respond to varying priorities and deadlines. +- Proactive, results-driven mindset with a strong sense of initiative. +- Comfortable being on camera, and working with video production equipment. +- Personal interest in consumer privacy, cybersecurity, and technology. +- Skeptical nature and drive to investigate difficult, often niche, technologies. You will need to evaluate the truthfulness of claims. + +The following qualifications will be an asset to your application. However, we are looking for the best candidate (which isn’t always apparent on paper!), so please apply even if you don’t meet any/many of these qualifications. + +- Previous YouTube or other video creation experience. +- Previous social media management experience. +- Education in English, journalism, media production, or any other related fields. +- Fluency in Spanish, French, Portuguese, or other languages. +- Familiarity with Privacy Guides' communities, culture, and mission. +- A solid understanding of the latest trends/culture on YouTube & TikTok. +- Located between UTC-08:00 and UTC-04:00 time zones. +- At least basic familiarity with GitHub, including pull requests, branches, reviews, and issues. + +The ideal candidate can commit to this role on a full-time basis (40 hours / week), but we are open to discussing a schedule you suggest. + +For this position, our hiring pay range falls between \$20-$25 / hour USD. The base pay may vary depending on job related qualifications such as knowledge, skills, and experience. Our compensation structure is rooted in a performance and merit based approach that acknowledges performance of both the individual and the project as a whole. + +--- + +**To apply, please send a video cover letter (no more than 5 minutes) and resume to , and include the name of this position in the subject line. Feel free to include any other information or examples of your work that you think we may find relevant if you'd like.** + +Privacy Guides is fiscally hosted by [MAGIC Grants](https://magicgrants.org), a 501(c)(3) public charity. MAGIC Grants is an equal opportunity employer. MAGIC Grants does not discriminate against any applicant or employee because of age, color, sex, disability, national origin, race, religion, sexual orientation, sexual identity, veteran status, or other protected characteristic. + +We respect your privacy. After this position is filled, your application will be deleted. Your application will not be shared with third parties. diff --git a/docs/about/jobs/intern-news.md b/docs/about/jobs/intern-news.md new file mode 100644 index 00000000..c4e83ad2 --- /dev/null +++ b/docs/about/jobs/intern-news.md @@ -0,0 +1,42 @@ +--- +title: Intern (Community & News) +description: Privacy Guides is looking for an intern to discover and promote relevant news content on our platform, and to moderate and engage with our online communities. +--- + +[:material-arrow-left-drop-circle: Job Openings](../jobs.md) + +Are you passionate about privacy and cybersecurity? + +Privacy Guides is an international nonprofit dedicated to producing top-tier, unbiased educational content and journalism, and to fostering safe and informative online communities to discuss technical topics around improving personal privacy and cybersecurity. + +This role is focused on interacting with our community members and answering their questions, keeping our online communities safe and constructive, and sharing thoughtful and informative news stories from around the internet for community discussion. + +Responsibilities will include: + +- Regularly interacting with our forum and other communities. +- Responding to moderation complaints/flags within our communities. +- Reading news stories from a variety of publications and generally staying up to date with the latest news in the privacy and cybersecurity space. +- Regularly posting interesting news stories and other topics you discover in our communities for discussion. +- Assisting our other staff and volunteers with research, writing, video production, and editing. +- Assisting with Privacy Guides' advocacy efforts. +- Remaining polite and fact-focused. + +No prior experience is necessary. We are looking for people passionate about privacy, cybersecurity, journalism, and community management regardless of your GPA or background. + +The following will be assets to your application, but please submit an application even if they don't apply to you: + +- Familiarity with Privacy Guides' communities, culture, and mission. +- Previous experience with social media management and/or journalism. +- Located between UTC-08:00 and UTC-04:00 time zones. + +This is a part-time, 10-20 hour per week role depending on your availability. We can work around your schedule and other obligations. + +This is a 6-month contract paying $15 / hour USD, with the optional opportunity for renewal or a longer-term role depending on your personal goals and the project's outcome. The specific starting and ending dates are flexible. + +--- + +**To apply, please send a cover letter and resume to , and include the name of this position in the subject line. Feel free to include any other information or examples of your work that you think we may find relevant if you'd like.** + +Privacy Guides is fiscally hosted by [MAGIC Grants](https://magicgrants.org), a 501(c)(3) public charity. MAGIC Grants is an equal opportunity employer. MAGIC Grants does not discriminate against any applicant or employee because of age, color, sex, disability, national origin, race, religion, sexual orientation, sexual identity, veteran status, or other protected characteristic. + +We respect your privacy. After this position is filled, your application will be deleted. Your application will not be shared with third parties. diff --git a/docs/about/jobs/journalist.md b/docs/about/jobs/journalist.md new file mode 100644 index 00000000..10fb32bd --- /dev/null +++ b/docs/about/jobs/journalist.md @@ -0,0 +1,61 @@ +--- +title: Journalist +description: Privacy Guides is looking for a determined and focused journalist to research and write stories from the privacy and cybersecurity space on a regular basis. +--- + +[:material-arrow-left-drop-circle: Job Openings](../jobs.md) + +Are you passionate about privacy and cybersecurity? + +Privacy Guides is an international nonprofit dedicated to producing top-tier, unbiased educational content and journalism, and to fostering safe and informative online communities to discuss technical topics around improving personal privacy and cybersecurity. + +We are looking for a determined and focused journalist to join our team. As a reporter for our organization, you will conduct research, interview sources, and write engaging stories in the field of consumer privacy and cybersecurity. + +Our ideal candidate is committed to combating misinformation and clearly communicating stories on a timely basis, and dedicated to producing top-tier, unbiased journalism. + +Privacy Guides is a small, largely volunteer-driven nonprofit media organization, and we do not currently have a dedicated writing and editing team. As such, you will be expected to take charge of the entire writing process from beginning to publication. You will have the freedom to choose which topics to cover and set a schedule to release articles on our main website. + +==Our primary mission is to publish the highest quality content surrounding consumer privacy and cybersecurity on the internet==, not the highest quantity of stories. You will be empowered to dive deep into the topics you are writing about, and expected to meet our high quality and editorial standards. + +Your responsibilities will include, but aren’t limited to: + +- Creating high-quality articles for our [knowledge base](../../basics/why-privacy-matters.md). +- Performing product reviews for our [reviews](https://www.privacyguides.org/articles/category/reviews) section and [tool recommendations](../../tools.md). +- Researching new topics to cover. +- Interviewing and fact-checking all relevant sources. +- Regular posting of high-quality, unbiased journalistic content across our platforms. + +As a guideline, we expect roughly 3-5 articles a week that meet our quality standards, since we believe a well-researched article will take at least 8 hours to research and write on average. We realize some articles can be completed quickly, while others may take weeks or longer before publishing. You will be empowered to use your best judgement and prioritize your work accordingly. + +We are much more interested in articles that deeply cover a subject area than articles that cover the news of the day. + +Job requirements: + +- Excellent organization and communication skills. +- Expertise in English and writing. +- Flexibility to set and respond to varying priorities and deadlines. +- Proactive, results-driven mindset with a strong sense of initiative. +- Personal interest in consumer privacy, cybersecurity, and technology. +- Regular communication with the Privacy Guides committee and other team members. +- Skeptical nature and drive to investigate difficult, often niche, technologies. You will need to evaluate the truthfulness of claims. + +The following qualifications will be an asset to your application. However, we are looking for the best candidate (which isn’t always apparent on paper!), so please apply even if you don’t meet any/many of these qualifications. + +- Previous writing or journalism experience. +- Previous product review experience. +- Education in English, journalism, media production, or any other related fields. +- Familiarity with Privacy Guides' communities, culture, and mission. +- Located between UTC-08:00 and UTC-04:00 time zones. +- At least basic familiarity with GitHub, including pull requests, branches, reviews, and issues. + +The ideal candidate can commit to this role on a full-time basis (40 hours / week), but we are open to discussing a schedule you suggest. + +For this position, our hiring pay range falls between \$20-$25 / hour USD. The base pay may vary depending on job related qualifications such as knowledge, skills, and experience. Our compensation structure is rooted in a performance and merit based approach that acknowledges performance of both the individual and the project as a whole. + +--- + +**To apply, please send a cover letter and resume to , and include the name of this position in the subject line. Feel free to include any other information or examples of your work that you think we may find relevant if you'd like.** + +Privacy Guides is fiscally hosted by [MAGIC Grants](https://magicgrants.org), a 501(c)(3) public charity. MAGIC Grants is an equal opportunity employer. MAGIC Grants does not discriminate against any applicant or employee because of age, color, sex, disability, national origin, race, religion, sexual orientation, sexual identity, veteran status, or other protected characteristic. + +We respect your privacy. After this position is filled, your application will be deleted. Your application will not be shared with third parties. diff --git a/docs/about/notices.md b/docs/about/notices.md index 6fd3d785..bc7fc182 100644 --- a/docs/about/notices.md +++ b/docs/about/notices.md @@ -1,5 +1,6 @@ --- title: "Notices and Disclaimers" +description: Information about our website license, acceptable use policy, and other important details. --- ## Legal Disclaimer diff --git a/docs/about/privacy-policy.md b/docs/about/privacy-policy.md index 47677953..4cdaedcd 100644 --- a/docs/about/privacy-policy.md +++ b/docs/about/privacy-policy.md @@ -1,7 +1,8 @@ --- title: "Privacy Policy" +description: We do not sell or share your data with any third-parties. --- -Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). +Privacy Guides is a community project operated by a number of active contributors. The public list of team members [can be found on our forum](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all). ## Data We Collect From Visitors diff --git a/docs/about/privacytools.md b/docs/about/privacytools.md index 6189b82e..e906af56 100644 --- a/docs/about/privacytools.md +++ b/docs/about/privacytools.md @@ -1,5 +1,6 @@ --- title: "PrivacyTools FAQ" +description: The real story behind the team transition from privacytools.io to privacyguides.org --- In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. diff --git a/docs/about/services.md b/docs/about/services.md index 94629fd4..389746b9 100644 --- a/docs/about/services.md +++ b/docs/about/services.md @@ -1,3 +1,7 @@ +--- +description: We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. +--- + # Privacy Guides Services We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below. diff --git a/docs/about/statistics.md b/docs/about/statistics.md index 1dc31186..061bf5b9 100644 --- a/docs/about/statistics.md +++ b/docs/about/statistics.md @@ -1,5 +1,6 @@ --- title: Traffic Statistics +description: We self-host Umami to create a nice visualization of our traffic statistics, which are made public here. --- We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below. diff --git a/docs/advanced/dns-overview.md b/docs/advanced/dns-overview.md index 8b90154c..e7ef36d2 100644 --- a/docs/advanced/dns-overview.md +++ b/docs/advanced/dns-overview.md @@ -12,7 +12,7 @@ When you visit a website, a numerical address is returned. For example, when you DNS has existed since the [early days](https://en.wikipedia.org/wiki/Domain_Name_System#History) of the Internet. DNS requests made to and from DNS servers are **not** generally encrypted. In a residential setting, a customer is given servers by the ISP via [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol). -Unencrypted DNS requests are able to be easily **surveilled** and **modified** in transit. In some parts of the world, ISPs are ordered to do primitive [DNS filtering](https://en.wikipedia.org/wiki/DNS_blocking). When you request the IP address of a domain that is blocked, the server may not respond or may respond with a different IP address. As the DNS protocol is not encrypted, the ISP (or any network operator) can use [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) to monitor requests. ISPs can also block requests based on common characteristics, regardless of which DNS server is used. Unencrypted DNS always uses [port](https://en.wikipedia.org/wiki/Port_(computer_networking)) 53 and always uses UDP. +Unencrypted DNS requests are able to be easily **surveilled** and **modified** in transit. In some parts of the world, ISPs are ordered to do primitive [DNS filtering](https://en.wikipedia.org/wiki/DNS_blocking). When you request the IP address of a domain that is blocked, the server may not respond or may respond with a different IP address. As the DNS protocol is not encrypted, the ISP (or any network operator) can use [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) to monitor requests. ISPs can also block requests based on common characteristics, regardless of which DNS server is used. Below, we discuss and provide a tutorial to prove what an outside observer may see using regular unencrypted DNS and [encrypted DNS](#what-is-encrypted-dns). diff --git a/docs/advanced/payments.md b/docs/advanced/payments.md index 75df2e5c..66cabba1 100644 --- a/docs/advanced/payments.md +++ b/docs/advanced/payments.md @@ -1,6 +1,7 @@ --- title: Private Payments icon: material/hand-coin +description: Your buying habits are the holy grail of ad targeting, but you still have plenty of options when it comes to making payments privately. --- There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. diff --git a/docs/advanced/tor-overview.md b/docs/advanced/tor-overview.md index 2004520b..9fca7e00 100644 --- a/docs/advanced/tor-overview.md +++ b/docs/advanced/tor-overview.md @@ -204,5 +204,5 @@ It is [possible](https://discuss.privacyguides.net/t/clarify-tors-weaknesses-wit ## Additional Resources - [Tor Browser User Manual](https://tb-manual.torproject.org) -- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) -- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) +- [How Tor Works - Computerphile](https://youtube.com/watch?v=QRYzre4bf7I) (YouTube) +- [Tor Onion Services - Computerphile](https://youtube.com/watch?v=lVcbq_a5N9I) (YouTube) diff --git a/docs/android/general-apps.md b/docs/android/general-apps.md index fc2ff593..dc1ec989 100644 --- a/docs/android/general-apps.md +++ b/docs/android/general-apps.md @@ -1,5 +1,6 @@ --- title: "General Apps" +description: The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. schema: - "@context": http://schema.org @@ -26,10 +27,16 @@ schema: operatingSystem: Android robots: nofollow, max-snippet:-1, max-image-preview:large --- +Protects against the following threat(s): + +- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange } + We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. ### Shelter +If your device is on Android 15 or greater, we recommend using the native [Private Space](../os/android-overview.md#private-space) feature instead, which provides nearly the same functionality without needing to place trust in and grant powerful permissions to a third-party app. +
![Shelter logo](../assets/img/android/shelter.svg){ align=right } @@ -47,14 +54,18 @@ Shelter supports blocking contact search cross profiles and sharing files across

