1
0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-10-20 06:22:11 +00:00

Compare commits

..

22 Commits

Author SHA1 Message Date
oppressor1761
35dc235a9d Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-04-24 20:03:12 +08:00
oppressor1761
6d34aa1f7d Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-04-24 19:57:37 +08:00
oppressor1761
d988800738 Update mkdocs.en.yml
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-04-02 16:36:34 +08:00
oppressor1761
090645b150 Update mkdocs.en.yml
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-04-02 16:35:10 +08:00
oppressor1761
cb9d760c56 Update mkdocs-common.yml
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-04-02 16:23:05 +08:00
oppressor1761
4a42d8e1fe Merge branch 'main' into main
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-04-02 16:21:40 +08:00
oppressor1761
5820c4d945 add policy Prevent OneDrive from generating network traffic until the user signs in to OneDrive
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-04-02 15:47:35 +08:00
oppressor1761
e8a1e5bfa0 Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-29 16:51:02 +08:00
oppressor1761
d137e1acf3 Update copilot settings
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-29 15:44:48 +08:00
oppressor1761
07efd74ca1 Correct Markdown syntax
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-29 14:57:50 +08:00
oppressor1761
beff5eb145 Merge branch 'privacyguides:main' into main 2024-03-29 14:37:21 +08:00
oppressor1761
e3e9faaeba Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-29 14:36:52 +08:00
oppressor1761
3aa43c0e4e Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-29 14:23:07 +08:00
oppressor1761
00926206cc Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-28 11:17:25 +08:00
oppressor1761
c64d5e6795 Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-27 16:57:14 +08:00
oppressor1761
88724b7833 Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-27 11:18:23 +08:00
oppressor1761
10e68cd44b Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-26 17:02:14 +08:00
oppressor1761
adc97bc8b1 Merge branch 'privacyguides:main' into main 2024-03-25 17:01:08 +08:00
oppressor1761
6bc7782a42 Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-25 17:00:38 +08:00
oppressor1761
e42533fa1b Update windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-25 16:38:22 +08:00
oppressor1761
0e07ccaf50 Create windows-overview.md
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-20 15:04:51 +08:00
oppressor1761
ccb08456a2 Update mkdocs.en.yml
Signed-off-by: oppressor1761 <163018825+oppressor1761@users.noreply.github.com>
2024-03-20 11:10:54 +08:00
117 changed files with 2338 additions and 2269 deletions

View File

@@ -1,8 +0,0 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the
// README at: https://github.com/devcontainers/templates/tree/main/src/python
{
"name": "Privacy Guides",
"image": "ghcr.io/squidfunk/mkdocs-material:9.5.17",
"forwardPorts": [8000],
"postCreateCommand": "git submodule init; git submodule update theme/assets/brand; mkdocs serve --dev-addr=0.0.0.0:8000 --config-file config/mkdocs.en.yml"
}

View File

@@ -1,8 +0,0 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the
// README at: https://github.com/devcontainers/templates/tree/main/src/python
{
"name": "Privacy Guides Team",
"image": "ghcr.io/privacyguides/privacyguides.org:main",
"forwardPorts": [8000],
"postCreateCommand": "git submodule init; git submodule update theme/assets/brand; MKDOCS_INHERIT=mkdocs-production.yml mkdocs serve --dev-addr=0.0.0.0:8000 --config-file config/mkdocs.en.yml"
}

View File

@@ -31,8 +31,3 @@ indent_size = 2
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
[{*.caddy,*.example-caddy,Caddyfile}]
charset = utf-8
indent_style = tab
tab_width = 4

25
.github/CODEOWNERS vendored
View File

@@ -1,5 +1,27 @@
# Copyright (c) 2019-2023 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# Additional Co-Owners are added to the TOP of this file
# High-traffic pages
/docs/index.md @jonaharagon @dngray
/docs/index.en.md @jonaharagon @dngray
/theme/overrides/ @jonaharagon
# Org
@@ -13,3 +35,4 @@ README.md @jonaharagon @dngray
/Pipfile @jonaharagon
/Pipfile.lock @jonaharagon
/.github/ @jonaharagon
/.well-known/ @jonaharagon

View File

@@ -22,6 +22,7 @@ name: "Content Correction"
description: Report any inaccurate, incorrect, or outdated information on the website.
labels: ["t:correction"]
body:
- type: markdown
attributes:
value: |

View File

@@ -24,6 +24,7 @@ labels: ["t:bug"]
assignees:
- jonaharagon
body:
- type: markdown
attributes:
value: |

View File

@@ -21,6 +21,7 @@
version: 2
registries:
github-privacyguides:
type: git
url: https://github.com
@@ -28,6 +29,7 @@ registries:
password: ${{secrets.REPO_PAT}}
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
@@ -50,15 +52,6 @@ updates:
labels:
- "fix:submodules"
- package-ecosystem: "devcontainers"
directory: "/"
schedule:
interval: weekly
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: weekly
# Disabled because some updates tend to remove needed dependencies for some reason
# # Maintain dependencies for pipenv

View File

@@ -1,93 +0,0 @@
#
name: ☁️ Build Container
# Configures this workflow to run every time a change is pushed to the branch called `release`.
on:
push:
branches: ["main"]
release:
types: [published]
workflow_dispatch:
concurrency:
group: container-build
cancel-in-progress: true
permissions:
contents: read
packages: write
# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand]
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build-and-push-image:
needs: submodule
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rm -rf modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rm -rf theme/assets/brand
mv modules/repo-brand theme/assets/brand
# Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
- name: Log in to the Container registry
uses: docker/login-action@v3.1.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5.5.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha
flavor: |
latest=${{ github.event_name == 'release' }}
# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
- name: Build and push Docker image
uses: docker/build-push-action@v5.3.0
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cleanup:
if: ${{ always() }}
needs: build-and-push-image
uses: privacyguides/.github/.github/workflows/cleanup.yml@main

113
.github/workflows/build-offline.yml vendored Normal file
View File

@@ -0,0 +1,113 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Build Offline Website
on:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: 'false'
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Python setup
uses: actions/setup-python@v5
with:
cache: 'pipenv'
- uses: actions/cache/restore@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ github.repository }}-en-${{ github.ref }}-
site-cache-${{ github.repository }}-en-
- name: Install Python dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build website
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CARDS: false
run: |
pipenv run mkdocs build --config-file config/mkdocs-offline.yml
pipenv run mkdocs --version
- name: Package website
run: |
tar -czvf offline.tar.gz site
zip -r -q offline.zip site
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- name: Upload tar.gz file
uses: actions/upload-artifact@v4
with:
name: offline.tar.gz
path: offline.tar.gz
- name: Upload zip file
uses: actions/upload-artifact@v4
with:
name: offline.zip
path: offline.zip
- name: Create ZIM File
uses: addnab/docker-run-action@v3
with:
image: ghcr.io/openzim/zim-tools:3.1.3
options: -v ${{ github.workspace }}:/data
run: |
zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site /data/offline-privacy_guides.zim
- name: Upload ZIM file
uses: actions/upload-artifact@v4
with:
name: offline-privacy_guides.zim
path: offline-privacy_guides.zim