Warning

-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). - When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). + ### Secure Camera +Protects against the following threat(s): + +- [:material-account-search: Public Exposure](../basics/common-threats.md#limiting-public-information){ .pg-green } +
![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right } @@ -98,7 +109,6 @@ The image orientation metadata is not deleted. If you enable location (in Secure Protects against the following threat(s): - [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } -- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange }
diff --git a/docs/android/index.md b/docs/android/index.md index 64df8c3f..63ac6364 100644 --- a/docs/android/index.md +++ b/docs/android/index.md @@ -1,5 +1,6 @@ --- title: "Android" +description: Our advice for replacing privacy-invasive default Android features with private and secure alternatives. icon: 'simple/android' cover: android.webp schema: diff --git a/docs/android/obtaining-apps.md b/docs/android/obtaining-apps.md index c27f0ef5..7f60cd49 100644 --- a/docs/android/obtaining-apps.md +++ b/docs/android/obtaining-apps.md @@ -1,5 +1,6 @@ --- title: "Obtaining Applications" +description: We recommend these methods for obtaining applications on Android without interacting with Google Play Services. --- There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference. diff --git a/docs/assets/img/ios/contact-permissions-dark.png b/docs/assets/img/ios/contact-permissions-dark.png new file mode 100644 index 00000000..f7279408 Binary files /dev/null and b/docs/assets/img/ios/contact-permissions-dark.png differ diff --git a/docs/assets/img/ios/contact-permissions-light.png b/docs/assets/img/ios/contact-permissions-light.png new file mode 100644 index 00000000..c49046ad Binary files /dev/null and b/docs/assets/img/ios/contact-permissions-light.png differ diff --git a/docs/assets/img/ios/photo-permissions-dark.png b/docs/assets/img/ios/photo-permissions-dark.png new file mode 100644 index 00000000..a5e11c54 Binary files /dev/null and b/docs/assets/img/ios/photo-permissions-dark.png differ diff --git a/docs/assets/img/ios/photo-permissions-light.png b/docs/assets/img/ios/photo-permissions-light.png new file mode 100644 index 00000000..80e46c45 Binary files /dev/null and b/docs/assets/img/ios/photo-permissions-light.png differ diff --git a/docs/assets/img/ios/private-access-dark.png b/docs/assets/img/ios/private-access-dark.png new file mode 100644 index 00000000..b7126d32 Binary files /dev/null and b/docs/assets/img/ios/private-access-dark.png differ diff --git a/docs/assets/img/ios/private-access-light.png b/docs/assets/img/ios/private-access-light.png new file mode 100644 index 00000000..9ba36f06 Binary files /dev/null and b/docs/assets/img/ios/private-access-light.png differ diff --git a/docs/basics/account-creation.md b/docs/basics/account-creation.md index 22b11db6..44b4f4eb 100644 --- a/docs/basics/account-creation.md +++ b/docs/basics/account-creation.md @@ -74,7 +74,7 @@ Malicious applications, particularly on mobile devices where the application has ### Phone number -We recommend avoiding services that require a phone number for sign up. A phone number can identity you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted. +We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted. You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts. diff --git a/docs/basics/why-privacy-matters.md b/docs/basics/why-privacy-matters.md index ea4f0537..b07bb7f3 100644 --- a/docs/basics/why-privacy-matters.md +++ b/docs/basics/why-privacy-matters.md @@ -1,6 +1,7 @@ --- title: "Why Privacy Matters" icon: 'material/shield-account' +description: In the modern age of digital data exploitation, your privacy has never been more critical, and yet many believe it is already a lost cause. It is not. --- In the modern age of digital data exploitation, your privacy has never been more critical, and yet many believe it is already a lost cause. It is not. ==Your privacy is up for grabs==, and you need to care about it. Privacy is about power, and it is so important that this power ends up in the right hands. diff --git a/docs/browser-extensions.md b/docs/browser-extensions.md index 5cda2b5d..0364e0f5 100644 --- a/docs/browser-extensions.md +++ b/docs/browser-extensions.md @@ -69,7 +69,6 @@ uBlock Origin also has a "Lite" version of their extension, which offers a very
Downloads -- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/addon/ublock-origin-lite) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
diff --git a/docs/cloud.md b/docs/cloud.md index 0a310a9f..bf5cb4f6 100644 --- a/docs/cloud.md +++ b/docs/cloud.md @@ -118,7 +118,7 @@ Peergos is primarily a web app, but you can self-host the server either as a loc Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface. -Peergos was [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in September 2019, and all found issues were subsequently fixed. +Peergos was [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed. An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead. diff --git a/docs/cryptocurrency.md b/docs/cryptocurrency.md index 7ac7523b..6b954f4f 100644 --- a/docs/cryptocurrency.md +++ b/docs/cryptocurrency.md @@ -1,5 +1,6 @@ --- meta_title: "Private Cryptocurrency Blockchains - Privacy Guides" +description: Unlike most cryptocurrencies, these ones provide transaction privacy by default. Monero is our top choice for obfuscating transaction information. title: Cryptocurrency icon: material/bank-circle cover: cryptocurrency.webp diff --git a/docs/data-broker-removals.md b/docs/data-broker-removals.md index 78959728..131920f3 100644 --- a/docs/data-broker-removals.md +++ b/docs/data-broker-removals.md @@ -25,18 +25,36 @@ Use your favorite [search engine](search-engines.md) to see if your data is triv The quickest, most effective, and most private way to remove yourself from people search sites is to submit opt-out requests manually to each site. This can *seem* like a daunting task, because there are hundreds of people search sites, but the reality is that the vast majority of these sites are operated by a small handful of companies. -You should search for your information on these 8 sites first, and submit an opt-out request if your information is found. Removing your data from these providers typically removes your data from many smaller sites at the same time. +You should search for your information on these sites first, and submit an opt-out request if your information is found. Removing your data from these providers typically removes your data from many smaller sites at the same time. -- Acxiom -- BeenVerified -- InfoTracer -- Intelius -- Radaris -- Spokeo -- TruePeopleSearch -- Whitepages +- Advanced Background Checks ([Search](https://advancedbackgroundchecks.com), [Opt-Out](https://advancedbackgroundchecks.com/removal)) +- BeenVerified ([Search](https://beenverified.com/app/optout/search), [Opt-Out](https://beenverified.com/app/optout/address-search)) +- CheckPeople ([Search](https://checkpeople.com/do-not-sell-info), select *Remove Record* to opt-out) +- ClustrMaps ([Search](https://clustrmaps.com), [Opt-Out](https://clustrmaps.com/bl/opt-out)) +- Dataveria ([Search](https://dataveria.com), [Opt-Out](https://dataveria.com/ng/control/privacy)) +- Glad I Know ([Search](https://gladiknow.com), [Opt-Out](https://gladiknow.com/opt-out)) +- InfoTracer ([Search](https://infotracer.com), [Opt-Out](https://infotracer.com/optout)) +- Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login)) +- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout)) +- PublicDataUSA ([Search](https://publicdatausa.com), [Opt-Out](https://publicdatausa.com/remove.php)) +- Radaris ([Search](https://radaris.com), [Opt-Out](https://radaris.com/page/how-to-remove)) +- Spokeo ([Search](https://spokeo.com/search), [Opt-Out](https://spokeo.com/optout)) +- That's Them ([Search](https://thatsthem.com), [Opt-Out](https://thatsthem.com/optout)) +- USPhonebook ([Search and Opt-Out](https://usphonebook.com/opt-out)) +- Whitepages ([Search](https://whitepages.com), [Opt-Out](https://whitepages.com/suppression_requests)) -Once you have done this, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use tools like [Optery](#optery-free-paid)'s free reports or [Google's *Results about you*](#google-results-about-you-free) tool to help find any data that remains on the internet. +
+

A tip on opt-out strategy

+ +Be sure to avoid burning out or becoming overwhelmed with this process. Unless you're in immediate danger, you can take breaks and avoid doing them all at once.[^1] + +One strategy could be to look at a single website from the list above every week, starting from the top. Next week you move on to the following website on the list, and so on. When you reach the end of the list, you can start again from the beginning. + +This sets you up on a nice schedule to re-review each website approximately every 3-4 months, and breaks down the process into simple 5 minute tasks you can easily add to your weekly routine. + +
+ +Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's *Results about you*](#google-results-about-you-free) tool to help find any data that remains on the internet. Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it: @@ -61,28 +79,28 @@ Some websites supported by EasyOptOuts are publicly searchable. In those cases E Our testing indicates that EasyOptOuts provides the best value out of any data removal service we've tested, with a very affordable price and high effectiveness. We will publish a detailed review of EasyOptOuts on our blog in the near future and update this page when it is published. [Independent findings from Consumer Reports](https://discuss.privacyguides.net/t/consumer-reports-evaluating-people-search-site-removal-services/19948) also indicate that EasyOptOuts is one of the top performing data removal services. -## Optery Free & Paid +
+

High priority sites not supported by EasyOptOuts

-
+EasyOptOuts does not cover the following sites we consider to be "high priority," so you should still manually opt-out of: -![Optery logo](assets/img/data-broker-removals/optery.svg){ align=right } - -**Optery** is a free scanning tool which will discover which people search sites have your personal information, provide you with a report of those sites, and link you directly to the self-service removal process to do manually. If you keep your account, the report will be updated quarterly. Optery also has paid plans available where they will submit opt-out requests automatically on your behalf. - -[:octicons-home-16: Homepage](https://optery.com){ .md-button .md-button--primary } -[:octicons-eye-16:](https://optery.com/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://help.optery.com){ .card-link title=Documentation} +- Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login)) +- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout)) +- PublicDataUSA ([Search](https://publicdatausa.com), [Opt-Out](https://publicdatausa.com/remove.php))
-Optery's free scanning tool is an effective way to discover which data brokers have your information already, and their self-service dashboard allows you to easily submit opt-out requests manually. - -We have not finished testing Optery's premium, *automatic* opt-out plans, although initial results appear to be positive. [Independent findings from Consumer Reports](https://discuss.privacyguides.net/t/consumer-reports-evaluating-people-search-site-removal-services/19948) also indicate that Optery is one of the top performing data removal services. It necessarily takes at least a few months for us to evaluate a new data removal service, so check back here soon for our own test results. We will also publish a detailed review of Optery's full service on our blog when we have completed testing, and we will update this page accordingly. - ## Google *Results About You* Free +
+

Google is a data collector themselves

+ This method will require you to submit your personal information to Google for them to periodically monitor their search results for. Google claims to not use the information provided to this tool to "personalize your experiences" across other Google products. +While Google is not a data broker themselves *per se*, as they don't sell or share your data with outside parties, some may find this relationship unacceptable. You should always decide whether the benefits of this tool outweigh the drawbacks for your individual situation. + +
+
![Google logo](assets/img/data-broker-removals/google.svg){ align=right } @@ -101,3 +119,15 @@ You can add up to 3 addresses, 3 phone numbers, and 3 email addresses to your Go When results are found, they will be available for review in this web tool. You can also optionally receive an email notification delivered to the account's Gmail address that lets you know when new results are found. You will then be able to click **Request to remove** on each discovered listing, and Google will review the request. In our testing, this tool worked to reliably remove people search sites from Google search results, but was not effective against websites that showed *corporate* filing information, even if you used your personal address to register a company, nor was it effective against social media profiles. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing a data removal service, and conduct your own research to ensure it's the right choice for you. + +Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community. + +- Must not be a whitelabeled service or reseller of another provider. +- Must not be affiliated with the data broker industry or purchase advertising on people search sites. +- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites. + +[^1]: If you *are* immediately threatened by stalkers or other threats, you should strongly consider an automated tool like [EasyOptOuts](#easyoptouts-paid), at least for the initial "purge." When things are more manageable in the future you can come back to the manual process. Of course, in a dangerous situation your first priority should always be to seek professional help from police or others before tackling it on your own. diff --git a/docs/data-redaction.md b/docs/data-redaction.md index bcef3d72..3b7bc050 100644 --- a/docs/data-redaction.md +++ b/docs/data-redaction.md @@ -5,8 +5,19 @@ icon: material/tag-remove description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. cover: data-redaction.webp --- +Protects against the following threat(s): + +- [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green } + When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. +
+

Warning

+ +You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, you should draw a box over the text. + +
+ ## Desktop ### MAT2 @@ -98,36 +109,6 @@ The app offers multiple ways to erase metadata from images. Namely:
-### PrivacyBlur - -
- -![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right } - -**PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online. - -[:octicons-home-16: Homepage](https://privacyblur.app){ .md-button .md-button--primary } -[:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" } - -
-Downloads - -- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur) -- [:simple-appstore: App Store](https://apps.apple.com/app/id1536274106) - -
- -
- -
-

Warning

- -You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid). - -
- ## Command-line ### ExifTool diff --git a/docs/desktop-browsers.md b/docs/desktop-browsers.md index 74b84145..100a7a02 100644 --- a/docs/desktop-browsers.md +++ b/docs/desktop-browsers.md @@ -74,7 +74,7 @@ If you need to browse the internet anonymously, you should use [Tor](tor.md) ins [:octicons-home-16: Homepage](https://mullvad.net/en/browser){ .md-button .md-button--primary } [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://mullvad.net/en/help/tag/mullvad-browser){ .card-link title=Documentation} +[:octicons-info-16:](https://mullvad.net/en/help/tag/mullvad-browser){ .card-link title="Documentation" } [:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/mullvad-browser){ .card-link title="Source Code" }
@@ -120,9 +120,9 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search- [:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://mozilla.org/privacy/firefox){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.mozilla.org/products/firefox){ .card-link title=Documentation} +[:octicons-info-16:](https://support.mozilla.org/products/firefox){ .card-link title="Documentation" } [:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" } -[:octicons-heart-16:](https://donate.mozilla.org){ .card-link title=Contribute } +[:octicons-heart-16:](https://donate.mozilla.org){ .card-link title="Contribute" }
Downloads @@ -184,6 +184,8 @@ This protects you from persistent cookies, but does not protect you against cook - [ ] Uncheck **Allow Firefox to install and run studies** - [ ] Uncheck **Allow Firefox to send backlogged crash reports on your behalf** +According to Mozilla's privacy policy for Firefox, + > Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs. Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out: @@ -226,7 +228,7 @@ Max Protection enforces the use of DNS over HTTPS, and a security warning will s The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) are subjectively strict and/or may cause some websites to not work properly—which you can [easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/kb/containers#w_for-advanced-users) support. -Arkenfox only aims to thwart basic or naive tracking scripts through canvas randomization and Firefox's built-in fingerprint resistance configuration settings. It does not aim to make your browser blend in with a large crowd of other Arkenfox users in the same way Mullvad Browser or Tor Browser do, which is the only way to thwart advanced fingerprint tracking scripts. Remember you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise trust, and Mullvad Browser for general browsing. +Arkenfox only aims to thwart basic or naive tracking scripts through canvas randomization and Firefox's built-in fingerprint resistance configuration settings. It does not aim to make your browser blend in with a large crowd of other Arkenfox users in the same way Mullvad Browser or Tor Browser do, which is the only way to thwart advanced fingerprint tracking scripts. Remember that you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise trust, and Mullvad Browser for general browsing. ## Brave @@ -241,7 +243,7 @@ Brave is built upon the Chromium web browser project, so it should feel familiar [:octicons-home-16: Homepage](https://brave.com){ .md-button .md-button--primary } [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } [:octicons-eye-16:](https://brave.com/privacy/browser){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.brave.com){ .card-link title=Documentation} +[:octicons-info-16:](https://support.brave.com){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
@@ -294,8 +296,8 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode). -2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar. +1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*. +2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*. #### Privacy and security @@ -303,7 +305,7 @@ Brave allows you to select additional content filters within the internal `brave - [x] Select **Don't allow sites to use the V8 optimizer** under *Security* → *Manage V8 security* (1) - [x] Select **Automatically remove permissions from unused sites** under *Sites and Shields Settings* -- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc) +- [x] Select **Disable non-proxied UDP** under [*WebRTC IP Handling Policy*](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc) - [ ] Uncheck **Use Google services for push messaging** - [x] Select **Auto-redirect AMP pages** - [x] Select **Auto-redirect tracking URLs** @@ -324,7 +326,7 @@ If you wish to stay logged in to a particular site you visit often, you can set ##### Tor windows -[**Private Window with Tor**](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) allows you to route your traffic through the Tor network in Private Windows and access .onion services, which may be useful in some cases. However, Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. If your threat model requires strong anonymity, use the [Tor Browser](tor.md#tor-browser). +[**Private Window with Tor**](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) allows you to route your traffic through the Tor network in Private Windows and access .onion services, which may be useful in some cases. However, Brave is **not** as resistant to fingerprinting as the Tor Browser is, and far fewer people use Brave with Tor, so you will stand out. If your threat model requires strong anonymity, use the [Tor Browser](tor.md#tor-browser). ##### Data Collection @@ -338,12 +340,17 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack - Select **Extensions (no fallback)** under *Default Ethereum wallet* - Select **Extensions (no fallback)** under *Default Solana wallet* -- Set *Method to resolve IPFS resources* to **Disabled** #### Extensions - [ ] Uncheck all built-in extensions you don't use +#### Search engine + +We recommend disabling search suggestions in Brave for the same reason we recommend disabling this feature in [Firefox](#search). + +- [ ] Uncheck **Show search suggestions** + #### System
@@ -364,8 +371,6 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack **Brave Wallet** operates locally on your computer, but does not support any private cryptocurrencies, so we would discourage using this feature as well. -## Additional Resources - ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. @@ -386,8 +391,7 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should include built-in content blocking functionality. - Should support cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/kb/containers)). -- Should support Progressive Web Apps. - PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps, because PWAs benefit from your browser's regular security updates. +- Should support Progressive Web Apps (PWAs). PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps because PWAs benefit from your browser's regular security updates. - Should not include add-on functionality (bloatware) that does not impact user privacy. - Should not collect telemetry by default. - Should provide an open-source sync server implementation. diff --git a/docs/desktop.md b/docs/desktop.md index 583f1759..74f56a74 100644 --- a/docs/desktop.md +++ b/docs/desktop.md @@ -4,6 +4,10 @@ icon: simple/linux description: Linux distributions are commonly recommended for privacy protection and software freedom. cover: desktop.webp --- +Protects against the following threat(s): + +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } + Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. - [General Linux Overview :material-arrow-right-drop-circle:](os/linux-overview.md) @@ -68,7 +72,7 @@ Arch Linux has a rolling release cycle. There is no fixed release schedule and p Being a DIY distribution, you are [expected to set up and maintain](os/linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier. -A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org). +A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org)[^1]. ## Atomic Distributions @@ -124,7 +128,7 @@ The Nix package manager uses a purely functional language—which is also called [Nixpkgs](https://github.com/nixos/nixpkgs) (the main source of packages) are contained in a single GitHub repository. You can also define your own packages in the same language and then easily include them in your config. -Nix is a source-based package manager; if there’s no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible. Binaries built with this method are reproducible, which can be useful as a safeguard against [:material-package-variant-closed-remove: Supply Chain Attacks](basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }. +Nix is a source-based package manager; if there’s no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible. Binaries built with this method are reproducible[^1]. ## Anonymity-Focused Distributions @@ -134,7 +138,7 @@ Nix is a source-based package manager; if there’s no pre-built available in th ![Whonix logo](assets/img/linux-desktop/whonix.svg){ align=right } -**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os). +**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os). [:octicons-home-16: Homepage](https://whonix.org){ .md-button .md-button--primary } [:simple-torbrowser:](http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="Onion Service" } @@ -157,7 +161,7 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh ![Tails logo](assets/img/linux-desktop/tails.svg){ align=right } -**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off. +**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off. [:octicons-home-16: Homepage](https://tails.net){ .md-button .md-button--primary } [:octicons-info-16:](https://tails.net/doc/index.en.html){ .card-link title=Documentation} @@ -182,6 +186,10 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte ## Security-focused Distributions +Protects against the following threat(s): + +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } + ### Qubes OS
@@ -201,7 +209,7 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
-Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the *qubes* and the core system. +Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [:material-target-account: Targeted Attack](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }, the extra isolation is likely to protect the rest of the *qubes* and the core system. For further information about how Qubes works, read our full [Qubes OS overview](os/qubes-overview.md) page. @@ -241,3 +249,5 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Maintaining an operating system is a major challenge, and smaller projects have a tendency to make more avoidable mistakes, or delay critical updates (or worse, disappear entirely). We lean towards projects which will likely be around 10 years from now (whether that's due to corporate backing or very significant community support), and away from projects which are hand-built or have a small number of maintainers. In addition, [our standard criteria](about/criteria.md) for recommended projects still applies. **Please note we are not affiliated with any of the projects we recommend.** + +[^1]: Reproducibility entails the ability to verify that packages and binaries made available to the end user match the source code, which can be useful against potential [:material-package-variant-closed-remove: Supply Chain Attacks](basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }. diff --git a/docs/device-integrity.md b/docs/device-integrity.md index 761a11da..9c7b5fd6 100644 --- a/docs/device-integrity.md +++ b/docs/device-integrity.md @@ -227,32 +227,3 @@ Using these apps is insufficient to determine that a device is "clean", and not
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors) for advice. - -### iVerify Basic (iOS) - -
- -![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right } - -**iVerify Basic** is an iOS app which can scan your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or of [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } such as [Pegasus](https://en.wikipedia.org/wiki/Pegasus_(spyware)). - -[:octicons-home-16: Homepage](https://iverify.io/products/basic){ .md-button .md-button--primary } -[:octicons-eye-16:](https://iverify.io/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation} - -
-Downloads - -- [:simple-appstore: App Store](https://apps.apple.com/app/id1466120520) - -
- -
- -Previously, iVerify would scan your device for threats automatically in the background and notify you if one is found, but this is [no longer the case](https://discuss.privacyguides.net/t/iverify-basic-is-now-available-on-android/18458/11) following their rebrand of the consumer app to *iVerify Basic* in May 2024. You can still run manual scans within the app. Automatic background scanning is now only available in iVerify's enterprise product which is unavailable to consumers. - -Like all iOS apps, iVerify Basic is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is *specifically* designed to bypass iVerify's checks would likely succeed at doing so. - -iVerify Basic is **not** an "antivirus" tool, and will not detect non-system-level malware such as malicious custom keyboards or malicious Wi-Fi Sync configurations, for example. - -In addition to device scanning, iVerify Basic also includes a number of additional security utilities which you may find useful, including device [reboot reminders](os/ios-overview.md#before-first-unlock), iOS update notifications (which are often faster than Apple's staggered update notification rollout), and some basic privacy and security guides. diff --git a/docs/dns.md b/docs/dns.md index aad010ef..e7f06d31 100644 --- a/docs/dns.md +++ b/docs/dns.md @@ -20,14 +20,14 @@ These are our favorite public DNS resolvers based on their privacy and security | DNS Provider | Protocols | Logging / Privacy Policy | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile | |---|---|---|---|---|---| -| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext DoH/3 DoT DoQ DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard.com/en/blog/encrypted-dns-ios-14.html) | +| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext DoH/3 DoT DoQ DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) | | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext DoH/3 DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) | | [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext DoH/3 DoT DoQ | No[^3] | No | Based on server choice. | Yes [:octicons-link-external-24:](https://docs.controld.com/docs/macos-platform) | | [**dns0.eu**](https://dns0.eu) | Cleartext DoH/3 DoH DoT DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) | | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH DoT | No[^5] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://mullvad.net/en/blog/profiles-to-configure-our-encrypted-dns-on-apple-devices) | | [**Quad9**](https://quad9.net) | Cleartext DoH DoT DNSCrypt | Anonymized[^6] | Optional | Based on server choice, malware blocking by default. | Yes [:octicons-link-external-24:](https://quad9.net/news/blog/ios-mobile-provisioning-profiles) | -[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) +[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard-dns.io/en/privacy.html](https://adguard-dns.io/en/privacy.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) [^4]: dns0.eu collects some data for their threat intelligence feeds, to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some [partners](https://docs.dns0.eu/data-feeds/introduction) for e.g. security research. They do not collect any Personally Identifiable Information. [https://dns0.eu/privacy](https://dns0.eu/privacy) diff --git a/docs/email-clients.md b/docs/email-clients.md index 7ca70167..90db2b0b 100644 --- a/docs/email-clients.md +++ b/docs/email-clients.md @@ -40,6 +40,8 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo
Downloads +- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.thunderbird.android) +- [:simple-github: GitHub](https://github.com/thunderbird/thunderbird-android/releases) - [:fontawesome-brands-windows: Windows](https://thunderbird.net) - [:simple-apple: macOS](https://thunderbird.net) - [:simple-linux: Linux](https://thunderbird.net) @@ -49,11 +51,18 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo
+
+

Warning

+ +When replying to someone on a mailing list in Thunderbird Mobile, the "reply" option may also include the mailing list. For more information see [thunderbird/thunderbird-android #3738](https://github.com/thunderbird/thunderbird-android/issues/3738). + +
+ #### Recommended Configuration
-We recommend changing some of these settings to make Thunderbird a little more private. +We recommend changing some of these settings to make Thunderbird Desktop a little more private. These options can be found in :material-menu: → **Settings** → **Privacy & Security**. @@ -72,7 +81,7 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S #### Thunderbird-user.js (advanced) -[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configuration options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](desktop-browsers.md#arkenfox-advanced). +[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configuration options that aims to disable as many of the web-browsing features within Thunderbird Desktop as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](desktop-browsers.md#arkenfox-advanced). ## Platform Specific @@ -181,39 +190,6 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f
-### K-9 Mail (Android) - -
- -![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ align=right } - -**K-9 Mail** is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP. - -In the future, K-9 Mail will be the [officially branded](https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html) Thunderbird client for Android. - -[:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary } -[:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://docs.k9mail.app){ .card-link title="Documentation" } -[:octicons-code-16:](https://github.com/thundernest/k-9){ .card-link title="Source Code" } -[:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title="Contribute" } - -
-Downloads - -- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9) -- [:simple-github: GitHub](https://github.com/thundernest/k-9/releases) - -
- -
- -
-

Warning

- -When replying to someone on a mailing list, the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738). - -
- ### Kontact (KDE)
diff --git a/docs/encryption.md b/docs/encryption.md index 0923b3bb..0da24c55 100644 --- a/docs/encryption.md +++ b/docs/encryption.md @@ -9,7 +9,7 @@ cover: encryption.webp ## Multi-platform -The options listed here are multi-platform and great for creating encrypted backups of your data. +The options listed here are available on multiple platforms and great for creating encrypted backups of your data. ### Cryptomator (Cloud) @@ -77,6 +77,8 @@ Cryptomator's documentation details its intended [security target](https://docs.
+Picocrypt has been [audited](https://github.com/Picocrypt/storage/blob/main/Picocrypt.Audit.Report.pdf) by Radically Open Security in August 2024, and [most](https://github.com/Picocrypt/Picocrypt/issues/32#issuecomment-2329722740) of the issues found in the audit were subsequently fixed. + ### VeraCrypt (Disk) Protects against the following threat(s): @@ -112,13 +114,13 @@ When encrypting with VeraCrypt, you have the option to select from different [ha Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). -## OS Full Disk Encryption +## Operating System Encryption Protects against the following threat(s): - [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } -For encrypting the drive your operating system boots from, we generally recommend enabling the encryption software that comes with your operating system rather than using a third-party tool. This is because your operating system's native encryption tools often make use of OS and hardware-specific features like the [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor) in your device to protect your computer against more advanced physical attacks. For secondary drives and external drives which you *don't* boot from, we still recommend using open-source tools like [VeraCrypt](#veracrypt-disk) over the tools below, because they offer additional flexibility and let you avoid vendor lock-in. +Built-in OS encryption solutions generally leverage hardware security features such as a [secure cryptoprocessor](basics/hardware.md#tpmsecure-cryptoprocessor). Therefore, we recommend using the built-in encryption solutions for your operating system. For cross-platform encryption, we still recommend [cross-platform tools](#multi-platform) for additional flexibility and to avoid vendor lock-in. ### BitLocker @@ -126,7 +128,7 @@ For encrypting the drive your operating system boots from, we generally recommen ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } -**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection). +**BitLocker** is the full volume encryption solution bundled with Microsoft Windows that uses the Trusted Platform Module ([TPM](https://learn.microsoft.com/windows/security/information-protection/tpm/how-windows-uses-the-tpm)) for hardware-based security. [:octicons-info-16:](https://learn.microsoft.com/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title="Documentation" } @@ -134,7 +136,7 @@ For encrypting the drive your operating system boots from, we generally recommen
-BitLocker is [only supported](https://support.microsoft.com/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites. +BitLocker is [officially supported](https://support.microsoft.com/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on the Pro, Enterprise, and Education editions of Windows. It can be enabled on Home editions provided that they meet the following prerequisites.
Enabling BitLocker on Windows Home @@ -184,7 +186,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } -**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. +**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip. [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" } @@ -192,7 +194,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
-We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. +We advise against using your iCloud account for recovery; instead, you should securely store a local recovery key on a separate storage device. ### Linux Unified Key Setup @@ -374,7 +376,7 @@ We suggest [Canary Mail](email-clients.md#canary-mail-ios) for using PGP with em ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } -**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and macOS. +**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail-macos) and other email clients on macOS. We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge Base](https://gpgtools.tenderapp.com/kb) for support. @@ -392,7 +394,7 @@ We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com -Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable release for macOS Sonoma. +Currently, GPG Suite does [not yet](https://gpgtools.com/sequoia) have a stable release for macOS Sonoma and later. ### OpenKeychain @@ -400,7 +402,7 @@ Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable r ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } -**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail-android) and [FairEmail](email-clients.md#fairemail-android) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). +**OpenKeychain** is an implementation of GnuPG for Android. It's commonly required by mail clients such as [Thunderbird](email-clients.md#thunderbird), [FairEmail](email-clients.md#fairemail-android), and other Android apps to provide encryption support. [:octicons-home-16: Homepage](https://openkeychain.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" } @@ -416,6 +418,8 @@ Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable r +Cure53 completed a [security audit](https://openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. The published audit and OpenKeychain's solutions to the issues raised in the audit can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/docs/file-sharing.md b/docs/file-sharing.md index e5ec9c38..d8d123d7 100644 --- a/docs/file-sharing.md +++ b/docs/file-sharing.md @@ -142,7 +142,6 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
Downloads -- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid) - [:fontawesome-brands-windows: Windows](https://syncthing.net/downloads) - [:simple-apple: macOS](https://syncthing.net/downloads) - [:simple-linux: Linux](https://syncthing.net/downloads) diff --git a/docs/financial-services.md b/docs/financial-services.md index 878abbc2..b0fc6e02 100644 --- a/docs/financial-services.md +++ b/docs/financial-services.md @@ -2,7 +2,11 @@ title: Financial Services icon: material/bank cover: financial-services.webp +description: These services can assist you in protecting your privacy from merchants and other trackers, which is one of the biggest challenges to privacy today. --- +Protects against the following threat(s): + +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: @@ -10,6 +14,10 @@ Making payments online is one of the biggest challenges to privacy. These servic ## Payment Masking Services +Protects against the following threat(s): + +- [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green } + There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
@@ -66,6 +74,10 @@ MySudo's virtual cards are currently only available via their iOS app. ## Gift Card Marketplaces +Protects against the following threat(s): + +- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } + These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, with significantly higher limits for ID verified accounts (if offered). ### Coincards @@ -84,7 +96,6 @@ These services allow you to purchase gift cards for a variety of merchants onlin
- ### Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/docs/frontends.md b/docs/frontends.md index c03c1138..6f04420c 100644 --- a/docs/frontends.md +++ b/docs/frontends.md @@ -4,12 +4,15 @@ icon: material/flip-to-front description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. cover: frontends.webp --- +Protects against the following threat(s): -Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } + +Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to circumvent these restrictions. If you choose to self-host these frontends, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting, as other peoples' usage will be linked to your hosting. -When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance. They can be modified by their owners and therefore may not reflect the default policy. Some instances have [Tor](tor.md) .onion addresses which may grant some privacy as long as your search queries don't contain PII. +When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance (if available). They can be modified by their owners and therefore may not reflect the default policy. Some instances have [Tor](tor.md) .onion addresses, which may grant some privacy as long as your search queries don't contain personally identifiable information. ## Reddit @@ -19,13 +22,11 @@ When you are using an instance run by someone else, make sure to read the privac ![Redlib logo](assets/img/frontends/redlib.svg){ align=right } -**Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable. - -There are a number of public instances, with some instances having [Tor](tor.md) onion services support. +**Redlib** is an open-source frontend to the [Reddit](https://reddit.com) website that is also self-hostable. You can access Redlib through a number of public instances. [:octicons-repo-16: Repository](https://github.com/redlib-org/redlib){ .md-button .md-button--primary } -[:octicons-server-16:](https://github.com/redlib-org/redlib-instances/blob/main/instances.md){ .card-link title="Public Instances"} -[:octicons-info-16:](https://github.com/redlib-org/redlib?tab=readme-ov-file#table-of-contents){ .card-link title=Documentation} +[:octicons-server-16:](https://github.com/redlib-org/redlib-instances/blob/main/instances.md){ .card-link title="Public Instances" } +[:octicons-info-16:](https://github.com/redlib-org/redlib?tab=readme-ov-file#table-of-contents){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/redlib-org/redlib){ .card-link title="Source Code" } @@ -41,6 +42,7 @@ The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScr

Tip

Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level. + ## TikTok @@ -53,11 +55,11 @@ Redlib is useful if you want to disable JavaScript in your browser, such as [Tor **ProxiTok** is an open-source frontend to the [TikTok](https://tiktok.com) website that is also self-hostable. -There are a number of public instances, with some instances having [Tor](tor.md) onion services support. +There are a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite. [:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary } -[:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances"} -[:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation} +[:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances" } +[:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
@@ -73,144 +75,7 @@ ProxiTok is useful if you want to disable JavaScript in your browser, such as [T ## YouTube -### FreeTube - -
- -![FreeTube logo](assets/img/frontends/freetube.svg){ align=right } - -**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device. - -By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. - -[:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary } -[:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://docs.freetubeapp.io){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" } -[:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute } - -
-Downloads - -- [:fontawesome-brands-windows: Windows](https://freetubeapp.io/#download) -- [:simple-apple: macOS](https://freetubeapp.io/#download) -- [:simple-linux: Linux](https://freetubeapp.io/#download) -- [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube) - -
- -
- -
-

Warning

- -When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. - -
- -### Yattee - -
- -![Yattee logo](assets/img/frontends/yattee.svg){ align=right } - -**Yattee** is a free and open-source privacy oriented video player for iOS, tvOS, and macOS for [YouTube](https://youtube.com). When using Yattee, your subscription list is saved locally on your device. - -You will need to take a few [extra steps](https://web.archive.org/web/20230330122839/https://gonzoknows.com/posts/Yattee) before you can use Yattee to watch YouTube, due to App Store restrictions. - -[:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary } -[:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://github.com/yattee/yattee/wiki){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/yattee/yattee/wiki/Donations){ .card-link title=Contribute } - -
-Downloads - -- [:simple-apple: App Store](https://apps.apple.com/app/id1595136629) -- [:simple-github: GitHub](https://github.com/yattee/yattee/releases) - -
- -
- -
-

Warning

- -When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. - -
- -By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. - -### LibreTube (Android) - -
- -![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ align=right } -![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ align=right } - -**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API. - -LibreTube allows you to store your subscription list and playlists locally on your Android device, or to an account on your Piped instance of choice, which allows you to access them seamlessly on other devices as well. - -[:octicons-home-16: Homepage](https://libretube.dev){ .md-button .md-button--primary } -[:octicons-eye-16:](https://github.com/libre-tube/LibreTube/blob/master/PRIVACY_POLICY.md){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://libretube.dev/#faq){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/libre-tube/LibreTube#donate){ .card-link title=Contribute } - -
-Downloads - -- [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases) - -
- -
- -
-