View File

@@ -1,11 +1,28 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Build Website
on:
workflow_call:
inputs:
config:
type: string
default: build
ref:
required: true
type: string
@@ -33,27 +50,11 @@ jobs:
contents: read
steps:
- run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- if: inputs.config == 'build'
run: |
{
echo "MKDOCS_INHERIT=mkdocs-production.yml"
echo "PRODUCTION=true"
echo "CONTEXT=${{ inputs.context }}"
} >> "$GITHUB_ENV"
- if: inputs.config == 'offline'
run: |
echo "MKDOCS_INHERIT=mkdocs-offline.yml" >> "$GITHUB_ENV"
echo "CARDS=false" >> "$GITHUB_ENV"
- uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
persist-credentials: 'false'
fetch-depth: 0
- uses: actions/download-artifact@v4
@@ -75,10 +76,9 @@ jobs:
- uses: actions/setup-python@v5
with:
cache: "pipenv"
cache: 'pipenv'
- uses: actions/cache/restore@v4.0.2
id: site_cache_restore
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
@@ -87,7 +87,6 @@ jobs:
site-cache-${{ inputs.repo }}-
- uses: actions/cache/restore@v4.0.2
id: card_cache_restore
with:
key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
path: |
@@ -102,25 +101,29 @@ jobs:
pipenv install
sudo apt install pngquant
- uses: falti/dotenv-action@v1.1
- if: inputs.lang != 'en'
uses: falti/dotenv-action@v1.1
with:
path: includes/strings.${{ inputs.lang }}.env
export-variables: true
keys-case: bypass
- run: |
- env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CONTEXT: ${{ inputs.context }}
PRODUCTION: true
run: |
pipenv run mkdocs build --config-file config/mkdocs.${{ inputs.lang }}.yml
cp -r static/* site/
pipenv run mkdocs --version
tar -czvf site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz site
tar -czvf site-build-${{ inputs.lang }}.tar.gz site
- uses: actions/cache/save@v4.0.2
if: steps.site_cache_restore.outputs.cache-hit != 'true'
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- uses: actions/cache/save@v4.0.2
if: steps.card_cache_restore.outputs.cache-hit != 'true'
with:
key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
path: |
@@ -129,49 +132,5 @@ jobs:
- uses: actions/upload-artifact@v4
with:
name: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz
path: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz
offline_package:
if: inputs.config == 'offline' && inputs.lang == 'en'
needs: build
runs-on: ubuntu-latest
continue-on-error: ${{ inputs.continue-on-error }}
permissions:
contents: read
steps:
- uses: actions/download-artifact@v4
with:
name: site-offline-en.tar.gz
- run: |
tar -xzvf site-offline-en.tar.gz
tar -czvf offline.tar.gz site/en
zip -r -q offline.zip site/en
- name: Upload tar.gz file
uses: actions/upload-artifact@v4
with:
name: offline.tar.gz
path: offline.tar.gz
- name: Upload zip file
uses: actions/upload-artifact@v4
with:
name: offline.zip
path: offline.zip
- name: Create ZIM File
uses: addnab/docker-run-action@v3
with:
image: ghcr.io/openzim/zim-tools:3.1.3
options: -v ${{ github.workspace }}:/data
run: |
zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site/en /data/offline-privacy_guides.zim
- name: Upload ZIM file
uses: actions/upload-artifact@v4
with:
name: offline-privacy_guides.zim
path: offline-privacy_guides.zim
name: site-build-${{ inputs.lang }}.tar.gz
path: site-build-${{ inputs.lang }}.tar.gz

33
.github/workflows/cleanup.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Cleanup Artifacts
on:
workflow_call:
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- uses: geekyeggo/delete-artifact@v5
with:
name: repo-*
failOnError: false

237
.github/workflows/deploy.yml vendored Normal file
View File

@@ -0,0 +1,237 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Deploy Website Build
on:
workflow_call:
inputs:
netlify_preview:
type: boolean
netlify_alias:
type: string
netlify_production:
type: boolean
github_pages:
type: boolean
bunnycdn_production:
type: boolean
minio_production:
type: boolean
outputs:
netlify_preview_address:
value: ${{ jobs.netlify_preview.outputs.address }}
secrets:
NETLIFY_TOKEN:
PROD_BUNNYCDN_API_KEY:
PROD_BUNNYCDN_PASSWORD:
PROD_MINIO_KEY_ID:
PROD_MINIO_SECRET_KEY:
jobs:
netlify_preview:
if: inputs.netlify_preview
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
address: ${{ steps.address.outputs.address }}
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml
ls -la site/
- uses: actions/setup-node@v4
- run: |
npm install netlify-cli -g
- if: inputs.netlify_preview
name: Limit length of Netlify alias to 12
run: echo "SHORT_ALIAS=`echo ${{ inputs.netlify_alias }} | cut -c1-12`" >> $GITHUB_ENV
- if: inputs.netlify_preview
id: deployment
env:
NETLIFY_SITE_ID: ${{ vars.NETLIFY_SITE }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
run: |
netlify deploy --dir=site --alias=${{ env.SHORT_ALIAS }}
echo "DEPLOYED_ADDRESS=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_ENV"
- id: address
run: |
echo "address=$DEPLOYED_ADDRESS" >> "$GITHUB_OUTPUT"
netlify_production:
if: inputs.netlify_production
runs-on: ubuntu-latest
permissions:
contents: read
environment:
name: production
url: https://illustrious-bavarois-56cf30.netlify.app/
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml
ls -la site/
- uses: actions/setup-node@v4
- run: |
npm install netlify-cli -g
- id: prod_deployment
env:
NETLIFY_SITE_ID: ${{ vars.PROD_NETLIFY_SITE }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
run: |
netlify deploy --dir=site --prod-if-unlocked
github_pages:
if: inputs.github_pages
runs-on: ubuntu-latest
concurrency:
group: "pages"
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
permissions:
contents: read
pages: write # to deploy to Pages
id-token: write # to verify the deployment originates from an appropriate source
steps:
- uses: actions/configure-pages@v5
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
- uses: 1arp/create-a-file-action@0.4.4
with:
path: site
file: index.html
content: |
<html lang="en">
<head>
<title>Redirecting to English site...</title>
<meta
http-equiv="refresh"
content="0; URL=./en/"
/>
</head>
</html>
- uses: actions/upload-pages-artifact@v3
with:
path: site
- id: deployment
uses: actions/deploy-pages@main
bunnycdn_production:
if: inputs.bunnycdn_production
runs-on: ubuntu-latest
permissions:
contents: read
environment:
name: production
url: https://privacyguides-org-production.b-cdn.net
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
- uses: own3d/bunny-action@bfaa5c6bc8b7a7ebd599ddd4912347d7c3847e78
env:
BUNNY_API_ACCESS_KEY: ${{ secrets.PROD_BUNNYCDN_API_KEY }}
BUNNY_STORAGE_HOSTNAME: storage.bunnycdn.com
BUNNY_STORAGE_USERNAME: ${{ vars.PROD_BUNNYCDN_USER }}
BUNNY_STORAGE_PASSWORD: ${{ secrets.PROD_BUNNYCDN_PASSWORD }}
BUNNY_PULL_ZONE_ID: 2117106
with:
args: deploy --dir=site
minio_production:
if: inputs.minio_production
runs-on: ubuntu-latest
permissions:
contents: read
environment:
name: production
url: https://privacyguides-org-production.stor1-minio.jonaharagon.net
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
- uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --delete
env:
SOURCE_DIR: "site/"
AWS_S3_BUCKET: ${{ vars.PROD_MINIO_BUCKET }}
AWS_S3_ENDPOINT: ${{ vars.PROD_MINIO_HOSTNAME }}
AWS_ACCESS_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}

48
.github/workflows/download-repo.yml vendored Normal file
View File

@@ -0,0 +1,48 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Download Repository
on:
workflow_call:
inputs:
repo:
required: true
type: string
secrets:
ACTIONS_SSH_KEY:
required: true
jobs:
download:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: 'privacyguides/${{ inputs.repo }}'
path: repo-${{ inputs.repo }}
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
- uses: actions/upload-artifact@v4
with:
name: repo-${{ inputs.repo }}
path: repo-${{ inputs.repo }}
retention-days: 1

View File

@@ -20,10 +20,7 @@
name: 🪞 Push to Mirrors
permissions:
contents: read
on: [push, delete, create]
on: [ push, delete, create ]
# Ensures that only one mirror task will run at a time.
concurrency:

View File

@@ -18,7 +18,7 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 PR Preview
name: 📦 Publish Pull Request Preview
on:
pull_request_target:
@@ -30,21 +30,17 @@ concurrency:
permissions:
pull-requests: write
contents: read
pages: write
id-token: write
jobs:
submodule:
strategy:
matrix:
repo:
- name: mkdocs-material-insiders
ref: main
- name: brand
ref: main
- name: i18n
ref: main
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
repo: [mkdocs-material-insiders, brand, i18n]
uses: ./.github/workflows/download-repo.yml
with:
repo: ${{ matrix.repo.name }}
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
@@ -71,10 +67,12 @@ jobs:
needs: build
permissions:
contents: read
uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main
pages: write
id-token: write
uses: ./.github/workflows/deploy.yml
with:
netlify_preview: true
netlify_alias: ${{ github.event.pull_request.head.sha }}
netlify_site_id: ${{ vars.NETLIFY_SITE }}
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
@@ -84,8 +82,9 @@ jobs:
needs: deploy
runs-on: ubuntu-latest
env:
address: ${{ needs.deploy.outputs.address }}
address: ${{ needs.deploy.outputs.netlify_preview_address }}
steps:
- uses: thollander/actions-comment-pull-request@v2.5.0
with:
message: |
@@ -100,4 +99,4 @@ jobs:
cleanup:
if: ${{ always() }}
needs: build
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
uses: ./.github/workflows/cleanup.yml