Warning

- -When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. - -
- -By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired. - -### NewPipe (Android) - -
- -![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right } - -**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1). - -Your subscription list and playlists are saved locally on your Android device. - -[:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary } -[:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://newpipe.net/FAQ){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" } -[:octicons-heart-16:](https://newpipe.net/donate){ .card-link title=Contribute } - -
-Downloads - -- [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases) - -
- -
- -1. The default instance is [FramaTube](https://framatube.org), however more can be added via **Settings** → **Content** → **PeerTube instances** - -
-

Warning

- -When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. - -
+**Note:** YouTube has gradually rolled out changes to its video player and API that have thwarted some of the methods used by third-party frontends for extracting YouTube data. If you experience reliability issues with one YouTube frontend, consider trying out another that uses a different extraction method. ### Invidious @@ -221,13 +86,13 @@ When using NewPipe, your IP address will be visible to the video providers used. **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable. -There are a number of public instances, with some instances having [Tor](tor.md) onion services support. +There are a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite. [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary } -[:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"} -[:octicons-info-16:](https://docs.invidious.io){ .card-link title=Documentation} +[:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances" } +[:octicons-info-16:](https://docs.invidious.io){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" } -[:octicons-heart-16:](https://invidious.io/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://invidious.io/donate){ .card-link title="Contribute" } @@ -258,10 +123,10 @@ Invidious is useful if you want to disable JavaScript in your browser, such as [ Piped requires JavaScript in order to function and there are a number of public instances. [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary } -[:octicons-server-16:](https://github.com/TeamPiped/Piped/wiki/Instances){ .card-link title="Public Instances"} -[:octicons-info-16:](https://docs.piped.video/docs){ .card-link title=Documentation} +[:octicons-server-16:](https://github.com/TeamPiped/Piped/wiki/Instances){ .card-link title="Public Instances" } +[:octicons-info-16:](https://docs.piped.video/docs){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute } +[:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title="Contribute" } @@ -274,18 +139,159 @@ Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) with +### FreeTube + +
+ +![FreeTube logo](assets/img/frontends/freetube.svg){ align=right } + +**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback. + +When using FreeTube, your subscription list and playlists are saved locally on your device. + +[:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary } +[:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://docs.freetubeapp.io){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" } +[:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title="Contribute" } + +
+Downloads + +- [:fontawesome-brands-windows: Windows](https://freetubeapp.io/#download) +- [:simple-apple: macOS](https://freetubeapp.io/#download) +- [:simple-linux: Linux](https://freetubeapp.io/#download) +- [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube) + +
+ +
+ +
+

Warning

+ +When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +
+ +By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. + +### Yattee + +
+ +![Yattee logo](assets/img/frontends/yattee.svg){ align=right } + +**Yattee** is a free and open-source privacy oriented video player for iOS, tvOS, and macOS for [YouTube](https://youtube.com). Due to App Store restrictions, you will need to take a few [extra steps](https://web.archive.org/web/20230330122839/https://gonzoknows.com/posts/Yattee) before you can use Yattee to watch YouTube. Yattee allows you to connect to instances of [Invidious](#invidious) or [Piped](#piped). + +When using Yattee, your subscription list is saved locally on your device. + +[:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary } +[:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://github.com/yattee/yattee/wiki){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" } +[:octicons-heart-16:](https://github.com/yattee/yattee/wiki/Donations){ .card-link title="Contribute" } + +
+Downloads + +- [:simple-apple: App Store](https://apps.apple.com/app/id1595136629) +- [:simple-github: GitHub](https://github.com/yattee/yattee/releases) + +
+ +
+ +
+

Warning

+ +When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +
+ +By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. + +### LibreTube (Android) + +
+ +![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ align=right } +![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ align=right } + +**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API. + +Your subscription list and playlists are saved locally on your Android device. + +[:octicons-home-16: Homepage](https://libretube.dev){ .md-button .md-button--primary } +[:octicons-eye-16:](https://github.com/libre-tube/LibreTube/blob/master/PRIVACY_POLICY.md){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://libretube.dev/#faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" } +[:octicons-heart-16:](https://github.com/libre-tube/LibreTube#donate){ .card-link title="Contribute" } + +
+Downloads + +- [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases) + +
+ +
+ +
+

Warning

+ +When using LibreTube, your IP address will be visible to YouTube, [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +
+ +By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired. + +### NewPipe (Android) + +
+ +![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right } + +**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1). + +Your subscription list and playlists are saved locally on your Android device. + +[:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary } +[:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://newpipe.net/FAQ){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" } +[:octicons-heart-16:](https://newpipe.net/donate){ .card-link title="Contribute" } + +
+Downloads + +- [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases) + +
+ +
+ +1. The default instance is [FramaTube](https://framatube.org), however more can be added via **Settings** → **Content** → **PeerTube instances**. + +
+

Warning

+ +When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +
+ ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. -Recommended frontends... - -- Must be open-source software. -- Must be self-hostable. -- Must provide all basic website functionality available to anonymous users. - We only consider frontends if one of the following is true for a platform: - Normally only accessible with JavaScript enabled. - Normally only accessible with an account. - Blocks access from commercial [VPNs](vpn.md). + +Recommended frontends... + +- Must be open-source software. +- Must be self-hostable. +- Must provide all basic website functionality available to anonymous users. diff --git a/docs/index.md b/docs/index.md index 5f412e8f..23f1e59c 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,6 +1,6 @@ --- meta_title: "Privacy Guides: Independent Privacy & Security Resources" -description: "Privacy Guides is the most popular & trustworthy non-profit resource to find privacy tools and learn about protecting your digital life. Ad & affiliate free, high quality reviews." +description: "Established in 2021, Privacy Guides is the most popular & trustworthy non-profit resource to find privacy tools and learn about protecting your digital life." template: home.html social: cards_layout: home diff --git a/docs/language-tools.md b/docs/language-tools.md index 28b4e222..13450410 100644 --- a/docs/language-tools.md +++ b/docs/language-tools.md @@ -7,11 +7,9 @@ cover: language-tools.webp Protects against the following threat(s): - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } -- [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray } -Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time. The language tools listed on this page do not send your submitted text to a server, and can be self-hosted and used offline for maximum control of your data. +Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not send your submitted text to a server, and can be self-hosted and used offline for maximum control of your data. ## LanguageTool diff --git a/docs/meta/admonitions.md b/docs/meta/admonitions.md index a3039243..af1ab973 100644 --- a/docs/meta/admonitions.md +++ b/docs/meta/admonitions.md @@ -1,5 +1,6 @@ --- title: Admonitions +description: A guide for website contributors on creating admonitions. --- **Admonitions** (or "call-outs") are a choice writers can use to include side content in an article without interrupting the document flow. diff --git a/docs/meta/brand.md b/docs/meta/brand.md index 349d9a51..8e3d9954 100644 --- a/docs/meta/brand.md +++ b/docs/meta/brand.md @@ -1,5 +1,6 @@ --- title: Branding Guidelines +description: A guide for journalists and website contributors on proper branding of the Privacy Guides wordmark and logo. --- The name of the website is **Privacy Guides** and should **not** be changed to: diff --git a/docs/meta/commit-messages.md b/docs/meta/commit-messages.md index 0b2f484d..be6fd9d6 100644 --- a/docs/meta/commit-messages.md +++ b/docs/meta/commit-messages.md @@ -1,5 +1,6 @@ --- title: Commit Messages +description: A guide for website contributors on using useful Git commit messages when making website change requests. --- For our commit messages we follow the style provided by [Conventional Commits](https://conventionalcommits.org). Not all of those suggestions are appropriate for Privacy Guides, so the main ones we use are: diff --git a/docs/meta/git-recommendations.md b/docs/meta/git-recommendations.md index 110617ec..d3638781 100644 --- a/docs/meta/git-recommendations.md +++ b/docs/meta/git-recommendations.md @@ -1,5 +1,6 @@ --- title: Git Recommendations +description: A guide for website contributors on using Git effectively. --- If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. diff --git a/docs/meta/translations.md b/docs/meta/translations.md index 5fddd290..ff5406c7 100644 --- a/docs/meta/translations.md +++ b/docs/meta/translations.md @@ -1,5 +1,6 @@ --- title: Translations +description: A guide for website contributors on adding translations to our website. --- Crowdin has good documentation, and we suggest looking at their [Getting Started](https://support.crowdin.com/crowdin-intro) guide. Our site is largely written in [Markdown](https://en.wikipedia.org/wiki/Markdown), so it should be easy to contribute. This page contains some helpful pointers for translating some specific syntax you may encounter on our site. diff --git a/docs/meta/uploading-images.md b/docs/meta/uploading-images.md index fdd3c568..bce3dd07 100644 --- a/docs/meta/uploading-images.md +++ b/docs/meta/uploading-images.md @@ -1,5 +1,6 @@ --- title: Uploading Images +description: A guide for website contributors on uploading images in the proper format and location. --- If you make changes to this website that involve adding new images or replacing existing ones, here are a couple of general recommendations: diff --git a/docs/meta/writing-style.md b/docs/meta/writing-style.md index 64294699..5e86213a 100644 --- a/docs/meta/writing-style.md +++ b/docs/meta/writing-style.md @@ -1,5 +1,6 @@ --- title: Writing Style +description: Our official writing style handbook for website contributors. --- Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt. diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md index cd6171d2..acd276d8 100644 --- a/docs/mobile-browsers.md +++ b/docs/mobile-browsers.md @@ -1,5 +1,5 @@ --- -meta_title: "Privacy Respecting Mobile Web Browsers for Android and iOS - Privacy Guides" +meta_title: "Privacy Respecting Web Browsers for Android and iOS - Privacy Guides" title: "Mobile Browsers" icon: material/cellphone-information description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. @@ -20,6 +20,7 @@ schema: applicationCategory: Web Browser operatingSystem: - Android + - iOS subjectOf: "@type": WebPage url: "./" @@ -42,9 +43,7 @@ schema: These are our currently recommended **mobile web browsers** and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. -## Android - -### Brave +## Brave
@@ -57,93 +56,140 @@ Brave is built upon the Chromium web browser project, so it should feel familiar [:octicons-home-16: Homepage](https://brave.com){ .md-button .md-button--primary } [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } [:octicons-eye-16:](https://brave.com/privacy/browser){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.brave.com){ .card-link title=Documentation} +[:octicons-info-16:](https://support.brave.com){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
Downloads - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser) +- [:simple-appstore: App Store](https://apps.apple.com/app/id1052879175) - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases)
-#### Recommended Brave Configuration +### Recommended Brave Configuration Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. -These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy** +=== "Android" -##### Shields + These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy**. + +=== "iOS" + + These options can be found in :fontawesome-solid-ellipsis: → **Settings** → **Shields & Privacy**. + +#### Brave shields global defaults Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/articles/360022973471-What-is-Shields) feature. We suggest configuring these options [globally](https://support.brave.com/hc/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings) across all pages that you visit. -##### Brave shields global defaults - Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: -
+=== "Android" -- [x] Select **Aggressive** under **Block trackers & ads** +
-
-Use default filter lists + - [x] Select **Aggressive** under *Block trackers & ads* + - [x] Select **Auto-redirect AMP pages** + - [x] Select **Auto-redirect tracking URLs** + - [x] Select **Require all connections to use HTTPS (strict)** under *Upgrade connections to HTTPS* + - [x] (Optional) Select **Block Scripts** (1) + - [x] Select **Block third-party cookies** under *Block Cookies* + - [x] Select **Block Fingerprinting** + - [x] Select **Prevent fingerprinting via language settings** -Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. +
+ Use default filter lists -
+ Brave allows you to select additional content filters within the **Content Filtering** menu or the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. -- [x] Select **Auto-redirect AMP pages** -- [x] Select **Auto-redirect tracking URLs** -- [x] Select **strict** under **Upgrade connections to HTTPS** -- [x] (Optional) Select **Block Scripts** (1) -- [x] Select **Block third-party cookies** under **Block Cookies** -- [x] Select **Block fingerprinting** -- [x] Select **Prevent fingerprinting via language settings** +
-
+ - [x] Select **Forget me when I close this site** -1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net) extension. +
-##### Clear browsing data + 1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by tapping on the Shield icon in the address bar and unchecking this setting under *Advanced controls*. + +=== "iOS" + +
+ + - [x] Select **Aggressive** under *Trackers & Ads Blocking* + - [x] Select **Strict** under *Upgrade Connections to HTTPS* + - [x] Select **Auto-Redirect AMP pages** + - [x] Select **Auto-Redirect Tracking URLs** + - [x] (Optional) Select **Block Scripts** (1) + - [x] Select **Block Fingerprinting** + +
+ Use default filter lists + + Brave allows you to select additional content filters within the **Content Filtering** menu. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. + +
+ +
+ + 1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by tapping on the Shield icon in the address bar and unchecking this setting under *Advanced controls*. + +##### Clear browsing data (Android only) - [x] Select **Clear data on exit** -##### Social Media Blocking +##### Social Media Blocking (Android only) - [ ] Uncheck all social media components -##### Other privacy settings +#### Other privacy settings + +=== "Android" + +