View File

@@ -18,29 +18,24 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 Release
name: 📦 Publish Release
on:
push:
tags:
- "*"
concurrency:
group: release-deployment
cancel-in-progress: true
- '*'
permissions:
contents: write
pages: write
id-token: write
deployments: write
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
uses: ./.github/workflows/download-repo.yml
with:
repo: ${{ matrix.repo }}
secrets:
@@ -51,21 +46,25 @@ jobs:
strategy:
matrix:
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
build: [build, offline]
permissions:
contents: read
uses: ./.github/workflows/build.yml
with:
config: ${{ matrix.build }}
ref: ${{ github.ref }}
repo: ${{ github.repository }}
lang: ${{ matrix.lang }}
context: production
continue-on-error: false
buildoffline:
needs: submodule
permissions:
contents: read
uses: ./.github/workflows/build-offline.yml
release:
name: Create release notes
needs: build
needs: buildoffline
runs-on: ubuntu-latest
permissions:
contents: write
@@ -85,19 +84,20 @@ jobs:
deploy:
needs: build
uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
uses: ./.github/workflows/deploy.yml
with:
netlify_production: true
github_pages: true
bunnycdn_production: true
minio_production: true
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
PROD_BUNNYCDN_API_KEY: ${{ secrets.PROD_BUNNYCDN_API_KEY }}
PROD_BUNNYCDN_PASSWORD: ${{ secrets.PROD_BUNNYCDN_PASSWORD }}
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
CLUSTER_USERNAME: ${{ secrets.CLUSTER_USERNAME }}
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
cleanup:
if: ${{ always() }}
needs: build
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
needs: [build, buildoffline]
uses: ./.github/workflows/cleanup.yml

View File

@@ -31,7 +31,7 @@ jobs:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
uses: ./.github/workflows/download-repo.yml
with:
repo: ${{ matrix.repo }}
secrets:
@@ -42,19 +42,23 @@ jobs:
strategy:
matrix:
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
build: [build, offline]
fail-fast: false
permissions:
contents: read
uses: ./.github/workflows/build.yml
with:
config: ${{ matrix.build }}
ref: ${{ github.ref }}
repo: ${{ github.repository }}
lang: ${{ matrix.lang }}
continue-on-error: true
buildoffline:
needs: submodule
permissions:
contents: read
uses: ./.github/workflows/build-offline.yml
cleanup:
if: ${{ always() }}
needs: build
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
needs: [build, buildoffline]
uses: ./.github/workflows/cleanup.yml

View File

@@ -1,131 +0,0 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 🤖 Linting
permissions:
contents: read
on:
workflow_dispatch:
pull_request:
branches:
- main
push:
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
env:
MAIN_BRANCH: ${{ github.event_name == 'push' }}
jobs:
megalinter:
name: MegaLinter
runs-on: ubuntu-latest
steps:
- if: ${{ env.MAIN_BRANCH }}
uses: actions/checkout@v4
- if: ${{ env.MAIN_BRANCH == 0 }}
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure markdown-link-check
run: |
cat <<EOT >> .markdown-link-check.json
{
"ignorePatterns": [
{
"pattern": "^https://twitter.com"
},
{
"pattern": "^https://reddit.com"
},
{
"pattern": "^#_"
},
{
"pattern": ".onion"
},
{
"pattern": "^https://en.opensuse.org"
},
{
"pattern": "^https://quad9.net"
},
{
"pattern": "^https://dnscrypt.info"
},
{
"pattern": "^https://pipewire.org"
}
],
"replacementPatterns": [
{
"pattern": "^assets/",
"replacement": "https://www.privacyguides.org/en/assets/"
},
{
"pattern": "^(../)*assets/",
"replacement": "https://www.privacyguides.org/en/assets/"
},
{
"pattern": "^/",
"replacement": "https://www.privacyguides.org/"
}
],
"retryOn429": true,
"retryCount": 5,
"aliveStatusCodes": [200, 206, 403]
}
EOT
- id: ml
# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.io/flavors/
uses: oxsecurity/megalinter/flavors/documentation@v7.10.0
env:
# All available variables are described in documentation
# https://megalinter.io/configuration/
# Validates all source when push on main, else just the git diff with main.
VALIDATE_ALL_CODEBASE: ${{ env.MAIN_BRANCH }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
DISABLE: COPYPASTE,SPELL,HTML
DISABLE_LINTERS: JSON_JSONLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER
DISABLE_ERRORS_LINTERS: CSS_STYLELINT,MARKDOWN_MARKDOWN_LINK_CHECK,YAML_YAMLLINT,DOCKERFILE_HADOLINT,REPOSITORY_TRIVY,REPOSITORY_CHECKOV
EDITORCONFIG_EDITORCONFIG_CHECKER_ARGUMENTS: -disable-indentation
ENV_DOTENV_LINTER_ARGUMENTS: "--skip QuoteCharacter"
MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_INCLUDE: (docs)
MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml
MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: (PULL_REQUEST_TEMPLATE\.md)
# Upload MegaLinter artifacts
- name: Archive production artifacts
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log

View File

@@ -20,13 +20,10 @@
name: 💬 Crowdin Upload
permissions:
contents: read
on:
workflow_dispatch:
push:
branches: [main]
branches: [ main ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
@@ -37,17 +34,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: crowdin action
uses: crowdin/github-action@v1.20.2
with:
upload_sources: true
upload_sources_args: "--auto-update --delete-obsolete"
download_translations: false
config: crowdin.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
- name: Checkout
uses: actions/checkout@v4
- name: crowdin action
uses: crowdin/github-action@v1.20.1
with:
upload_sources: true
upload_sources_args: '--auto-update --delete-obsolete'
download_translations: false
config: crowdin.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

15
.gitignore vendored
View File

@@ -2,9 +2,10 @@ site
/i18n/
/includes/*
!/includes/*.en.*
/static/i18n/
/theme/overrides/*.*.*
/static/i18n/*
!/static/i18n/*.en.*
/theme/overrides/*
!/theme/overrides/*.en.*
# commit social card fonts to repo
# see: https://github.com/squidfunk/mkdocs-material/issues/6983
# ridiculous hide-and-seek https://stackoverflow.com/a/72380673
@@ -17,9 +18,11 @@ site
/config/.cache/plugin/social/*
!/config/.cache/plugin/social/fonts
# Editor settings
.vscode/*
!.vscode/extensions.json
!.vscode/settings.json
# Local Netlify folder
.netlify
node_modules
# Python
.venv

View File

@@ -24,7 +24,8 @@ ul-indent:
indent: 4
no-inline-html: false
code-block-style: false
no-hard-tabs: true
no-hard-tabs:
spaces-per-tab: 4
emphasis-style:
style: "asterisk"
no-duplicate-header: false

View File

@@ -1 +0,0 @@
{}

View File

@@ -23,9 +23,6 @@
"EditorConfig.EditorConfig",
"DavidAnson.vscode-markdownlint",
"wholroyd.jinja",
"mikestead.dotenv",
"redhat.vscode-yaml",
"ecmel.vscode-html-css",
"yzhang.markdown-all-in-one"
"mikestead.dotenv"
]
}

30
.vscode/settings.json vendored
View File

@@ -20,32 +20,8 @@
{
"git.ignoreLimitWarning": true,
"ltex.diagnosticSeverity": "hint",
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true,
"editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
"[yaml]": {
"editor.defaultFormatter": "redhat.vscode-yaml",
"editor.quickSuggestions": {
"other": true,
"comments": false,
"strings": true
}
},
"yaml.schemas": {
"https://raw.githubusercontent.com/DavidAnson/markdownlint/main/schema/markdownlint-config-schema.json": ".markdownlint.yml",
"https://json.schemastore.org/github-issue-config.json": ".github/ISSUE_TEMPLATE/config.yml",
".vscode/.empty-schema.json": "config/*.yml"
},
"yaml.customTags": [
"!ENV sequence",
"!ENV",
"tag:yaml.org,2002:python/name:pymdownx.superfences.fence_code_format",
"tag:yaml.org,2002:python/name:material.extensions.emoji.twemoji",
"tag:yaml.org,2002:python/name:material.extensions.emoji.to_svg"
],
"editor.formatOnSave": true,
"[github-actions-workflow]": {
"editor.defaultFormatter": "esbenp.prettier-vscode"
"[markdown]": {
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true
}
}