+ + - [x] Select **Disable non-proxied UDP** under [*WebRTC IP handling policy*](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc) + - [x] (Optional) Select **No protection** under *Safe Browsing* (1) + - [ ] Uncheck **Allow sites to check if you have payment methods saved** + - [x] Select **Close tabs on exit** + - [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** + - [ ] Uncheck **Automatically send diagnostic reports** + - [ ] Uncheck **Automatically send daily usage ping to Brave** + +
+ + 1. Brave's [implementation of Safe Browsing](https://support.brave.com/hc/en-us/articles/15222663599629-Safe-Browsing-in-Brave) on Android **does not** proxy [Safe Browsing network requests](https://developers.google.com/safe-browsing/v4/update-api#checking-urls) like its desktop counterpart. This means that your IP address may be seen (and logged) by Google. Note that Safe Browsing is not available for Android devices without Google Play Services. + +=== "iOS" + + - [ ] Uncheck **Allow Privacy-Preserving Product Analytics (P3A)** + - [ ] Uncheck **Automatically send daily usage ping to Brave** + +### Leo + +These options can be found in :material-menu: → **Settings** → **Leo**.
-- [x] Select **Disable non-proxied UDP** under [WebRTC IP handling policy](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc) -- [x] (Optional) Select **No protection** under **Safe Browsing** (1) -- [ ] Uncheck **Allow sites to check if you have payment methods saved** -- [ ] Uncheck **IPFS Gateway** (2) -- [x] Select **Close tabs on exit** -- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** -- [ ] Uncheck **Automatically send diagnostic reports** -- [ ] Uncheck **Automatically send daily usage ping to Brave** +- [ ] Uncheck **Show autocomplete suggestions in address bar** (1)
-1. Brave's [implementation of Safe Browsing](https://support.brave.com/hc/en-us/articles/15222663599629-Safe-Browsing-in-Brave) on Android **does not** proxy [Safe Browsing network requests](https://developers.google.com/safe-browsing/v4/update-api#checking-urls) like its desktop counterpart. This means that your IP address may be seen (and logged) by Google. Note that Safe Browsing is not available for Android devices without Google Play Services. -2. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. +1. This option is not present in Brave's iOS app. -#### Leo +### Search engines -These options can be found in :material-menu: → **Settings** → **Leo** +These options can be found in :material-menu:/:fontawesome-solid-ellipsis: → **Settings** → **Search engines**. -- [ ] Uncheck **Show autocomplete suggestions in address bar** +- [ ] Uncheck **Show search suggestions** -#### Brave Sync +### Brave Sync [Brave Sync](https://support.brave.com/hc/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. -### Mull +## Mull (Android)
@@ -153,7 +199,7 @@ These options can be found in :material-menu: → **Settings** → **Leo** [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#mull){ .md-button .md-button--primary } [:octicons-eye-16:](https://divestos.org/pages/privacy_policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://divestos.org/pages/browsers#tuningFenix){ .card-link title=Documentation } +[:octicons-info-16:](https://divestos.org/pages/browsers#tuningFenix){ .card-link title="Documentation" } [:octicons-code-16:](https://codeberg.org/divested-mobile/mull-fenix){ .card-link title="Source Code" }
@@ -179,7 +225,7 @@ Enable DivestOS's [F-Droid repository](https://divestos.org/fdroid/official) to Mull enables many features upstreamed by the [Tor uplift project](https://wiki.mozilla.org/Security/Tor_Uplift) using preferences from [Arkenfox](desktop-browsers.md#arkenfox-advanced). Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid. -#### Recommended Mull Configuration +### Recommended Mull Configuration We would suggest installing [uBlock Origin](browser-extensions.md#ublock-origin) as a content blocker if you want to block trackers within Mull. @@ -187,58 +233,97 @@ Mull comes with privacy protecting settings configured by default. You might con Because Mull has more advanced and strict privacy protections enabled by default compared to most browsers, some websites may not load or work properly unless you adjust those settings. You can consult this [list of known issues and workarounds](https://divestos.org/pages/broken#mull) for advice on a potential fix if you do encounter a broken site. Adjusting a setting in order to fix a website could impact your privacy/security, so make sure you fully understand any instructions you follow. -## iOS +## Safari (iOS) -On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser. - -### Safari +On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Chromium engine like its counterparts on other operating systems.
![Safari logo](assets/img/browsers/safari.svg){ align=right } -**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), Privacy Report, isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and Private Relay for those with a paid iCloud+ subscription. It also allows you to separate your browsing with different profiles and lock private tabs with your biometrics/PIN. +**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription. [:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary } [:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.apple.com/guide/iphone/browse-the-web-iph1fbef4daa/ios){ .card-link title=Documentation} +[:octicons-info-16:](https://support.apple.com/guide/iphone/browse-the-web-iph1fbef4daa/ios){ .card-link title="Documentation" }
-#### Recommended Safari Configuration +### Recommended Safari Configuration -We would suggest installing [AdGuard](browser-extensions.md#adguard) as a content blocker if you want to block trackers within Safari. +We would suggest installing [AdGuard](browser-extensions.md#adguard) if you want a content blocker in Safari. -The following privacy/security-related options can be found in the :gear: **Settings** app → **Safari** +The following privacy/security-related options can be found in :gear: **Settings** → **Apps** → **Safari**. -##### Profiles +#### Allow Safari to Access -All of your cookies, history, and website data will be separate for each profile. You should use different profiles for different purposes e.g. Shopping, Work, or School. +Under **Siri**: -##### Privacy & Security +- [ ] Disable **Learn from this App** +- [ ] Disable **Show in App** +- [ ] Disable **Show on Home Screen** +- [ ] Disable **Suggest App** + +This prevents Siri from using content from Safari for Siri suggestions. + +#### Search + +- [ ] Disable **Search Engine Suggestions** + +This setting sends whatever you type in the address bar to the search engine set in Safari. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider. + +#### Profiles + +Safari allows you to separate your browsing with different profiles. All of your cookies, history, and website data are separate for each profile. You should use different profiles for different purposes e.g. Shopping, Work, or School. + +#### Privacy & Security - [x] Enable **Prevent Cross-Site Tracking** - This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability. +This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but does not block all tracking avenues because it is designed to not interfere with website usability. -- [x] Enable **Require Face ID to Unlock Private Browsing** +- [x] Enable **Require Face ID/Touch ID to Unlock Private Browsing** - This setting allows you to lock your private tabs behind biometrics/PIN when not in use. +This setting allows you to lock your private tabs behind biometrics/PIN when not in use. -##### Advanced → Privacy +- [ ] Disable **Fraudulent Website Warning** + +This setting uses Google Safe Browsing (or Tencent Safe Browsing for users in mainland China or Hong Kong) to protect you while you browse. As such, your IP address may be logged by your Safe Browsing provider. Disabling this setting will disable this logging, but you might be more vulnerable to known phishing sites. + +- [ ] Disable **Highlights** + +Apple's privacy policy for Safari states: + +> When visiting a webpage, Safari may send information calculated from the webpage address to Apple over OHTTP to determine if relevant highlights are available. + +#### Settings for Websites + +Under **Camera** + +- [x] Select **Ask** + +Under **Microphone** + +- [x] Select **Ask** + +Under **Location** + +- [x] Select **Ask** + +These settings ensure that websites can only access your camera, microphone, or location after you explicitly grant them access. + +#### Other Privacy Settings + +These options can be found in :gear: **Settings** → **Apps** → **Safari** → **Advanced**. + +##### Fingerprinting Mitigations The **Advanced Tracking and Fingerprinting Protection** setting will randomize certain values so that it's more difficult to fingerprint you: - [x] Select **All Browsing** or **Private Browsing** -##### Privacy Report - -Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time. - -Privacy Report is accessible via the Page Settings menu. - ##### Privacy Preserving Ad Measurement - [ ] Disable **Privacy Preserving Ad Measurement** @@ -247,25 +332,25 @@ Ad click measurement has traditionally used tracking technology that infringes o The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature. -##### Always-on Private Browsing +#### Always-on Private Browsing -Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list. +Open Safari and tap the Tabs button, located in the bottom right. Then, expand the :material-format-list-bulleted: Tab Groups list. - [x] Select **Private** Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature. -Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience. +Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience. -##### iCloud Sync +#### iCloud Sync Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are [not](https://support.apple.com/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://apple.com/legal/privacy/en-ww). -You can enable E2EE for your Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/HT212520). Go to your **Apple ID name → iCloud → Advanced Data Protection**. +You can enable E2EE for your Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/HT212520). Go to :gear: **Settings** → **iCloud** → **Advanced Data Protection**. -- [x] Turn On **Advanced Data Protection** +- [x] Turn on **Advanced Data Protection** -If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**. +If you use iCloud with Advanced Data Protection disabled, we also recommend setting Safari's default download location to a local folder on your device. This option can be found in :gear: **Settings** → **Apps** → **Safari** → **General** → **Downloads**. ## Criteria diff --git a/docs/mobile-phones.md b/docs/mobile-phones.md index b0e9e251..3052cbbb 100644 --- a/docs/mobile-phones.md +++ b/docs/mobile-phones.md @@ -1,7 +1,7 @@ --- title: "Mobile Phones" icon: material/cellphone-check -description: These mobile devices have proper Android Verified Boot support for custom operating systems. +description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp schema: - diff --git a/docs/news-aggregators.md b/docs/news-aggregators.md index 1da82042..280b282e 100644 --- a/docs/news-aggregators.md +++ b/docs/news-aggregators.md @@ -4,6 +4,9 @@ icon: material/rss description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. cover: news-aggregators.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } A **news aggregator** is software which aggregates digital content from online newspapers, blogs, podcasts, and other resources to one location for easy viewing. Using one can be a great way to keep up with your favorite content. @@ -15,13 +18,13 @@ A **news aggregator** is software which aggregates digital content from online n ![Akregator logo](assets/img/news-aggregators/akregator.svg){ align=right } -**Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading. +**Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality, and an internal browser for easy news reading. [:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary } [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation} +[:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title="Documentation" } [:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" } -[:octicons-heart-16:](https://kde.org/community/donations){ .card-link title=Contribute } +[:octicons-heart-16:](https://kde.org/community/donations){ .card-link title="Contribute" }
Downloads @@ -38,7 +41,7 @@ A **news aggregator** is software which aggregates digital content from online n ![NewsFlash logo](assets/img/news-aggregators/newsflash.png){ align=right } -**NewsFlash** is an open-source, modern, simple and easy to use GTK4 news feed reader for Linux. It can be used offline or used with services like [NextCloud News](https://apps.nextcloud.com/apps/news) or [Inoreader](https://inoreader.com). It has a search feature and even a pre-defined list of sources like [TechCrunch](https://techcrunch.com) that you can add directly. It is only available as a Flatpak (on the Flathub repository). +**NewsFlash** is an open-source, modern, and easy-to-use news feed reader for Linux. It can be used offline or used with services like [Nextcloud News](https://apps.nextcloud.com/apps/news) or [Inoreader](https://inoreader.com). It has a search feature and a pre-defined list of sources that you can add directly. [:octicons-repo-16: Repository](https://gitlab.com/news-flash/news_flash_gtk){ .md-button .md-button--primary } [:octicons-code-16:](https://gitlab.com/news-flash/news_flash_gtk){ .card-link title="Source Code" } @@ -58,11 +61,11 @@ A **news aggregator** is software which aggregates digital content from online n ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right } -**Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). +**Feeder** is a modern RSS client for Android that has many [features](https://github.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). [:octicons-repo-16: Repository](https://github.com/spacecowboy/Feeder){ .md-button .md-button--primary } [:octicons-code-16:](https://github.com/spacecowboy/Feeder){ .card-link title="Source Code" } -[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute } +[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title="Contribute" }
Downloads @@ -74,30 +77,6 @@ A **news aggregator** is software which aggregates digital content from online n -### Fluent Reader - -
- -![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right } - -**Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md). - -[:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } -[:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute } - -
-Downloads - -- [:fontawesome-brands-windows: Windows](https://hyliu.me/fluent-reader) -- [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427) - -
- -
- ### Miniflux
@@ -105,12 +84,12 @@ A **news aggregator** is software which aggregates digital content from online n ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right } ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right } -**Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). +**Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML), and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary } -[:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation} +[:octicons-info-16:](https://miniflux.app/docs/index){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" } -[:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute } +[:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title="Contribute" }
@@ -123,8 +102,8 @@ A **news aggregator** is software which aggregates digital content from online n **NetNewsWire** is a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Reddit feeds. [:octicons-home-16: Homepage](https://netnewswire.com){ .md-button .md-button--primary } -[:octicons-eye-16:](https://netnewswire.com/privacypolicy.html){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://netnewswire.com/help){ .card-link title=Documentation} +[:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://netnewswire.com/help){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" }
@@ -143,10 +122,10 @@ A **news aggregator** is software which aggregates digital content from online n ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ align=right } -**Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell). +**Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell). [:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary } -[:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation} +[:octicons-info-16:](https://newsboat.org/releases/2.37/docs/newsboat.html){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" } @@ -179,12 +158,12 @@ https://reddit.com/r/[SUBREDDIT]/new/.rss ### YouTube -You can subscribe YouTube channels without logging in and associating usage information with your Google account. +You can subscribe to YouTube channels without logging in and associating usage information with your Google account.

Example

-To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found on the about page of the YouTube channel you wish to subscribe to, under: **About** > **Share** > **Copy channel ID**. Replace `[CHANNEL ID]` below: +To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found on the about page of the YouTube channel you wish to subscribe to, under: **About** → **Share** → **Copy channel ID**. Replace `[CHANNEL ID]` below: ```text https://youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] diff --git a/docs/office-suites.md b/docs/office-suites.md index f4198721..4d769922 100644 --- a/docs/office-suites.md +++ b/docs/office-suites.md @@ -4,6 +4,10 @@ icon: material/file-edit-outline description: These office suites offer their full functionality without an account and can be used offline. cover: office-suites.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + Choose an **office suite** that does not require logging in to an account to access its full functionality. The tools listed here can be used offline and could reasonably act as a replacement for Microsoft Office for most needs. ## LibreOffice diff --git a/docs/os/android-overview.md b/docs/os/android-overview.md index cf41ae16..199775e0 100644 --- a/docs/os/android-overview.md +++ b/docs/os/android-overview.md @@ -34,7 +34,7 @@ Many OEMs also have broken implementation of Verified Boot that you have to be a **Firmware updates** are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin). -As the components of the phone, such as the processor and radio technologies rely on closed-source components, the updates must be provided by the respective manufacturers. Therefore, it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC, and they will provide a minimum of 5 years of support. With the introduction of the Pixel 8 series, Google increased that support window to 7 years. +As the components of the phone, such as the processor and radio technologies rely on closed-source components, the updates must be provided by the respective manufacturers. Therefore, it is important that you purchase a device within an active support cycle. [Qualcomm](https://qualcomm.com/news/releases/2020/12/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC, and they will provide a minimum of 5 years of support. With the introduction of the Pixel 8 series, Google increased that support window to 7 years. EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed. @@ -91,19 +91,27 @@ Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/ ### User Profiles -Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android. +Multiple **user profiles** can be found in :gear: **Settings** → **System** → **Users** and are the simplest way to isolate in Android. -With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation. +With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation. ### Work Profile -[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles. +[**Work Profiles**](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles. A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one. The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile. -This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously. +This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the owner profile and work profile simultaneously. + +### Private Space + +**Private Space** is a feature introduced in Android 15 that adds another way of isolating individual apps. You can set up a private space in the owner profile by navigating to :gear: **Settings** → **Security & privacy** → **Private space**. Once set up, your private space resides at the bottom of the app drawer. + +Like user profiles, a private space is encrypted using its own encryption key, and you have the option to set up a different unlock method. Like work profiles, you can use apps from both the owner profile and private space simultaneously. Apps launched from a private space are distinguished by an icon depicting a key within a shield. + +Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space. ### VPN Killswitch diff --git a/docs/os/index.md b/docs/os/index.md index fdcdea6c..9bf23b11 100644 --- a/docs/os/index.md +++ b/docs/os/index.md @@ -1,5 +1,6 @@ --- title: Operating Systems +description: An overview of our operating system-related recommendations for all major computing hardware. --- We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use privacy tools like our [recommended web browsers](../desktop-browsers.md) in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices. diff --git a/docs/os/ios-overview.md b/docs/os/ios-overview.md index 14fe987a..00a88128 100644 --- a/docs/os/ios-overview.md +++ b/docs/os/ios-overview.md @@ -9,7 +9,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone. iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways. -We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services. +We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services. ### Activation Lock @@ -17,7 +17,7 @@ All iOS devices must be checked against Apple's Activation Lock servers when the ### Mandatory App Store -The only source for apps on iOS is Apple's App Store, which requires an Apple ID to access. This means that Apple has a record of every app you install on your device, and can likely tie that information to your actual identity if you provide the App Store with a payment method. +The only source for apps on iOS is Apple's App Store, which requires an Apple Account to access. This means that Apple has a record of every app you install on your device, and can likely tie that information to your actual identity if you provide the App Store with a payment method. ### Invasive Telemetry @@ -27,6 +27,8 @@ More recently, Apple has been found to [transmit analytics even when analytics s ## Recommended Configuration +**Note:** This guide assumes that you're running the latest version of iOS. + ### iCloud The majority of privacy and security concerns with Apple products are related to their cloud services, not their hardware or software. When you use Apple services like iCloud, most of your information is stored on their servers and secured with keys which Apple has access to by default. You can check [Apple's documentation](https://support.apple.com/HT202303) for information on which services are end-to-end encrypted. Anything listed as "in transit" or "on server" means it's possible for Apple to access that data without your permission. This level of access has occasionally been abused by law enforcement to get around the fact that your data is otherwise securely encrypted on your device, and of course Apple is vulnerable to data breaches like any other company. @@ -47,7 +49,7 @@ A paid **iCloud+** subscription (with any iCloud storage plan) comes with some p #### Media & Purchases -At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Media & Purchases** > **View Account**. +At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple Account. Select that, then select **Media & Purchases** → **View Account**. - [ ] Turn off **Personalized Recommendations** @@ -60,7 +62,7 @@ At the top of the **Settings** app, you'll see your name and profile picture if Your location data is not E2EE when your device is online and you use Find My iPhone remotely to locate your device. You will have to make the decision whether these trade-offs are worth the anti-theft benefits of Activation Lock. -At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features. +At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple Account. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features. ### Settings @@ -72,9 +74,9 @@ Enabling **Airplane Mode** stops your phone from contacting cell towers. You wil #### Wi-Fi -You can enable hardware address randomization to protect you from tracking across Wi-Fi networks. On the network you are currently connected to, press the :material-information: button: +You can enable [hardware address randomization](https://support.apple.com/en-us/102509#triswitch) to protect you from tracking across Wi-Fi networks, and on the same network over time. On the network you are currently connected to, tap the :material-information: button: -- [x] Turn on **Private Wi-Fi Address** +- [x] Set **Private Wi-Fi Address** to **Fixed** or **Rotating** You also have the option to **Limit IP Address Tracking**. This is similar to iCloud Private Relay but only affects connections to "known trackers." Because it only affects connections to potentially malicious servers, this setting is probably fine to leave enabled, but if you don't want *any* traffic to be routed through Apple's servers, you should turn it off. @@ -84,11 +86,13 @@ You also have the option to **Limit IP Address Tracking**. This is similar to iC - [ ] Turn off **Bluetooth** +Note that Bluetooth is automatically turned on after every system update. + #### General -Your iPhone's device name will by default contain your first name, and this will be visible to anyone on networks you connect to. You should change this to something more generic, like "iPhone." Select **About** > **Name** and enter the device name you prefer. +Your iPhone's device name will by default contain your first name, and this will be visible to anyone on networks you connect to. You should change this to something more generic, like "iPhone." Select **About** → **Name** and enter the device name you prefer. -It is important to install **Software Updates** frequently to get the latest security fixes. You can enable **Automatic Updates** to keep your phone up-to-date without needing to constantly check for updates. Select **Software Update** > **Automatic Updates**: +It is important to install **Software Updates** frequently to get the latest security fixes. You can enable **Automatic Updates** to keep your phone up-to-date without needing to constantly check for updates. Select **Software Update** → **Automatic Updates**: - [x] Turn on **Download iOS Updates** - [x] Turn on **Install iOS Updates** @@ -96,13 +100,13 @@ It is important to install **Software Updates** frequently to get the latest sec **AirDrop** allows you to easily transfer files, but it can allow strangers to send you files you do not want. -- [x] Select **AirDrop** > **Receiving Off** +- [x] Select **AirDrop** → **Receiving Off** -**AirPlay** lets you seamlessly stream content from your iPhone to a TV; however, you might not always want this. Select **AirPlay & Handoff** > **Automatically AirPlay to TVs**: +**AirPlay** lets you seamlessly stream content from your iPhone to a TV; however, you might not always want this. Select **AirPlay & Continuity** → **Automatically AirPlay**: - [x] Select **Never** or **Ask** -**Background App Refresh** allows your apps to refresh their content while you're not using them. This may cause them to make unwanted connections. Turning this off can also save battery life, but it may affect an app's ability to receive updated information, particularly weather and messaging apps. +**Background App Refresh** allows your apps to refresh their content while you're not using them. This may cause them to make unwanted connections. Turning this off can also save battery life, but may affect an app's ability to receive updated information, particularly weather and messaging apps. Select **Background App Refresh** and switch off any apps you don't want to continue refreshing in the background. If you don't want any apps to refresh in the background, you can select **Background App Refresh** again and turn it **Off**. @@ -116,19 +120,19 @@ If you don't want anyone to be able to control your phone with Siri when it is l Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security. -Select **Turn Passcode On** or **Change Passcode** > **Passcode Options** > **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md). +Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md). If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your phone will use the password you set up earlier as a fallback in case your biometric verification fails. Biometric unlock methods are primarily a convenience, although they do stop surveillance cameras or people over your shoulder from watching you input your passcode. If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts. -On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device. +On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device. -**Stolen Device Protection** is a new feature in iOS 17.3 which adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple ID settings, we recommend enabling this new protection: +**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection: - [x] Select **Turn On Protection** -After enabling Stolen Device Protection, [certain actions](https://support.apple.com/HT212510) will require biometric authentication without a password fallback (in the event that a shoulder surfer has obtained your PIN), such as using password autofill, accessing payment information, and disabling Lost Mode. It also adds a security delay to certain actions performed away from your home or another "familiar location," such as requiring a 1-hour timer to reset your Apple ID password or sign out of your Apple ID. This delay is intended to give you time to enable Lost Mode and secure your account before a thief can reset your device. +After enabling Stolen Device Protection, [certain actions](https://support.apple.com/HT212510) will require biometric authentication without a password fallback (in the event that a shoulder surfer has obtained your PIN), such as using password autofill, accessing payment information, and disabling Lost Mode. It also adds a security delay to certain actions performed away from your home or another "familiar location," such as requiring a 1-hour timer to reset your Apple Account password or sign out of your Apple Account. This delay is intended to give you time to enable Lost Mode and secure your account before a thief can reset your device. **Allow Access When Locked** gives you options for what you can allow when your phone is locked. The more of these options you disable, the less someone without your password can do, but the less convenient it will be for you. Pick and choose which of these you don't want someone to have access to if they get their hands on your phone. @@ -185,6 +189,8 @@ You should disable analytics if you don't wish to send Apple usage data. Select - [ ] Turn off **Improve Fitness+** - [ ] Turn off **Improve Safety** - [ ] Turn off **Improve Siri & Dictation** +- [ ] Turn off **Improve Assistive Voice Features** +- [ ] Turn off **Improve AR Location Accuracy** Disable **Personalized Ads** if you don't want targeted ads. Select **Apple Advertising**: @@ -202,22 +208,57 @@ Disable **Personalized Ads** if you don't want targeted ads. Select **Apple Adve ### E2EE Calls -Normal phone calls made with the Phone app through your carrier are not E2EE. Both FaceTime Video and FaceTime Audio calls are E2EE, or you can use [another app](../real-time-communication.md) like Signal. +Normal phone calls made with the Phone app through your carrier are not E2EE. Both FaceTime Video and FaceTime Audio calls are E2EE. Alternatively, you can use [another app](../real-time-communication.md) like Signal for E2EE calls. + +### Encrypted iMessage + +The [color of the message bubble](https://support.apple.com/en-us/104972) in the Messages app indicates whether your messages are E2EE or not. A blue bubble indicates that you're using iMessage with E2EE, while a green bubble indicates the other party is using either the outdated SMS and MMS protocols or RCS. RCS on iOS is **not** E2EE. Currently, the only way to have E2EE in Messages is for both parties to be using iMessage on Apple devices. + +If either you or your messaging partner have iCloud Backup enabled without Advanced Data Protection, the encryption key will be stored on Apple's servers, meaning they can access your messages. Additionally, iMessage's key exchange is not as secure as alternative implementations like Signal's (which allows you to view the recipients key and verify by QR code), so it shouldn't be relied on for particularly sensitive communications. + +### Photo Permissions + +When an app prompts you for access to your device's photo library, iOS provides you with options to limit what an app can access. + +Rather than allow an app to access all the photos on your device, you can allow it to only access whichever photos you choose by tapping the "Select Photos..." option in the permission dialog. You can change photo access permissions at any time by navigating to **Settings** → **Privacy & Security** → **Photos**. + +![Photo Permissions](../assets/img/ios/photo-permissions-light.png#only-light) ![Photo Permissions](../assets/img/ios/photo-permissions-dark.png#only-dark) + +**Add Photos Only** is a permission that only gives an app the ability to download photos to the photo library. Not all apps which request photo library access provide this option. + +![Private Access](../assets/img/ios/private-access-light.png#only-light) ![Private Access](../assets/img/ios/private-access-dark.png#only-dark) + +Some apps also support **Private Access**, which functions similarly to the **Limited Access** permission. However, photos shared to apps using Private Access include their location by default. We recommend unchecking this setting if you do not [remove photo metadata](../data-redaction.md) beforehand. + +### Contact Permissions + +Similarly, rather than allow an app to access all the contacts saved on your device, you can allow it to only access whichever contacts you choose. You can change contact access permissions at any time by navigating to **Settings** → **Privacy & Security** → **Contacts**. + +![Contact Permissions](../assets/img/ios/contact-permissions-light.png#only-light) ![Contact Permissions](../assets/img/ios/contact-permissions-dark.png#only-dark) + +### Require Biometrics and Hide Apps + +iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown. + +In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications. + +You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability. + +### Blacking Out Faces/Information + +If you need to hide information in a photo, you can use Apple's built-in editing tools to do so. + +- Open the **Photos** app and tap the photo you have selected for redaction +- Tap the :material-tune: (at the bottom of the screen) → markup symbol (top right) → plus icon at the bottom right +- Select **Add Shape** and choose the square or circle +- On the toolbar, tap the circle (left-most option) and choose black as the color for filling in the shape. You can also move the shape and increase its size as you see fit. + +**Don't** use the highlighter to obfuscate information, as its opacity is not quite 100%. ### Avoid Jailbreaking Jailbreaking an iPhone undermines its security and makes you vulnerable. Running untrusted, third-party software could cause your device to be infected with malware. -### Encrypted iMessage - -The color of the message bubble in the Messages app indicates whether your messages are E2EE or not. A blue bubble indicates that you're using iMessage with E2EE, while a green bubble indicates the other party is using the outdated SMS and MMS protocols. Currently, the only way to get E2EE in Messages is for both parties to be using iMessage on Apple devices. - -If either you or your messaging partner have iCloud Backup enabled without Advanced Data Protection, the encryption key will be stored on Apple's servers, meaning they can access your messages. Additionally, iMessage's key exchange is not as secure as alternative implementations, like Signal (which allows you to view the recipients key and verify by QR code), so it shouldn't be relied on for particularly sensitive communications. - -### Blacking Out Faces/Information - -If you need to hide information in a photo, you can use Apple's built-in tools to do so. Open the photo you want to edit, press edit in the top right corner of the screen, then press the markup symbol at the top right. Press the plus at the bottom right of the screen, then press the rectangle icon. Now, you can place a rectangle anywhere on the image. Make sure to press the shape icon at the bottom left and select the filled-in rectangle. **Don't** use the highlighter to obfuscate information, because its opacity is not quite 100%. - ### iOS Betas Apple always makes beta versions of iOS available early for those that wish to help find and report bugs. We don't recommend installing beta software on your phone. Beta releases are potentially unstable and could have undiscovered security vulnerabilities. @@ -226,4 +267,4 @@ Apple always makes beta versions of iOS available early for those that wish to h ### Before First Unlock -If your threat model includes forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation. +If your threat model includes [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } that involve forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation. diff --git a/docs/os/macos-overview.md b/docs/os/macos-overview.md index 8c651052..67e87e37 100644 --- a/docs/os/macos-overview.md +++ b/docs/os/macos-overview.md @@ -19,7 +19,7 @@ Brand new Apple silicon devices can be set up without an internet connection. Ho macOS performs online checks when you open an app to verify whether an app contains known malware, and whether the developer’s signing certificate is revoked. -Previously, these checks were performed via an unencrypted OCSP protocol which could leak information about the apps you ran to your network. Apple upgraded their OCSP service to use HTTPS encryption in 2021, and [posted information](https://support.apple.com/HT202491) about their logging policy for this service. They additionally promised to add a mechanism for people to opt-out of this online check, but this has not been added to macOS as of July 2023. +Apple's OCSP service uses HTTPS encryption, so only they are able to see which apps you open. They've [posted information](https://support.apple.com/HT202491) about their logging policy for this service. They additionally [promised](http://lapcatsoftware.com/articles/2024/8/3.html) to add a mechanism for people to opt-out of this online check, but this has not been added to macOS. While you [can](https://eclecticlight.co/2021/02/23/how-to-run-apps-in-private) manually opt out of this check relatively easily, we recommend against doing so unless you would be badly compromised by the revocation checks performed by macOS, because they serve an important role in ensuring compromised apps are blocked from running. @@ -31,14 +31,14 @@ However, exploits in protective utilities like `sudo` have been [discovered in t If you do use a second account, it is not strictly required to ever log in to your original Administrator account from the macOS login screen. When you are doing something as a Standard user which requires Administrator permissions, the system should prompt you for authentication, where you can enter your Administrator credentials as your Standard user on a one-time basis. Apple provides [guidance](https://support.apple.com/HT203998) on hiding your Administrator account if you prefer to only see a single account on your login screen. -Alternatively, you can use a utility like [macOS Enterprise Privileges](https://github.com/SAP/macOS-enterprise-privileges) to escalate to Administrator rights on-demand, but this may be vulnerable to some undiscovered exploit, like all software-based protections. - ### iCloud -The majority of privacy and security concerns with Apple products are related to their *cloud services*, not their hardware or software. When you use Apple services like iCloud, most of your information is stored on their servers and secured with keys *which Apple has access to* by default. This level of access has occasionally been abused by law enforcement to get around the fact that your data is otherwise securely encrypted on your device, and of course Apple is vulnerable to data breaches like any other company. +When you use Apple services like iCloud, most of your information is stored on their servers and secured with keys *which Apple has access to* by default. This is called [Standard Data Protection](https://support.apple.com/en-us/102651) by Apple. Therefore, if you use iCloud you should [enable **Advanced Data Protection**](https://support.apple.com/HT212520). This encrypts nearly all of your iCloud data with keys stored on your devices (end-to-end encryption), rather than Apple's servers, so that your iCloud data is secured in the event of a data breach, and otherwise hidden from Apple. +If you want to be able to install apps from the App Store but don't want to enable iCloud, you can sign in to your Apple Account from the App Store instead of **System Settings**. + ### System Settings There are a number of built-in settings you should confirm or change to harden your system. Open the **Settings** app: @@ -53,6 +53,8 @@ Depending on if you are using **Wi-Fi** or **Ethernet** (denoted by a green dot Click on the "Details" button by your network name: +- [x] Select **Rotating** under **Private Wi-Fi address** + - [x] Check **Limit IP address tracking** ##### Firewall @@ -119,7 +121,7 @@ Decide whether you want personalized ads based on your usage. ##### FileVault -On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling FileVault additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on. +On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on. On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled. @@ -133,21 +135,13 @@ On older Intel-based Mac computers, FileVault is the only form of disk encryptio ### MAC Address Randomization -macOS uses a randomized MAC address when performing Wi-Fi scans while disconnected from a network. However, when you connect to a preferred Wi-Fi network, the MAC address used is never randomized. Full MAC address randomization is an advanced topic, and most people don't need to worry about performing the following steps. +macOS uses a randomized MAC address when performing Wi-Fi scans while disconnected from a network. -Unlike iOS, macOS doesn't give you an option to randomize your MAC address in the settings, so if you wish to change this identifier, you'll need to do it with a command or a script. To set a random MAC address, first disconnect from the network if you're already connected, then open **Terminal** and enter this command to randomize your MAC address: +You can set your MAC address to be randomized per network and rotate occasionally to prevent tracking between networks and on the same network over time. -``` zsh -openssl rand -hex 6 | sed 's/^\(.\{1\}\)./\12/; s/\(..\)/\1:/g; s/.$//' | xargs sudo ifconfig en0 ether -``` +Go to **System Settings** → **Network** → **Wi-Fi** → **Details** and set **Private Wi-Fi address** to either **Fixed** if you want a fixed but unique address for the network you're connected to, or **Rotating** if you want it to change over time. -`en0` is the name of the interface you're changing the MAC address for. This might not be the right one on every Mac, so to check you can hold the option key and click the Wi-Fi symbol at the top right of your screen. "Interface name" should be displayed at the top of the dropdown menu. - -This command sets your MAC address to a randomized, "locally administered" address, matching the behavior of iOS, Windows, and Android's MAC address randomization features. This means that every character in the MAC address is fully randomized except the second character, which denotes the MAC address as *locally administered* and not in conflict with any actual hardware. This method is most compatible with modern networks. An alternative method is to set the first six characters of the MAC address to one of Apple's existing *Organizational Unique Identifiers*, which we'll leave as an exercise to the reader. That method is more likely to conflict with some networks, but may be less noticeable. Given the prevalence of randomized, locally administered MAC addresses in other modern operating systems, we don't think either method has significant privacy advantages over the other. - -When you connect to the network again, you'll connect with a random MAC address. This will be reset on reboot. - -Your MAC address is not the only unique information about your device which is broadcast on the network, your hostname is another piece of information which could uniquely identify you. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** > **General** > **Sharing**. Some [privacy scripts](https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos#guide) allow you to easily generate hostnames with random names. +Consider changing your hostname as well, which is another device identifier that's broadcast on the network you're connected to. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** → **General** → **Sharing**. Some [privacy scripts](https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos#guide) allow you to easily generate hostnames with random names. ## Security Protections @@ -178,27 +172,68 @@ System Integrity Protection makes critical file locations read-only to protect a ##### App Sandbox -macOS apps submitted to the App Store after June 1, 2012 are required to be sandboxed using the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox). +On macOS, whether an app is sandboxed is determined by the developer when they sign it. The App Sandbox protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the App Store.