View File

@@ -1,71 +0,0 @@
FROM python:3.12-alpine as base
LABEL org.opencontainers.image.source="https://github.com/privacyguides/privacyguides.org"
# Setup env
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONFAULTHANDLER 1
FROM base AS python-deps
# Install pipenv and compilation dependencies
RUN pip install pipenv
RUN \
apk upgrade --update-cache -a \
&& \
apk add --no-cache \
gcc \
libffi-dev \
musl-dev
# Install python dependencies in /.venv
COPY modules/mkdocs-material ./modules/mkdocs-material
COPY Pipfile .
COPY Pipfile.lock .
RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy
FROM base AS runtime
# Install runtime dependencies
RUN \
apk upgrade --update-cache -a \
&& \
apk add --no-cache \
cairo \
freetype-dev \
git \
git-fast-import \
jpeg-dev \
openssh \
pngquant \
tini \
zlib-dev \
libffi-dev \
musl-dev
# Copy virtual env from python-deps stage
COPY --from=python-deps /.venv /.venv
COPY --from=python-deps /modules/mkdocs-material /modules/mkdocs-material
ENV PATH="/.venv/bin:$PATH"
# Create and switch to a new user
RUN mkdir /site
WORKDIR /site
COPY docs docs
COPY theme theme
COPY includes includes
COPY config/*.yml config/
COPY config/layouts config/layouts
COPY config/.cache/plugin/social/fonts config/.cache/plugin/social/fonts
EXPOSE 8000
ENV MKDOCS_INHERIT mkdocs-production.yml
HEALTHCHECK NONE
ENTRYPOINT ["mkdocs"]
CMD ["serve", "--dev-addr=0.0.0.0:8000", "--config-file=config/mkdocs.en.yml"]

412
Pipfile.lock generated
View File

@@ -45,6 +45,7 @@
"sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0",
"sha256:8a5222d4e6c3f86f1f7046b63246877a63b49923a1cd202184c3a634ef546b3b"
],
"markers": "python_version >= '3.5'",
"version": "==2.7.1"
},
"certifi": {
@@ -289,164 +290,122 @@
},
"lxml": {
"hashes": [
"sha256:04ab5415bf6c86e0518d57240a96c4d1fcfc3cb370bb2ac2a732b67f579e5a04",
"sha256:057cdc6b86ab732cf361f8b4d8af87cf195a1f6dc5b0ff3de2dced242c2015e0",
"sha256:058a1308914f20784c9f4674036527e7c04f7be6fb60f5d61353545aa7fcb739",
"sha256:08802f0c56ed150cc6885ae0788a321b73505d2263ee56dad84d200cab11c07a",
"sha256:0a15438253b34e6362b2dc41475e7f80de76320f335e70c5528b7148cac253a1",
"sha256:0c3f67e2aeda739d1cc0b1102c9a9129f7dc83901226cc24dd72ba275ced4218",
"sha256:0e7259016bc4345a31af861fdce942b77c99049d6c2107ca07dc2bba2435c1d9",
"sha256:0ed777c1e8c99b63037b91f9d73a6aad20fd035d77ac84afcc205225f8f41188",
"sha256:0f5d65c39f16717a47c36c756af0fb36144069c4718824b7533f803ecdf91138",
"sha256:0f8c09ed18ecb4ebf23e02b8e7a22a05d6411911e6fabef3a36e4f371f4f2585",
"sha256:11a04306fcba10cd9637e669fd73aa274c1c09ca64af79c041aa820ea992b637",
"sha256:1ae67b4e737cddc96c99461d2f75d218bdf7a0c3d3ad5604d1f5e7464a2f9ffe",
"sha256:1c5bb205e9212d0ebddf946bc07e73fa245c864a5f90f341d11ce7b0b854475d",
"sha256:1f7785f4f789fdb522729ae465adcaa099e2a3441519df750ebdccc481d961a1",
"sha256:200e63525948e325d6a13a76ba2911f927ad399ef64f57898cf7c74e69b71095",
"sha256:21c2e6b09565ba5b45ae161b438e033a86ad1736b8c838c766146eff8ceffff9",
"sha256:2213afee476546a7f37c7a9b4ad4d74b1e112a6fafffc9185d6d21f043128c81",
"sha256:27aa20d45c2e0b8cd05da6d4759649170e8dfc4f4e5ef33a34d06f2d79075d57",
"sha256:2a66bf12fbd4666dd023b6f51223aed3d9f3b40fef06ce404cb75bafd3d89536",
"sha256:2c9d147f754b1b0e723e6afb7ba1566ecb162fe4ea657f53d2139bbf894d050a",
"sha256:2ddfe41ddc81f29a4c44c8ce239eda5ade4e7fc305fb7311759dd6229a080052",
"sha256:31e9a882013c2f6bd2f2c974241bf4ba68c85eba943648ce88936d23209a2e01",
"sha256:3249cc2989d9090eeac5467e50e9ec2d40704fea9ab72f36b034ea34ee65ca98",
"sha256:3545039fa4779be2df51d6395e91a810f57122290864918b172d5dc7ca5bb433",
"sha256:394ed3924d7a01b5bd9a0d9d946136e1c2f7b3dc337196d99e61740ed4bc6fe1",
"sha256:3a6b45da02336895da82b9d472cd274b22dc27a5cea1d4b793874eead23dd14f",
"sha256:3a74c4f27167cb95c1d4af1c0b59e88b7f3e0182138db2501c353555f7ec57f4",
"sha256:3d0c3dd24bb4605439bf91068598d00c6370684f8de4a67c2992683f6c309d6b",
"sha256:3dbe858ee582cbb2c6294dc85f55b5f19c918c2597855e950f34b660f1a5ede6",
"sha256:3dc773b2861b37b41a6136e0b72a1a44689a9c4c101e0cddb6b854016acc0aa8",
"sha256:3e183c6e3298a2ed5af9d7a356ea823bccaab4ec2349dc9ed83999fd289d14d5",
"sha256:3f7765e69bbce0906a7c74d5fe46d2c7a7596147318dbc08e4a2431f3060e306",
"sha256:417d14450f06d51f363e41cace6488519038f940676ce9664b34ebf5653433a5",
"sha256:44f6c7caff88d988db017b9b0e4ab04934f11e3e72d478031efc7edcac6c622f",
"sha256:491755202eb21a5e350dae00c6d9a17247769c64dcf62d8c788b5c135e179dc4",
"sha256:4951e4f7a5680a2db62f7f4ab2f84617674d36d2d76a729b9a8be4b59b3659be",
"sha256:52421b41ac99e9d91934e4d0d0fe7da9f02bfa7536bb4431b4c05c906c8c6919",
"sha256:530e7c04f72002d2f334d5257c8a51bf409db0316feee7c87e4385043be136af",
"sha256:533658f8fbf056b70e434dff7e7aa611bcacb33e01f75de7f821810e48d1bb66",
"sha256:5670fb70a828663cc37552a2a85bf2ac38475572b0e9b91283dc09efb52c41d1",
"sha256:56c22432809085b3f3ae04e6e7bdd36883d7258fcd90e53ba7b2e463efc7a6af",
"sha256:58278b29cb89f3e43ff3e0c756abbd1518f3ee6adad9e35b51fb101c1c1daaec",
"sha256:588008b8497667f1ddca7c99f2f85ce8511f8f7871b4a06ceede68ab62dff64b",
"sha256:59565f10607c244bc4c05c0c5fa0c190c990996e0c719d05deec7030c2aa8289",
"sha256:59689a75ba8d7ffca577aefd017d08d659d86ad4585ccc73e43edbfc7476781a",
"sha256:5aea8212fb823e006b995c4dda533edcf98a893d941f173f6c9506126188860d",
"sha256:5c670c0406bdc845b474b680b9a5456c561c65cf366f8db5a60154088c92d102",
"sha256:5ca1e8188b26a819387b29c3895c47a5e618708fe6f787f3b1a471de2c4a94d9",
"sha256:5d077bc40a1fe984e1a9931e801e42959a1e6598edc8a3223b061d30fbd26bbc",
"sha256:5d5792e9b3fb8d16a19f46aa8208987cfeafe082363ee2745ea8b643d9cc5b45",
"sha256:5dd1537e7cc06efd81371f5d1a992bd5ab156b2b4f88834ca852de4a8ea523fa",
"sha256:5ea7b6766ac2dfe4bcac8b8595107665a18ef01f8c8343f00710b85096d1b53a",
"sha256:622020d4521e22fb371e15f580d153134bfb68d6a429d1342a25f051ec72df1c",
"sha256:627402ad8dea044dde2eccde4370560a2b750ef894c9578e1d4f8ffd54000461",
"sha256:644df54d729ef810dcd0f7732e50e5ad1bd0a135278ed8d6bcb06f33b6b6f708",
"sha256:64641a6068a16201366476731301441ce93457eb8452056f570133a6ceb15fca",
"sha256:64c2baa7774bc22dd4474248ba16fe1a7f611c13ac6123408694d4cc93d66dbd",
"sha256:6588c459c5627fefa30139be4d2e28a2c2a1d0d1c265aad2ba1935a7863a4913",
"sha256:66bc5eb8a323ed9894f8fa0ee6cb3e3fb2403d99aee635078fd19a8bc7a5a5da",
"sha256:68a2610dbe138fa8c5826b3f6d98a7cfc29707b850ddcc3e21910a6fe51f6ca0",
"sha256:6935bbf153f9a965f1e07c2649c0849d29832487c52bb4a5c5066031d8b44fd5",
"sha256:6992030d43b916407c9aa52e9673612ff39a575523c5f4cf72cdef75365709a5",
"sha256:6a014510830df1475176466b6087fc0c08b47a36714823e58d8b8d7709132a96",
"sha256:6ab833e4735a7e5533711a6ea2df26459b96f9eec36d23f74cafe03631647c41",
"sha256:6cc6ee342fb7fa2471bd9b6d6fdfc78925a697bf5c2bcd0a302e98b0d35bfad3",
"sha256:6cf58416653c5901e12624e4013708b6e11142956e7f35e7a83f1ab02f3fe456",
"sha256:70a9768e1b9d79edca17890175ba915654ee1725975d69ab64813dd785a2bd5c",
"sha256:70ac664a48aa64e5e635ae5566f5227f2ab7f66a3990d67566d9907edcbbf867",
"sha256:71e97313406ccf55d32cc98a533ee05c61e15d11b99215b237346171c179c0b0",
"sha256:7221d49259aa1e5a8f00d3d28b1e0b76031655ca74bb287123ef56c3db92f213",
"sha256:74b28c6334cca4dd704e8004cba1955af0b778cf449142e581e404bd211fb619",
"sha256:764b521b75701f60683500d8621841bec41a65eb739b8466000c6fdbc256c240",
"sha256:78bfa756eab503673991bdcf464917ef7845a964903d3302c5f68417ecdc948c",
"sha256:794f04eec78f1d0e35d9e0c36cbbb22e42d370dda1609fb03bcd7aeb458c6377",
"sha256:79bd05260359170f78b181b59ce871673ed01ba048deef4bf49a36ab3e72e80b",
"sha256:7a7efd5b6d3e30d81ec68ab8a88252d7c7c6f13aaa875009fe3097eb4e30b84c",
"sha256:7c17b64b0a6ef4e5affae6a3724010a7a66bda48a62cfe0674dabd46642e8b54",
"sha256:804f74efe22b6a227306dd890eecc4f8c59ff25ca35f1f14e7482bbce96ef10b",
"sha256:853e074d4931dbcba7480d4dcab23d5c56bd9607f92825ab80ee2bd916edea53",
"sha256:857500f88b17a6479202ff5fe5f580fc3404922cd02ab3716197adf1ef628029",
"sha256:865bad62df277c04beed9478fe665b9ef63eb28fe026d5dedcb89b537d2e2ea6",
"sha256:88e22fc0a6684337d25c994381ed8a1580a6f5ebebd5ad41f89f663ff4ec2885",
"sha256:8b9c07e7a45bb64e21df4b6aa623cb8ba214dfb47d2027d90eac197329bb5e94",