Warning

-Software downloaded from outside the official App Store is not required to be sandboxed. You should avoid non-App Store software as much as possible. +Software downloaded from outside the official App Store is not required to be sandboxed. If your threat model prioritizes defending against [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange }, then you may want to check if the software you download outside the App Store is sandboxed, which is up to the developer to *opt in*.
+You can check if an app uses the App Sandbox in a few ways: + +You can check if apps that are already running are sandboxed using the [Activity Monitor](https://developer.apple.com/documentation/security/protecting-user-data-with-app-sandbox#Verify-that-your-app-uses-App-Sandbox). + +
+

Warning

+ +Just because one of an app's processes is sandboxed doesn't mean they all are. + +
+ +Alternatively, you can check apps before you run them by running this command in the terminal: + +``` zsh +% codesign -dvvv --entitlements - +``` + +If an app is sandboxed, you should see the following output: + +``` zsh + [Key] com.apple.security.app-sandbox + [Value] + [Bool] true +``` + +If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether. + +##### Hardened Runtime + +The [Hardened Runtime](https://developer.apple.com/documentation/security/hardened_runtime) is an extra form of protection for apps that prevents certain classes of exploits. It improves the security of apps against exploitation by disabling certain features like JIT. + +You can check if an app uses the Hardened Runtime using this command: + +``` zsh +codesign --display --verbose /path/to/bundle.app +``` + +If Hardened Runtime is enabled, you will see `flags=0x10000(runtime)`. The `runtime` output means Hardened Runtime is enabled. There might be other flags, but the runtime flag is what we're looking for here. + +You can enable a column in Activity Monitor called "Restricted" which is a flag that prevents programs from injecting code via macOS's [dynamic linker](https://pewpewthespells.com/blog/blocking_code_injection_on_ios_and_os_x.html). Ideally, this should say "Yes". + ##### Antivirus macOS comes with two forms of malware defense: -1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. +1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation. 2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS. We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer. ##### Backups -macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create encrypted backups to an external or network drive in the event of corrupted/deleted files. +macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create encrypted backups to an external drive or a network drive in the event of corrupted/deleted files. ### Hardware Security diff --git a/docs/os/windows/group-policies.md b/docs/os/windows/group-policies.md index 0e508b85..9fd5ccee 100644 --- a/docs/os/windows/group-policies.md +++ b/docs/os/windows/group-policies.md @@ -1,5 +1,6 @@ --- title: Group Policy Settings +description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting. --- Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better. diff --git a/docs/os/windows/index.md b/docs/os/windows/index.md index fb729faf..b20996ce 100644 --- a/docs/os/windows/index.md +++ b/docs/os/windows/index.md @@ -1,6 +1,7 @@ --- title: Windows Overview icon: material/microsoft-windows +description: Microsoft Windows is a common operating system which is extremely non-private out of the box. Our guide covers making some improvements to your computer without replacing your OS. --- **Microsoft Windows** is a common OS shipped with many PCs by default. The following guides aim to provide some ways to improve privacy and reduce the default telemetry and data stored by disabling some unnecessary features. Over time, Microsoft adds features to the OS which can sometimes rely on cloud-based services. These features will often require certain types of [optional data](https://privacy.microsoft.com/data-collection-windows) that is sometimes sent to remote servers for processing. diff --git a/docs/passwords.md b/docs/passwords.md index 27b1bcd4..ac03013c 100644 --- a/docs/passwords.md +++ b/docs/passwords.md @@ -144,7 +144,7 @@ schema:

Info

-Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features standalone offerings have. +Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have. For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/HT202303) offers E2EE by default. @@ -164,7 +164,7 @@ These password managers sync your passwords to a cloud server for easy accessibi [:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://bitwarden.com/help){ .card-link title=Documentation} +[:octicons-info-16:](https://bitwarden.com/help){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" }
@@ -172,7 +172,7 @@ These password managers sync your passwords to a cloud server for easy accessibi - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden) - [:simple-appstore: App Store](https://apps.apple.com/app/id1137397744) -- [:simple-github: GitHub](https://github.com/bitwarden/mobile/releases) +- [:simple-github: GitHub](https://github.com/bitwarden/android/releases) - [:fontawesome-brands-windows: Windows](https://bitwarden.com/download) - [:simple-linux: Linux](https://bitwarden.com/download) - [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop) @@ -194,9 +194,9 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve **Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy official service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code. [:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden){ .md-button } -[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation} +[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute } +[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" } ### Proton Pass @@ -208,7 +208,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve [:octicons-home-16: Homepage](https://proton.me/pass){ .md-button .md-button--primary } [:octicons-eye-16:](https://proton.me/pass/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://proton.me/support/pass){ .card-link title="Documentation"} +[:octicons-info-16:](https://proton.me/support/pass){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/protonpass){ .card-link title="Source Code" }
@@ -242,11 +242,11 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud ![1Password logo](assets/img/password-management/1password.svg){ align=right } -**1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up). 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf). +**1Password** is a password manager with a strong focus on security and ease-of-use that allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up). 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf). [:octicons-home-16: Homepage](https://1password.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://1password.com/legal/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.1password.com){ .card-link title=Documentation} +[:octicons-info-16:](https://support.1password.com){ .card-link title="Documentation" }
Downloads @@ -266,7 +266,7 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud
-Traditionally, 1Password has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. 1Password's clients boast many features geared towards families and less technical people, such as an intuitive UI for ease of use and navigation, as well as advanced functionality. Notably, nearly every feature of 1Password is available within its native mobile or desktop clients. +Traditionally, 1Password has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature parity across all platforms. 1Password's clients boast many features geared towards families and less technical people, such as an intuitive UI for ease of use and navigation, as well as advanced functionality. Notably, nearly every feature of 1Password is available within its native mobile or desktop clients. Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data. @@ -280,7 +280,7 @@ Your 1Password vault is secured with both your master password and a randomized [:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://doc.psono.com){ .card-link title=Documentation} +[:octicons-info-16:](https://doc.psono.com){ .card-link title="Documentation" } [:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" }
@@ -308,7 +308,7 @@ In April 2024, Psono added [support for passkeys](https://psono.com/blog/psono-i - Must utilize strong, standards-based/modern E2EE. - Must have thoroughly documented encryption and security practices. -- Must have a published audit from a reputable, independent third-party. +- Must have a published audit from a reputable, independent third party. - All non-essential telemetry must be optional. - Must not collect more PII than is necessary for billing purposes. @@ -333,9 +333,9 @@ These options allow you to manage an encrypted password database locally. [:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://keepassxc.org/docs){ .card-link title=Documentation} +[:octicons-info-16:](https://keepassxc.org/docs){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" } -[:octicons-heart-16:](https://keepassxc.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://keepassxc.org/donate){ .card-link title="Contribute" }
Downloads @@ -351,7 +351,7 @@ These options allow you to manage an encrypted password database locally.
-KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually. +KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. You may encounter data loss if you import this file into another password manager. We advise you check each record manually. ### KeePassDX (Android) @@ -362,9 +362,9 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se **KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development. [:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary } -[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation} +[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" } -[:octicons-heart-16:](https://keepassdx.com/#donation){ .card-link title=Contribute } +[:octicons-heart-16:](https://keepassdx.com/#donation){ .card-link title="Contribute" }
Downloads @@ -386,9 +386,9 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se [:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://strongboxsafe.com/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://strongboxsafe.com/getting-started){ .card-link title=Documentation} +[:octicons-info-16:](https://strongboxsafe.com/getting-started){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/strongbox-password-safe/Strongbox){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title=Contribute } +[:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title="Contribute" }
Downloads @@ -399,7 +399,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se -Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/id1581589638). This version is stripped down in an attempt to reduce attack surface. +Additionally, Strongbox offers an offline-only version: [Strongbox Zero](https://apps.apple.com/app/id1581589638). This version is stripped down in an attempt to reduce attack surface. ### gopass (CLI) @@ -407,12 +407,12 @@ Additionally, there is an offline-only version offered: [Strongbox Zero](https:/ ![gopass logo](assets/img/password-management/gopass.svg){ align=right } -**gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems (Linux, macOS, BSD, Windows). +**gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems. [:octicons-home-16: Homepage](https://gopass.pw){ .md-button .md-button--primary } -[:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation} +[:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute } +[:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title="Contribute" }
Downloads @@ -426,7 +426,6 @@ Additionally, there is an offline-only version offered: [Strongbox Zero](https:/ - ### Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/docs/pastebins.md b/docs/pastebins.md index 05ce1f57..90a59e7e 100644 --- a/docs/pastebins.md +++ b/docs/pastebins.md @@ -4,6 +4,10 @@ icon: material/content-paste description: These tools allow you to have full control of any pasted data you share to other parties. cover: pastebins.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + [**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste. ## PrivateBin diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index ef934b68..e0ea1cae 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -2,7 +2,7 @@ meta_title: "The Best Private Instant Messengers - Privacy Guides" title: "Real-Time Communication" icon: material/chat-processing -description: Other instant messengers make all of your private conversations available to the company that runs them. +description: Encrypted messengers like Signal and SimpleX keep your sensitive communications secure from prying eyes. cover: real-time-communication.webp --- Protects against the following threat(s): @@ -30,9 +30,9 @@ These messengers are great for securing your sensitive communications. [:octicons-home-16: Homepage](https://signal.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://support.signal.org){ .card-link title=Documentation} +[:octicons-info-16:](https://support.signal.org){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/signalapp){ .card-link title="Source Code" } -[:octicons-heart-16:](https://signal.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://signal.org/donate){ .card-link title="Contribute" }
Downloads @@ -79,7 +79,7 @@ If you use Android and your threat model requires protecting against [:material- [:octicons-home-16: Homepage](https://molly.im){ .md-button .md-button--primary } [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title="Documentation"} +[:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" } [:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title="Contribute" } @@ -98,7 +98,11 @@ Molly is updated every two weeks to include the latest features and bug fixes fr Note that you are trusting multiple parties by using Molly, as you now need to trust the Signal team *and* the Molly team to deliver safe and timely updates. -There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like push notifications. There is also a version called [**Molly-UP**](https://github.com/mollyim/mollyim-android#unifiedpush) which is based on Molly-FOSS and adds back support for push notifications with UnifiedPush, but it requires self-hosting a program on a separate computer to function. All three versions of Molly provide the same security improvements. +There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like battery-saving push notifications via Google Play Services. + +There is also a version called [**Molly-UP**](https://github.com/mollyim/mollyim-android#unifiedpush) which is based on Molly-FOSS and adds support for push notifications with [UnifiedPush](https://unifiedpush.org), an open source alternative to the push notifications provided by Google Play Services, but it requires running a separate program called [Mollysocket](https://github.com/mollyim/mollysocket) to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used ([step-by-step tutorial, in German](https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy)). + +All three versions of Molly provide the same security improvements. Molly and Molly-FOSS support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code. @@ -108,11 +112,11 @@ Molly and Molly-FOSS support [reproducible builds](https://github.com/mollyim/mo ![Simplex logo](assets/img/messengers/simplex.svg){ align=right } -**SimpleX** Chat is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations. +**SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. [:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary } -[:octicons-eye-16:](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://github.com/simplex-chat/simplex-chat/tree/stable/docs){ .card-link title=Documentation} +[:octicons-eye-16:](https://simplex.chat/privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://simplex.chat/docs/simplex.html){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/simplex-chat){ .card-link title="Source Code" }
@@ -129,9 +133,13 @@ Molly and Molly-FOSS support [reproducible builds](https://github.com/mollyim/mo -SimpleX Chat [was audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) by Trail of Bits in October 2022. +SimpleX provides direct messaging, group chats, and E2EE calls secured with the [SimpleX Messaging Protocol](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md), which uses double ratchet encryption with quantum resistance. Additionally, SimpleX Chat provides metadata protection by using unidirectional ["simplex queues"](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/simplex-messaging.md#simplex-queue) to deliver messages. -SimpleX Chat supports basic group chatting functionality, direct messaging, and editing of messages and markdown. E2EE Audio and Video calls are also supported. Your data can be exported and imported onto another device, as there are no central servers where this is backed up. +To participate in conversations on SimpleX Chat, you must scan a QR code or click an invite link. This allows you to verify a contact out-of-band, which protects against man-in-the-middle attacks by network providers. Your data can be exported and imported onto another device, as there are no central servers where this is backed up. + +You can find a full list of the privacy and security [features](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations) implemented in SimpleX Chat on the app's repository. + +SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/20241014-simplex-network-v6-1-security-review-better-calls-user-experience.html#simplex-cryptographic-design-review-by-trail-of-bits) and in [October 2022](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website). ### Briar @@ -143,7 +151,7 @@ SimpleX Chat supports basic group chatting functionality, direct messaging, and [:octicons-home-16: Homepage](https://briarproject.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://briarproject.org/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://code.briarproject.org/briar/briar/-/wikis/home){ .card-link title=Documentation} +[:octicons-info-16:](https://code.briarproject.org/briar/briar/-/wikis/home){ .card-link title="Documentation" } [:octicons-code-16:](https://code.briarproject.org/briar/briar){ .card-link title="Source Code" } [:octicons-heart-16:](https://briarproject.org){ .card-link title="Donation options are listed on the bottom of the homepage" } @@ -188,7 +196,7 @@ Messages and files shared in private rooms (those which require an invite) are b [:octicons-home-16: Homepage](https://element.io){ .md-button .md-button--primary } [:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://element.io/help){ .card-link title=Documentation} +[:octicons-info-16:](https://element.io/help){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/element-hq){ .card-link title="Source Code" }
@@ -208,7 +216,7 @@ Messages and files shared in private rooms (those which require an invite) are b Profile pictures, reactions, and nicknames are not encrypted. -Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings. +With the integration of [Element Call](https://element.io/blog/we-have-lift-off-element-x-call-and-server-suite-are-ready) into Element's web app, desktop apps, and its [rewritten mobile apps](https://element.io/blog/element-x-experience-the-future-of-element), group VoIP and video calls are E2EE by default. The Matrix protocol itself [theoretically supports forward secrecy](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy)[^1], however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history. @@ -226,7 +234,7 @@ Session uses the decentralized [Oxen Service Node Network](https://oxen.io) to s [:octicons-home-16: Homepage](https://getsession.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://getsession.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" }
diff --git a/docs/router.md b/docs/router.md index b780d7d4..65827acb 100644 --- a/docs/router.md +++ b/docs/router.md @@ -1,10 +1,15 @@ --- title: "Router Firmware" icon: material/router-wireless -description: These alternative operating systems can be used to secure your router or Wi-Fi access point. +description: Alternative operating systems for securing your router or Wi-Fi access point. cover: router.webp --- -Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. +Protects against the following threat(s): + +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } + +Below are a few alternative operating systems that can be used on routers, Wi-Fi access points, etc. ## OpenWrt diff --git a/docs/search-engines.md b/docs/search-engines.md index f1e75511..9e48a9ac 100644 --- a/docs/search-engines.md +++ b/docs/search-engines.md @@ -2,11 +2,15 @@ meta_title: "Recommended Search Engines: Anonymous Google Alternatives - Privacy Guides" title: "Search Engines" icon: material/search-web -description: These privacy-respecting search engines don't build an advertising profile based on your searches. +description: Privacy-respecting search engines which don't build an advertising profile based on your searches. cover: search-engines.webp global: - [randomize-element, "table tbody"] --- +Protects against the following threat(s): + +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } + Use a **search engine** that doesn't build an advertising profile based on your searches. ## Recommended Providers diff --git a/docs/security-keys.md b/docs/security-keys.md index 9a55bb25..ad8f9490 100644 --- a/docs/security-keys.md +++ b/docs/security-keys.md @@ -1,7 +1,7 @@ --- title: "Security Keys" icon: 'material/key-chain' -description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. +description: Secure your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. cover: multi-factor-authentication.webp --- Protects against the following threat(s): diff --git a/docs/tools.md b/docs/tools.md index f3fdf6cd..ba6f577a 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -1,10 +1,10 @@ --- -meta_title: "The Best Privacy Tools, Services, and Ad-Free Recommendations - Privacy Guides" +meta_title: "Ad-Free Privacy Tool/Service Recommendations - Privacy Guides" title: "Privacy Tools" icon: material/tools hide: - toc -description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. +description: A complete list of the privacy tools, services, software, and hardware recommended by the Privacy Guides community. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -37,15 +37,6 @@ For more details about each project, why they were chosen, and additional tips o -
-