"sha256:8de8f9d6caa7f25b204fc861718815d41cbcf27ee8f028c89c882a0cf4ae4134",
"sha256:8e77c69d5892cb5ba71703c4057091e31ccf534bd7f129307a4d084d90d014b8",
"sha256:9123716666e25b7b71c4e1789ec829ed18663152008b58544d95b008ed9e21e9",
"sha256:958244ad566c3ffc385f47dddde4145088a0ab893504b54b52c041987a8c1863",
"sha256:96323338e6c14e958d775700ec8a88346014a85e5de73ac7967db0367582049b",
"sha256:9676bfc686fa6a3fa10cd4ae6b76cae8be26eb5ec6811d2a325636c460da1806",
"sha256:9b0ff53900566bc6325ecde9181d89afadc59c5ffa39bddf084aaedfe3b06a11",
"sha256:9b9ec9c9978b708d488bec36b9e4c94d88fd12ccac3e62134a9d17ddba910ea9",
"sha256:9c6ad0fbf105f6bcc9300c00010a2ffa44ea6f555df1a2ad95c88f5656104817",
"sha256:9ca66b8e90daca431b7ca1408cae085d025326570e57749695d6a01454790e95",
"sha256:9e2addd2d1866fe112bc6f80117bcc6bc25191c5ed1bfbcf9f1386a884252ae8",
"sha256:a0af35bd8ebf84888373630f73f24e86bf016642fb8576fba49d3d6b560b7cbc",
"sha256:a2b44bec7adf3e9305ce6cbfa47a4395667e744097faed97abb4728748ba7d47",
"sha256:a2dfe7e2473f9b59496247aad6e23b405ddf2e12ef0765677b0081c02d6c2c0b",
"sha256:a55ee573116ba208932e2d1a037cc4b10d2c1cb264ced2184d00b18ce585b2c0",
"sha256:a7baf9ffc238e4bf401299f50e971a45bfcc10a785522541a6e3179c83eabf0a",
"sha256:a8d5c70e04aac1eda5c829a26d1f75c6e5286c74743133d9f742cda8e53b9c2f",
"sha256:a91481dbcddf1736c98a80b122afa0f7296eeb80b72344d7f45dc9f781551f56",
"sha256:ab31a88a651039a07a3ae327d68ebdd8bc589b16938c09ef3f32a4b809dc96ef",
"sha256:abc25c3cab9ec7fcd299b9bcb3b8d4a1231877e425c650fa1c7576c5107ab851",
"sha256:adfb84ca6b87e06bc6b146dc7da7623395db1e31621c4785ad0658c5028b37d7",
"sha256:afbbdb120d1e78d2ba8064a68058001b871154cc57787031b645c9142b937a62",
"sha256:afd5562927cdef7c4f5550374acbc117fd4ecc05b5007bdfa57cc5355864e0a4",
"sha256:b070bbe8d3f0f6147689bed981d19bbb33070225373338df755a46893528104a",
"sha256:b0b58fbfa1bf7367dde8a557994e3b1637294be6cf2169810375caf8571a085c",
"sha256:b560e3aa4b1d49e0e6c847d72665384db35b2f5d45f8e6a5c0072e0283430533",
"sha256:b6241d4eee5f89453307c2f2bfa03b50362052ca0af1efecf9fef9a41a22bb4f",
"sha256:b6787b643356111dfd4032b5bffe26d2f8331556ecb79e15dacb9275da02866e",
"sha256:bcbf4af004f98793a95355980764b3d80d47117678118a44a80b721c9913436a",
"sha256:beb72935a941965c52990f3a32d7f07ce869fe21c6af8b34bf6a277b33a345d3",
"sha256:bf2e2458345d9bffb0d9ec16557d8858c9c88d2d11fed53998512504cd9df49b",
"sha256:c2d35a1d047efd68027817b32ab1586c1169e60ca02c65d428ae815b593e65d4",
"sha256:c38d7b9a690b090de999835f0443d8aa93ce5f2064035dfc48f27f02b4afc3d0",
"sha256:c6f2c8372b98208ce609c9e1d707f6918cc118fea4e2c754c9f0812c04ca116d",
"sha256:c817d420c60a5183953c783b0547d9eb43b7b344a2c46f69513d5952a78cddf3",
"sha256:c8ba129e6d3b0136a0f50345b2cb3db53f6bda5dd8c7f5d83fbccba97fb5dcb5",
"sha256:c94e75445b00319c1fad60f3c98b09cd63fe1134a8a953dcd48989ef42318534",
"sha256:cc4691d60512798304acb9207987e7b2b7c44627ea88b9d77489bbe3e6cc3bd4",
"sha256:cc518cea79fd1e2f6c90baafa28906d4309d24f3a63e801d855e7424c5b34144",
"sha256:cd53553ddad4a9c2f1f022756ae64abe16da1feb497edf4d9f87f99ec7cf86bd",
"sha256:cf22b41fdae514ee2f1691b6c3cdeae666d8b7fa9434de445f12bbeee0cf48dd",
"sha256:d38c8f50ecf57f0463399569aa388b232cf1a2ffb8f0a9a5412d0db57e054860",
"sha256:d3be9b2076112e51b323bdf6d5a7f8a798de55fb8d95fcb64bd179460cdc0704",
"sha256:d4f2cc7060dc3646632d7f15fe68e2fa98f58e35dd5666cd525f3b35d3fed7f8",
"sha256:d7520db34088c96cc0e0a3ad51a4fd5b401f279ee112aa2b7f8f976d8582606d",
"sha256:d793bebb202a6000390a5390078e945bbb49855c29c7e4d56a85901326c3b5d9",
"sha256:da052e7962ea2d5e5ef5bc0355d55007407087392cf465b7ad84ce5f3e25fe0f",
"sha256:dae0ed02f6b075426accbf6b2863c3d0a7eacc1b41fb40f2251d931e50188dad",
"sha256:ddc678fb4c7e30cf830a2b5a8d869538bc55b28d6c68544d09c7d0d8f17694dc",
"sha256:df2e6f546c4df14bc81f9498bbc007fbb87669f1bb707c6138878c46b06f6510",
"sha256:e02c5175f63effbd7c5e590399c118d5db6183bbfe8e0d118bdb5c2d1b48d937",
"sha256:e196a4ff48310ba62e53a8e0f97ca2bca83cdd2fe2934d8b5cb0df0a841b193a",
"sha256:e233db59c8f76630c512ab4a4daf5a5986da5c3d5b44b8e9fc742f2a24dbd460",
"sha256:e32be23d538753a8adb6c85bd539f5fd3b15cb987404327c569dfc5fd8366e85",
"sha256:e3d30321949861404323c50aebeb1943461a67cd51d4200ab02babc58bd06a86",
"sha256:e89580a581bf478d8dcb97d9cd011d567768e8bc4095f8557b21c4d4c5fea7d0",
"sha256:e998e304036198b4f6914e6a1e2b6f925208a20e2042563d9734881150c6c246",
"sha256:ec42088248c596dbd61d4ae8a5b004f97a4d91a9fd286f632e42e60b706718d7",
"sha256:efa7b51824aa0ee957ccd5a741c73e6851de55f40d807f08069eb4c5a26b2baa",
"sha256:f0a1bc63a465b6d72569a9bba9f2ef0334c4e03958e043da1920299100bc7c08",
"sha256:f18a5a84e16886898e51ab4b1d43acb3083c39b14c8caeb3589aabff0ee0b270",
"sha256:f2a9efc53d5b714b8df2b4b3e992accf8ce5bbdfe544d74d5c6766c9e1146a3a",
"sha256:f3bbbc998d42f8e561f347e798b85513ba4da324c2b3f9b7969e9c45b10f6169",
"sha256:f42038016852ae51b4088b2862126535cc4fc85802bfe30dea3500fdfaf1864e",
"sha256:f443cdef978430887ed55112b491f670bba6462cea7a7742ff8f14b7abb98d75",
"sha256:f51969bac61441fd31f028d7b3b45962f3ecebf691a510495e5d2cd8c8092dbd",
"sha256:f8aca2e3a72f37bfc7b14ba96d4056244001ddcc18382bd0daa087fd2e68a354",
"sha256:f9737bf36262046213a28e789cc82d82c6ef19c85a0cf05e75c670a33342ac2c",
"sha256:fd6037392f2d57793ab98d9e26798f44b8b4da2f2464388588f48ac52c489ea1",
"sha256:feaa45c0eae424d3e90d78823f3828e7dc42a42f21ed420db98da2c4ecf0a2cb",
"sha256:ff097ae562e637409b429a7ac958a20aab237a0378c42dabaa1e3abf2f896e5f",
"sha256:ff46d772d5f6f73564979cd77a4fffe55c916a05f3cb70e7c9c0590059fb29ef"
"sha256:0382e6a3eefa3f6699b14fa77c2eb32af2ada261b75120eaf4fc028a20394975",
"sha256:03e3962d6ad13a862dacd5b3a3ea60b4d092a550f36465234b8639311fd60989",
"sha256:05fc3720250d221792b6e0d150afc92d20cb10c9cdaa8c8f93c2a00fbdd16015",
"sha256:06036d60fccb21e22dd167f6d0e422b9cbdf3588a7e999a33799f9cbf01e41a5",
"sha256:0947d1114e337dc2aae2fa14bbc9ed5d9ca1a0acd6d2f948df9926aef65305e9",
"sha256:0e95ae029396382a0d2e8174e4077f96befcd4a2184678db363ddc074eb4d3b2",
"sha256:11acfcdf5a38cf89c48662123a5d02ae0a7d99142c7ee14ad90de5c96a9b6f06",
"sha256:11e41ffd3cd27b0ca1c76073b27bd860f96431d9b70f383990f1827ca19f2f52",
"sha256:1459a998c10a99711ac532abe5cc24ba354e4396dafef741c7797f8830712d56",
"sha256:16e65223f34fd3d65259b174f0f75a4bb3d9893698e5e7d01e54cd8c5eb98d85",
"sha256:1cce2eaad7e38b985b0f91f18468dda0d6b91862d32bec945b0e46e2ffe7222e",
"sha256:1eace37a9f4a1bef0bb5c849434933fd6213008ec583c8e31ee5b8e99c7c8500",
"sha256:1ede2a7a86a977b0c741654efaeca0af7860a9b1ae39f9268f0936246a977ee0",
"sha256:1effc10bf782f0696e76ecfeba0720ea02c0c31d5bffb7b29ba10debd57d1c3d",
"sha256:200f70b5d95fc79eb9ed7f8c4888eef4e274b9bf380b829d3d52e9ed962e9231",
"sha256:21dc490cdb33047bc7f7ad76384f3366fa8f5146b86cc04c4af45de901393b90",
"sha256:246c93e2503c710cf02c7e9869dc0258223cbefe5e8f9ecded0ac0aa07fd2bf8",
"sha256:25fef8794f0dc89f01bdd02df6a7fec4bcb2fbbe661d571e898167a83480185e",
"sha256:27877732946843f4b6bfc56eb40d865653eef34ad2edeed16b015d5c29c248df",
"sha256:281ee1ffeb0ab06204dfcd22a90e9003f0bb2dab04101ad983d0b1773bc10588",
"sha256:2a34e74ffe92c413f197ff4967fb1611d938ee0691b762d062ef0f73814f3aa4",
"sha256:2ad364026c2cebacd7e01d1138bd53639822fefa8f7da90fc38cd0e6319a2699",
"sha256:2bbe335f0d1a86391671d975a1b5e9b08bb72fba6b567c43bdc2e55ca6e6c086",
"sha256:32d44af078485c4da9a7ec460162392d49d996caf89516fa0b75ad0838047122",
"sha256:347ec08250d5950f5b016caa3e2e13fb2cb9714fe6041d52e3716fb33c208663",
"sha256:356f8873b1e27b81793e30144229adf70f6d3e36e5cb7b6d289da690f4398953",
"sha256:35e39c6fd089ad6674eb52d93aa874d6027b3ae44d2381cca6e9e4c2e102c9c8",
"sha256:3603a8a41097daf7672cae22cc4a860ab9ea5597f1c5371cb21beca3398b8d6a",
"sha256:371aab9a397dcc76625ad3b02fa9b21be63406d69237b773156e7d1fc2ce0cae",
"sha256:3ac7c8a60b8ad51fe7bca99a634dd625d66492c502fd548dc6dc769ce7d94b6a",
"sha256:3cefb133c859f06dab2ae63885d9f405000c4031ec516e0ed4f9d779f690d8e3",
"sha256:3f06e4460e76468d99cc36d5b9bc6fc5f43e6662af44960e13e3f4e040aacb35",
"sha256:4add722393c99da4d51c8d9f3e1ddf435b30677f2d9ba9aeaa656f23c1b7b580",
"sha256:4c232726f7b6df5143415a06323faaa998ef8abbe1c0ed00d718755231d76f08",
"sha256:4d16b44ad0dd8c948129639e34c8d301ad87ebc852568ace6fe9a5ad9ce67ee1",
"sha256:50a26f68d090594477df8572babac64575cd5c07373f7a8319c527c8e56c0f99",
"sha256:5188f22c00381cb44283ecb28c8d85c2db4a3035774dd851876c8647cb809c27",
"sha256:5261c858c390ae9a19aba96796948b6a2d56649cbd572968970dc8da2b2b2a42",
"sha256:52d6cdea438eb7282c41c5ac00bd6d47d14bebb6e8a8d2a1c168ed9e0cacfbab",
"sha256:53c0e56f41ef68c1ce4e96f27ecdc2df389730391a2fd45439eb3facb02d36c8",
"sha256:56591e477bea531e5e1854f5dfb59309d5708669bc921562a35fd9ca5182bdcd",
"sha256:56835b9e9a7767202fae06310c6b67478963e535fe185bed3bf9af5b18d2b67e",
"sha256:57402d6cdd8a897ce21cf8d1ff36683583c17a16322a321184766c89a1980600",
"sha256:57cbadf028727705086047994d2e50124650e63ce5a035b0aa79ab50f001989f",
"sha256:5810fa80e64a0c689262a71af999c5735f48c0da0affcbc9041d1ef5ef3920be",
"sha256:59ec2948385336e9901008fdf765780fe30f03e7fdba8090aafdbe5d1b7ea0cd",
"sha256:5f6e4e5a62114ae76690c4a04c5108d067442d0a41fd092e8abd25af1288c450",
"sha256:60847dfbdfddf08a56c4eefe48234e8c1ab756c7eda4a2a7c1042666a5516564",
"sha256:60a3983d32f722a8422c01e4dc4badc7a307ca55c59e2485d0e14244a52c482f",
"sha256:641a8da145aca67671205f3e89bfec9815138cf2fe06653c909eab42e486d373",
"sha256:6a7e0935f05e1cf1a3aa1d49a87505773b04f128660eac2a24a5594ea6b1baa7",
"sha256:6e45fd5213e5587a610b7e7c8c5319a77591ab21ead42df46bb342e21bc1418d",
"sha256:6f0d2b97a5a06c00c963d4542793f3e486b1ed3a957f8c19f6006ed39d104bb0",
"sha256:703d60e59ab45c17485c2c14b11880e4f7f0eab07134afa9007573fa5a779a5a",
"sha256:7250030a7835bfd5ba6ca7d1ad483ec90f9cbc29978c5e75c1cc3e031d3c4160",
"sha256:73e69762cf740ac3ae81137ef9d6f15f93095f50854e233d50b29e7b8a91dbc6",
"sha256:75a4117b43694c72a0d89f6c18a28dc57407bde4650927d4ef5fd384bdf6dcc7",
"sha256:7a1611fb9de0a269c05575c024e6d8cdf2186e3fa52b364e3b03dcad82514d57",
"sha256:7c556bbf88a8b667c849d326dd4dd9c6290ede5a33383ffc12b0ed17777f909d",
"sha256:7c61ce3cdd6e6c9f4003ac118be7eb3036d0ce2afdf23929e533e54482780f74",
"sha256:7efbce96719aa275d49ad5357886845561328bf07e1d5ab998f4e3066c5ccf15",
"sha256:7fac15090bb966719df06f0c4f8139783746d1e60e71016d8a65db2031ca41b8",
"sha256:80cc2b55bb6e35d3cb40936b658837eb131e9f16357241cd9ba106ae1e9c5ecb",
"sha256:883e382695f346c2ea3ad96bdbdf4ca531788fbeedb4352be3a8fcd169fc387d",
"sha256:8aa11638902ac23f944f16ce45c9f04c9d5d57bb2da66822abb721f4efe5fdbb",
"sha256:92bb37c96215c4b2eb26f3c791c0bf02c64dd251effa532b43ca5049000c4478",
"sha256:931a3a13e0f574abce8f3152b207938a54304ccf7a6fd7dff1fdb2f6691d08af",
"sha256:93eede9bcc842f891b2267c7f0984d811940d1bc18472898a1187fe560907a99",
"sha256:947fa8bf15d1c62c6db36c6ede9389cac54f59af27010251747f05bddc227745",
"sha256:a00f5931b7cccea775123c3c0a2513aee58afdad8728550cc970bff32280bdd2",
"sha256:a3c39def0965e8fb5c8d50973e0c7b4ce429a2fa730f3f9068a7f4f9ce78410b",
"sha256:a9b67b850ab1d304cb706cf71814b0e0c3875287083d7ec55ee69504a9c48180",
"sha256:ada8ce9e6e1d126ef60d215baaa0c81381ba5841c25f1d00a71cdafdc038bd27",
"sha256:ae550cbd7f229cdf2841d9b01406bcca379a5fb327b9efb53ba620a10452e835",
"sha256:ae69524fd6a68b288574013f8fadac23cacf089c75cd3fc5b216277a445eb736",
"sha256:af64df85fecd3cf3b2e792f0b5b4d92740905adfa8ce3b24977a55415f1a0c40",
"sha256:b0181c22fdb89cc19e70240a850e5480817c3e815b1eceb171b3d7a3aa3e596a",
"sha256:b03531f6cd6ce4b511dcece060ca20aa5412f8db449274b44f4003f282e6272f",
"sha256:b3b4bb89a785f4fd60e05f3c3a526c07d0d68e3536f17f169ca13bf5b5dd75a5",
"sha256:b7150e630b879390e02121e71ceb1807f682b88342e2ea2082e2c8716cf8bd93",
"sha256:b8f842df9ba26135c5414e93214e04fe0af259bb4f96a32f756f89467f7f3b45",
"sha256:ba3a86b0d5a5c93104cb899dff291e3ae13729c389725a876d00ef9696de5425",
"sha256:ba4d02aed47c25be6775a40d55c5774327fdedba79871b7c2485e80e45750cb2",
"sha256:bc2259243ee734cc736e237719037efb86603c891fd363cc7973a2d0ac8a0e3f",
"sha256:be5c8e776ecbcf8c1bce71a7d90e3a3680c9ceae516cac0be08b47e9fac0ca43",
"sha256:be5faa2d5c8c8294d770cfd09d119fb27b5589acc59635b0cf90f145dbe81dca",
"sha256:c53164f29ed3c3868787144e8ea8a399ffd7d8215f59500a20173593c19e96eb",
"sha256:c54f8d6160080831a76780d850302fdeb0e8d0806f661777b0714dfb55d9a08a",
"sha256:c74e77df9e36c8c91157853e6cd400f6f9ca7a803ba89981bfe3f3fc7e5651ef",
"sha256:c84dce8fb2e900d4fb094e76fdad34a5fd06de53e41bddc1502c146eb11abd74",
"sha256:ca3236f31d565555139d5b00b790ed2a98ac6f0c4470c4032f8b5e5a5dba3c1a",
"sha256:d2b339fb790fc923ae2e9345c8633e3d0064d37ea7920c027f20c8ae6f65a91f",
"sha256:d46df6f0b1a0cda39d12c5c4615a7d92f40342deb8001c7b434d7c8c78352e58",
"sha256:da12b4efc93d53068888cb3b58e355b31839f2428b8f13654bd25d68b201c240",
"sha256:dc7b630c4fb428b8a40ddd0bfc4bc19de11bb3c9b031154f77360e48fe8b4451",
"sha256:dd0f25a431cd16f70ec1c47c10b413e7ddfe1ccaaddd1a7abd181e507c012374",
"sha256:ddbea6e58cce1a640d9d65947f1e259423fc201c9cf9761782f355f53b7f3097",
"sha256:ddda5ba8831f258ac7e6364be03cb27aa62f50c67fd94bc1c3b6247959cc0369",
"sha256:df7dfbdef11702fd22c2eaf042d7098d17edbc62d73f2199386ad06cbe466f6d",
"sha256:e08784288a179b59115b5e57abf6d387528b39abb61105fe17510a199a277a40",
"sha256:e283b24c14361fe9e04026a1d06c924450415491b83089951d469509900d9f32",
"sha256:e4366e58c0508da4dee4c7c70cee657e38553d73abdffa53abbd7d743711ee11",
"sha256:e6cb8f7a332eaa2d876b649a748a445a38522e12f2168e5e838d1505a91cdbb7",