Threat Model Labels

- -You may find any of the following icons on some of the recommendation pages: :material-incognito: :material-target-account: :material-package-variant-closed-remove: :material-bug-outline: :material-server-network: :material-eye-outline: :material-account-cash: :material-account-search: :material-close-outline: - -We are testing a new feature that allows readers to better identify and understand the kinds of threats that privacy tools best defend against. Let us know what you think about this feature by replying to this dedicated forum [thread](https://discuss.privacyguides.net/t/implement-threat-model-labels/18659)! - -
- ## Private Web Browsers
@@ -97,9 +88,9 @@ We are testing a new feature that allows readers to better identify and understa --- - We recommend **Safari** alongside a tracker-blocker like [AdGuard](browser-extensions.md#adguard) on iOS, because all iOS browsers are forced to be based on Safari anyways. This reduces the number of parties you're required to trust. + We recommend **Safari** due to its [anti-fingerprinting](https://webkit.org/blog/15697/private-browsing-2-0) features and default tracker blocking. It also separates your cookies in private browsing mode to prevent tracking between tabs. - - [Read Full Review :material-arrow-right-drop-circle:](mobile-browsers.md#safari) + - [Read Full Review :material-arrow-right-drop-circle:](mobile-browsers.md#safari-ios)
@@ -252,7 +243,6 @@ If you're looking for added **security**, you should always ensure you're connec - ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji loading=lazy } [Canary Mail (iOS)](email-clients.md#canary-mail-ios) - ![FairEmail logo](assets/img/email-clients/fairemail.svg){ .twemoji loading=lazy } [FairEmail (Android)](email-clients.md#fairemail-android) - ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji loading=lazy } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome) -- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji loading=lazy } [K-9 Mail (Android)](email-clients.md#k-9-mail-android) - ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji loading=lazy } [Kontact (Linux)](email-clients.md#kontact-kde) - ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji loading=lazy } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser) - ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji loading=lazy } [NeoMutt (CLI)](email-clients.md#neomutt-cli) @@ -280,7 +270,6 @@ If you're looking for added **security**, you should always ensure you're connec
- ![EasyOptOuts logo](assets/img/data-broker-removals/easyoptouts.svg){ .twemoji loading=lazy } [EasyOptOuts](data-broker-removals.md#easyoptouts-paid) -- ![Optery logo](assets/img/data-broker-removals/optery.svg){ .twemoji loading=lazy } [Optery](data-broker-removals.md#optery-free-paid) - ![Google logo](assets/img/data-broker-removals/google.svg){ .twemoji loading=lazy } [Google *Results about you*](data-broker-removals.md#google-results-about-you-free)
@@ -395,7 +384,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b - ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji loading=lazy } [MAT2](data-redaction.md#mat2) - ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji loading=lazy } [ExifEraser (Android)](data-redaction.md#exiferaser-android) - ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji loading=lazy } [Metapho (iOS)](data-redaction.md#metapho-ios) -- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji loading=lazy } [PrivacyBlur](data-redaction.md#privacyblur) - ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji loading=lazy } [ExifTool (CLI)](data-redaction.md#exiftool) @@ -416,14 +404,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b ### Encryption Software
-Operating System Disk Encryption +Operating System Encryption -For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems. +For encrypting your OS drive, we typically recommend using the encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and take advantage of hardware encryption elements such as a [secure cryptoprocessor](basics/hardware.md/#tpmsecure-cryptoprocessor). -[Learn more :material-arrow-right-drop-circle:](encryption.md#os-full-disk-encryption) +[Learn more :material-arrow-right-drop-circle:](encryption.md#operating-system-encryption)
+#### Cross-platform Tools +
- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji loading=lazy } [Cryptomator](encryption.md#cryptomator-cloud) @@ -510,7 +500,6 @@ For encrypting your operating system drive, we typically recommend using whichev - ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji loading=lazy } [Akregator](news-aggregators.md#akregator) - ![NewsFlash logo](assets/img/news-aggregators/newsflash.png){ .twemoji loading=lazy } [NewsFlash](news-aggregators.md#newsflash) - ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder (Android)](news-aggregators.md#feeder) -- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji loading=lazy } [Fluent Reader](news-aggregators.md#fluent-reader) - ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji loading=lazy }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji loading=lazy } [Miniflux](news-aggregators.md#miniflux) - ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji loading=lazy } [NetNewsWire](news-aggregators.md#netnewswire) - ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji loading=lazy } [Newsboat](news-aggregators.md#newsboat) @@ -700,7 +689,6 @@ These tools may provide utility for certain individuals. They provide functional - ![iMazing logo](assets/img/device-integrity/imazing.png){ .twemoji loading=lazy } [iMazing (iOS)](device-integrity.md#imazing-ios) - ![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ .twemoji loading=lazy }![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ .twemoji loading=lazy } [Auditor (Android)](device-integrity.md#auditor-android) - ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ .twemoji loading=lazy }![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ .twemoji loading=lazy } [Hypatia (Android)](device-integrity.md#hypatia-android) -- ![iVerify logo](assets/img/device-integrity/iverify.webp){ .twemoji loading=lazy } [iVerify Basic (iOS)](device-integrity.md#iverify-basic-ios)
diff --git a/docs/tor.md b/docs/tor.md index 81f7f0c5..624721fa 100644 --- a/docs/tor.md +++ b/docs/tor.md @@ -121,13 +121,13 @@ All versions are signed using the same signature so they should be compatible wi -## Onion Browser +## Onion Browser (iOS)
![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ align=right } -**Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser). +**Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser). [:material-star-box: Read our latest Onion Browser review.](/articles/2024/09/18/onion-browser-review) [:octicons-home-16: Homepage](https://onionbrowser.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://onionbrowser.com/privacy-policy){ .card-link title="Privacy Policy" } @@ -144,4 +144,6 @@ All versions are signed using the same signature so they should be compatible wi
+Onion Browser does not provide the same levels of privacy protections as Tor Browser does on desktop platforms. For casual use it is a perfectly fine way to access hidden services, but if you're concerned about being traced or monitored by advanced adversaries you should not rely on this as an anonymity tool. + [^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html) and [Whonix's Stream Isolation documentation](https://whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people. diff --git a/docs/vpn.md b/docs/vpn.md index d86959c2..fe978ca0 100644 --- a/docs/vpn.md +++ b/docs/vpn.md @@ -2,7 +2,7 @@ meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides" title: "VPN Services" icon: material/vpn -description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. +description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. cover: vpn.webp global: - [randomize-element, "table tbody"] @@ -32,7 +32,7 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have | Provider | Countries | WireGuard | Port Forwarding | IPv6 | Anonymous Payments |---|---|---|---|---|--- -| [Proton](#proton-vpn) | 112+ | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Partial Support | :material-alert-outline:{ .pg-orange } | Cash +| [Proton](#proton-vpn) | 112+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } Partial Support | :material-information-outline:{ .pg-blue } Limited Support | Cash | [IVPN](#ivpn) | 37+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero, Cash | [Mullvad](#mullvad) | 45+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero, Cash @@ -56,6 +56,7 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have - [:simple-appstore: App Store](https://apps.apple.com/app/id1437005085) - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - [:fontawesome-brands-windows: Windows](https://protonvpn.com/download-windows) +- [:simple-apple: macOS](https://protonvpn.com/download-macos) - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup)
@@ -89,9 +90,9 @@ Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://wiregua Proton VPN [recommends](https://protonvpn.com/blog/wireguard) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols) for the protocol is not present in their Linux app. -#### :material-alert-outline:{ .pg-orange } No IPv6 Support +#### :material-alert-outline:{ .pg-orange } Limited IPv6 Support -Proton VPN's servers are only compatible with IPv4. The Proton VPN applications will block all outgoing IPv6 traffic, so you don't have to worry about your IPv6 address being leaked, but you will not be able to connect to any IPv6-only sites, and you will not be able to connect to Proton VPN from an IPv6-only network. +Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks) in their browser extension but only 80% of their servers are IPv6-compatible. On other platforms, the Proton VPN client will block all outgoing IPv6 traffic, so you don't have to worry about your IPv6 address being leaked, but you will not be able to connect to any IPv6-only sites, nor will you be able to connect to Proton VPN from an IPv6-only network. #### :material-information-outline:{ .pg-info } Remote Port Forwarding @@ -179,7 +180,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023] #### :material-check:{ .pg-green } Anti-Censorship -IVPN has obfuscation modes using the [v2ray](https://v2ray.com/en/index.html) project which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic. +IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic. #### :material-check:{ .pg-green } Mobile Clients @@ -195,7 +196,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } -**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and does not offer a free trial. +**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it. [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } @@ -244,7 +245,7 @@ Mullvad provides the source code for their desktop and mobile clients in their [ #### :material-check:{ .pg-green } Accepts Cash and Monero -Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Prepaid cards with redeem codes are also available. Mullvad also accepts Swish and bank wire transfers. +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Prepaid cards with redeem codes are also available. Mullvad also accepts Swish and bank wire transfers, as well as a few European payment systems. #### :material-check:{ .pg-green } WireGuard Support @@ -262,7 +263,12 @@ Mullvad previously supported port forwarding, but removed the option in [May 202 #### :material-check:{ .pg-green } Anti-Censorship -Mullvad has obfuscation an mode using [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) which may be useful in situations where VPN protocols like OpenVPN or Wireguard are blocked. +Mullvad offers several features to help bypass censorship and access the internet freely: + +- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en). +- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption. +- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor. +- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself. #### :material-check:{ .pg-green } Mobile Clients @@ -270,7 +276,7 @@ Mullvad has published [App Store](https://apps.apple.com/app/id1488466513) and [ #### :material-information-outline:{ .pg-blue } Additional Notes -Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They use [ShadowSocks](https://shadowsocks.org) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They also provide the option to enable Defense Against AI-guided Traffic Analysis ([DAITA](https://mullvad.net/en/blog/daita-defense-against-ai-guided-traffic-analysis)) in their apps. DAITA protects against the threat of advanced traffic analysis which can be used to connect patterns in VPN traffic with specific websites. ## Criteria @@ -293,14 +299,15 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi - Killswitch built in to clients. - Multihop support. Multihopping is important to keep data private in case of a single node compromise. - If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- Censorship resistance features designed to bypass firewalls without DPI. **Best Case:** - Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) - Easy-to-use VPN clients -- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. +- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. - Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). -- Obfuscation technology which pads data packets with random data to circumvent internet censorship. +- Obfuscation technology which camouflages the true nature of internet traffic, designed to circumvent advanced internet censorship methods like DPI. ### Privacy @@ -325,13 +332,16 @@ A VPN is pointless if it can't even provide adequate security. We require all ou - Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. - Forward Secrecy. - Published security audits from a reputable third-party firm. +- VPN servers that use full-disk encryption or are RAM-only. **Best Case:** - Strongest Encryption: RSA-4096. +- Optional quantum-resistant encryption. - Forward Secrecy. - Comprehensive published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- RAM-only VPN servers. ### Trust @@ -340,6 +350,7 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Minimum to Qualify:** - Public-facing leadership or ownership. +- Company based in a jurisdiction where it cannot be forced to do secret logging. **Best Case:** @@ -371,4 +382,4 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality -While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include content blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. +While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include content blocking functionality, warrant canaries, excellent customer support, the number of allowed simultaneous connections, etc. diff --git a/includes/abbreviations.en.txt b/includes/abbreviations.en.txt index 93195bd3..03c478c7 100644 --- a/includes/abbreviations.en.txt +++ b/includes/abbreviations.en.txt @@ -16,6 +16,7 @@ *[DoQ]: DNS over QUIC *[DoH3]: DNS over HTTP/3 *[DoT]: DNS over TLS +*[DPI]: Deep Packet Inspection identifies and blocks packet with specific payloads *[E2EE]: End-to-End Encryption/Encrypted *[ECS]: EDNS Client Subnet *[EEA]: European Economic Area @@ -71,6 +72,7 @@ *[PGP]: Pretty Good Privacy (see OpenPGP) *[PII]: Personally Identifiable Information *[QNAME]: Qualified Name +*[QUIC]: A network protocol based on UDP, but aiming to combine the speed of UDP with the reliability of TCP. *[rolling release]: Updates which are released frequently rather than set intervals *[RSS]: Really Simple Syndication *[SELinux]: Security-Enhanced Linux diff --git a/includes/strings.en.env b/includes/strings.en.env index 2f715d81..453ab999 100644 --- a/includes/strings.en.env +++ b/includes/strings.en.env @@ -24,6 +24,7 @@ HOMEPAGE_BUTTON_GET_STARTED_TITLE="The first step of your privacy journey" HOMEPAGE_BUTTON_TOOLS_NAME="Recommended Tools" HOMEPAGE_BUTTON_TOOLS_TITLE="Recommended privacy tools, services, and knowledge" NAV_ABOUT="About" +NAV_ABOUT_TEAM_MEMBERS="Team Members" NAV_ADVANCED="Advanced" NAV_ADVANCED_TOPICS="Advanced Topics" NAV_BLOG="Articles" diff --git a/mkdocs.blog.yml b/mkdocs.blog.yml index 7aad243e..e1d6e9b6 100644 --- a/mkdocs.blog.yml +++ b/mkdocs.blog.yml @@ -147,6 +147,7 @@ plugins: categories: - categories - tags + glightbox: {} tags: {} search: {} privacy: @@ -200,7 +201,6 @@ markdown_extensions: tables: {} footnotes: {} toc: - permalink: true toc_depth: 4 nav: @@ -210,6 +210,7 @@ nav: - !ENV [NAV_BLOG, "Articles"]: - index.md - tags.md + - editorial.md - !ENV [NAV_ABOUT, "About"]: /en/about/ - "Donate": /en/about/donate/ - !ENV [NAV_CHANGELOG, "Changelog"]: diff --git a/mkdocs.yml b/mkdocs.yml index 55a10d11..de55dcab 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -364,7 +364,6 @@ markdown_extensions: tables: {} footnotes: {} toc: - permalink: true toc_depth: 4 nav: @@ -449,6 +448,8 @@ nav: - !ENV [NAV_ABOUT, "About"]: - "about.md" - "about/donate.md" + - !ENV [NAV_ABOUT_TEAM_MEMBERS, "Team Members"]: + https://discuss.privacyguides.net/u?group=team&order=solutions&period=all - "about/contributors.md" - "about/criteria.md" - "about/executive-policy.md" diff --git a/modules/mkdocs-material b/modules/mkdocs-material index edd5029d..1a9cde68 160000 --- a/modules/mkdocs-material +++ b/modules/mkdocs-material @@ -1 +1 @@ -Subproject commit edd5029dd86077d595a3591faed6b21a73062bc8 +Subproject commit 1a9cde6887f6ceeefd21bfb21598993d8a3589ab diff --git a/theme/assets/img/data-broker-removals/optery.svg b/theme/assets/img/data-broker-removals/optery.svg deleted file mode 100644 index 64100d13..00000000 --- a/theme/assets/img/data-broker-removals/optery.svg +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - - - - diff --git a/theme/assets/img/data-redaction/privacyblur.svg b/theme/assets/img/data-redaction/privacyblur.svg deleted file mode 100644 index a1b2e2e9..00000000 --- a/theme/assets/img/data-redaction/privacyblur.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/device-integrity/iverify.webp b/theme/assets/img/device-integrity/iverify.webp deleted file mode 100644 index aa3e15af..00000000 Binary files a/theme/assets/img/device-integrity/iverify.webp and /dev/null differ diff --git a/theme/assets/img/email-clients/k9mail.svg b/theme/assets/img/email-clients/k9mail.svg deleted file mode 100644 index 4af99058..00000000 --- a/theme/assets/img/email-clients/k9mail.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/news-aggregators/fluent-reader.svg b/theme/assets/img/news-aggregators/fluent-reader.svg deleted file mode 100644 index 2ab38b3a..00000000 --- a/theme/assets/img/news-aggregators/fluent-reader.svg +++ /dev/null @@ -1 +0,0 @@ -F \ No newline at end of file diff --git a/theme/blog-post.html b/theme/blog-post.html index f91a9830..8d604667 100644 --- a/theme/blog-post.html +++ b/theme/blog-post.html @@ -27,26 +27,34 @@ {% block container %} -
+
{% if config.theme.language == "en" %} {% endif %} - + - - - - + + + + - + + + + + + + + + + -
{% endif %} - - {% if page.meta.review %} -
    - - -
  • -
    - - {{ page.meta.review.name }} summary - - -
    -
    -
      -
    • - - - - - {% for i in range(1, 6) %} - {% if i <= page.meta.review.rating %} - {% include ".icons/material/star.svg" %} - {% else %} - {% if i - 0.5 == page.meta.review.rating %} - {% include ".icons/material/star-half-full.svg" %} - {% else %} - {% include ".icons/material/star-outline.svg" %} - {% endif %} - {% endif %} - {% endfor %} - - - {% if page.authors %} - - {% endif %} -
      • -
    • - - - Pros: + {% block extra_sidebar %} + {% if page.categories[0].title == "Opinion" %} +
        +
      • +
        + + Disclaimer + +
        +
        +
          +
        • + -
            - {% for pro in page.meta.review.pros %} -
          • {{ pro }}
            • - {% endfor %} -
          + This is an opinion piece. + The views expressed in this article are the author's own and do not necessarily reflect the views of Privacy Guides and its editorial team.           - -
          • -
        • - - - Cons: - -
            - {% for con in page.meta.review.cons %} -
          • {{ con }}
            • - {% endfor %} -
          -           -           -           -
          • -
        - -
        -
        • -
      - {% endif %} +
      • +
    +
    +
    • +
+ {% endif %} + {% endblock %} - - {% if "toc.integrate" in features %} {% include "partials/toc.html" %} diff --git a/theme/layouts/home.yml b/theme/layouts/home.yml index 8d373a85..ab2223fa 100644 --- a/theme/layouts/home.yml +++ b/theme/layouts/home.yml @@ -44,6 +44,9 @@ tags: og:image:height: "{{ image.height }}" og:url: "{{ page.canonical_url }}" + # Mastodon + fediverse:creator: "@privacyguides@neat.computer" + # Twitter twitter:card: summary_large_image twitter:title: *page_title_with_site_name diff --git a/theme/partials/content.html b/theme/partials/content.html index e4b21103..6a021324 100644 --- a/theme/partials/content.html +++ b/theme/partials/content.html @@ -40,7 +40,7 @@ {% endif %} -
+
{{ page.content }}
diff --git a/theme/review-article.html b/theme/review-article.html new file mode 100644 index 00000000..3d33e2f2 --- /dev/null +++ b/theme/review-article.html @@ -0,0 +1,129 @@ + + +{% extends "blog-post.html" %} + +{% import "partials/nav-item.html" as item with context %} + +{% block extra_sidebar %} + + {% if page.meta.review %} +
    +
  • +
    + + Our rating + +
    +
    +
      +
    • + + + + + {% for i in range(1, 6) %} + {% if i <= page.meta.review.rating %} + {% include ".icons/material/star.svg" %} + {% else %} + {% if i - 0.5 == page.meta.review.rating %} + {% include ".icons/material/star-half-full.svg" %} + {% else %} + {% include ".icons/material/star-outline.svg" %} + {% endif %} + {% endif %} + {% endfor %} + + +
      • +
    • + + + Pros: + +
        + {% for pro in page.meta.review.pros %} +
      • {{ pro }}
        • + {% endfor %} +
      +       +       +       +
      • +
    • + + + Cons: + +
        + {% for con in page.meta.review.cons %} +
      • {{ con }}
        • + {% endfor %} +
      +       +       +       +
      • +
    +
    +
    • +
+ + {% endif %} + +{% endblock %}