"sha256:e8359fb610c8c444ac473cfd82dae465f405ff807cabb98a9b9712bbd0028751",
"sha256:eaf5e308a5e50bc0548c4fdca0117a31ec9596f8cfc96592db170bcecc71a957",
"sha256:ed1fe80e1fcdd1205a443bddb1ad3c3135bb1cd3f36cc996a1f4aed35960fbe8",
"sha256:f1f164e4cc6bc646b1fc86664c3543bf4a941d45235797279b120dc740ee7af5",
"sha256:f2cb157e279d28c66b1c27e0948687dc31dc47d1ab10ce0cd292a8334b7de3d5",
"sha256:f354d62345acdf22aa3e171bd9723790324a66fafe61bfe3873b86724cf6daaa",
"sha256:f46f8033da364bacc74aca5e319509a20bb711c8a133680ca5f35020f9eaf025",
"sha256:f90c36ca95a44d2636bbf55a51ca30583b59b71b6547b88d954e029598043551",
"sha256:f9e27841cddfaebc4e3ffbe5dbdff42891051acf5befc9f5323944b2c61cef16",
"sha256:fadda215e32fe375d65e560b7f7e2a37c7f9c4ecee5315bb1225ca6ac9bf5838"
],
"markers": "python_version >= '3.6'",
"version": "==5.2.1"
"version": "==5.2.0"
},
"markdown": {
"hashes": [
@@ -569,7 +528,6 @@
"extras": [
"imaging"
],
"markers": "python_version >= '3.8'",
"path": "./modules/mkdocs-material"
},
"mkdocs-material-extensions": {
@@ -604,77 +562,77 @@
},
"pillow": {
"hashes": [
"sha256:048ad577748b9fa4a99a0548c64f2cb8d672d5bf2e643a739ac8faff1164238c",
"sha256:048eeade4c33fdf7e08da40ef402e748df113fd0b4584e32c4af74fe78baaeb2",
"sha256:0ba26351b137ca4e0db0342d5d00d2e355eb29372c05afd544ebf47c0956ffeb",
"sha256:0ea2a783a2bdf2a561808fe4a7a12e9aa3799b701ba305de596bc48b8bdfce9d",
"sha256:1530e8f3a4b965eb6a7785cf17a426c779333eb62c9a7d1bbcf3ffd5bf77a4aa",
"sha256:16563993329b79513f59142a6b02055e10514c1a8e86dca8b48a893e33cf91e3",
"sha256:19aeb96d43902f0a783946a0a87dbdad5c84c936025b8419da0a0cd7724356b1",
"sha256:1a1d1915db1a4fdb2754b9de292642a39a7fb28f1736699527bb649484fb966a",
"sha256:1b87bd9d81d179bd8ab871603bd80d8645729939f90b71e62914e816a76fc6bd",
"sha256:1dfc94946bc60ea375cc39cff0b8da6c7e5f8fcdc1d946beb8da5c216156ddd8",
"sha256:2034f6759a722da3a3dbd91a81148cf884e91d1b747992ca288ab88c1de15999",
"sha256:261ddb7ca91fcf71757979534fb4c128448b5b4c55cb6152d280312062f69599",
"sha256:2ed854e716a89b1afcedea551cd85f2eb2a807613752ab997b9974aaa0d56936",
"sha256:3102045a10945173d38336f6e71a8dc71bcaeed55c3123ad4af82c52807b9375",
"sha256:339894035d0ede518b16073bdc2feef4c991ee991a29774b33e515f1d308e08d",
"sha256:412444afb8c4c7a6cc11a47dade32982439925537e483be7c0ae0cf96c4f6a0b",
"sha256:4203efca580f0dd6f882ca211f923168548f7ba334c189e9eab1178ab840bf60",
"sha256:45ebc7b45406febf07fef35d856f0293a92e7417ae7933207e90bf9090b70572",
"sha256:4b5ec25d8b17217d635f8935dbc1b9aa5907962fae29dff220f2659487891cd3",
"sha256:4c8e73e99da7db1b4cad7f8d682cf6abad7844da39834c288fbfa394a47bbced",
"sha256:4e6f7d1c414191c1199f8996d3f2282b9ebea0945693fb67392c75a3a320941f",
"sha256:4eaa22f0d22b1a7e93ff0a596d57fdede2e550aecffb5a1ef1106aaece48e96b",
"sha256:50b8eae8f7334ec826d6eeffaeeb00e36b5e24aa0b9df322c247539714c6df19",
"sha256:50fd3f6b26e3441ae07b7c979309638b72abc1a25da31a81a7fbd9495713ef4f",
"sha256:51243f1ed5161b9945011a7360e997729776f6e5d7005ba0c6879267d4c5139d",
"sha256:5d512aafa1d32efa014fa041d38868fda85028e3f930a96f85d49c7d8ddc0383",
"sha256:5f77cf66e96ae734717d341c145c5949c63180842a545c47a0ce7ae52ca83795",
"sha256:6b02471b72526ab8a18c39cb7967b72d194ec53c1fd0a70b050565a0f366d355",
"sha256:6fb1b30043271ec92dc65f6d9f0b7a830c210b8a96423074b15c7bc999975f57",
"sha256:7161ec49ef0800947dc5570f86568a7bb36fa97dd09e9827dc02b718c5643f09",
"sha256:72d622d262e463dfb7595202d229f5f3ab4b852289a1cd09650362db23b9eb0b",
"sha256:74d28c17412d9caa1066f7a31df8403ec23d5268ba46cd0ad2c50fb82ae40462",
"sha256:78618cdbccaa74d3f88d0ad6cb8ac3007f1a6fa5c6f19af64b55ca170bfa1edf",
"sha256:793b4e24db2e8742ca6423d3fde8396db336698c55cd34b660663ee9e45ed37f",
"sha256:798232c92e7665fe82ac085f9d8e8ca98826f8e27859d9a96b41d519ecd2e49a",
"sha256:81d09caa7b27ef4e61cb7d8fbf1714f5aec1c6b6c5270ee53504981e6e9121ad",
"sha256:8ab74c06ffdab957d7670c2a5a6e1a70181cd10b727cd788c4dd9005b6a8acd9",
"sha256:8eb0908e954d093b02a543dc963984d6e99ad2b5e36503d8a0aaf040505f747d",
"sha256:90b9e29824800e90c84e4022dd5cc16eb2d9605ee13f05d47641eb183cd73d45",
"sha256:9797a6c8fe16f25749b371c02e2ade0efb51155e767a971c61734b1bf6293994",
"sha256:9d2455fbf44c914840c793e89aa82d0e1763a14253a000743719ae5946814b2d",
"sha256:9d3bea1c75f8c53ee4d505c3e67d8c158ad4df0d83170605b50b64025917f338",
"sha256:9e2ec1e921fd07c7cda7962bad283acc2f2a9ccc1b971ee4b216b75fad6f0463",
"sha256:9e91179a242bbc99be65e139e30690e081fe6cb91a8e77faf4c409653de39451",
"sha256:a0eaa93d054751ee9964afa21c06247779b90440ca41d184aeb5d410f20ff591",
"sha256:a2c405445c79c3f5a124573a051062300936b0281fee57637e706453e452746c",
"sha256:aa7e402ce11f0885305bfb6afb3434b3cd8f53b563ac065452d9d5654c7b86fd",
"sha256:aff76a55a8aa8364d25400a210a65ff59d0168e0b4285ba6bf2bd83cf675ba32",
"sha256:b09b86b27a064c9624d0a6c54da01c1beaf5b6cadfa609cf63789b1d08a797b9",
"sha256:b14f16f94cbc61215115b9b1236f9c18403c15dd3c52cf629072afa9d54c1cbf",
"sha256:b50811d664d392f02f7761621303eba9d1b056fb1868c8cdf4231279645c25f5",
"sha256:b7bc2176354defba3edc2b9a777744462da2f8e921fbaf61e52acb95bafa9828",
"sha256:c78e1b00a87ce43bb37642c0812315b411e856a905d58d597750eb79802aaaa3",
"sha256:c83341b89884e2b2e55886e8fbbf37c3fa5efd6c8907124aeb72f285ae5696e5",
"sha256:ca2870d5d10d8726a27396d3ca4cf7976cec0f3cb706debe88e3a5bd4610f7d2",
"sha256:ccce24b7ad89adb5a1e34a6ba96ac2530046763912806ad4c247356a8f33a67b",
"sha256:cd5e14fbf22a87321b24c88669aad3a51ec052eb145315b3da3b7e3cc105b9a2",
"sha256:ce49c67f4ea0609933d01c0731b34b8695a7a748d6c8d186f95e7d085d2fe475",
"sha256:d33891be6df59d93df4d846640f0e46f1a807339f09e79a8040bc887bdcd7ed3",
"sha256:d3b2348a78bc939b4fed6552abfd2e7988e0f81443ef3911a4b8498ca084f6eb",
"sha256:d886f5d353333b4771d21267c7ecc75b710f1a73d72d03ca06df49b09015a9ef",
"sha256:d93480005693d247f8346bc8ee28c72a2191bdf1f6b5db469c096c0c867ac015",
"sha256:dc1a390a82755a8c26c9964d457d4c9cbec5405896cba94cf51f36ea0d855002",
"sha256:dd78700f5788ae180b5ee8902c6aea5a5726bac7c364b202b4b3e3ba2d293170",
"sha256:e46f38133e5a060d46bd630faa4d9fa0202377495df1f068a8299fd78c84de84",
"sha256:e4b878386c4bf293578b48fc570b84ecfe477d3b77ba39a6e87150af77f40c57",
"sha256:f0d0591a0aeaefdaf9a5e545e7485f89910c977087e7de2b6c388aec32011e9f",
"sha256:fdcbb4068117dfd9ce0138d068ac512843c52295ed996ae6dd1faf537b6dbc27",
"sha256:ff61bfd9253c3915e6d41c651d5f962da23eda633cf02262990094a18a55371a"
"sha256:0304004f8067386b477d20a518b50f3fa658a28d44e4116970abfcd94fac34a8",
"sha256:0689b5a8c5288bc0504d9fcee48f61a6a586b9b98514d7d29b840143d6734f39",
"sha256:0eae2073305f451d8ecacb5474997c08569fb4eb4ac231ffa4ad7d342fdc25ac",
"sha256:0fb3e7fc88a14eacd303e90481ad983fd5b69c761e9e6ef94c983f91025da869",
"sha256:11fa2e5984b949b0dd6d7a94d967743d87c577ff0b83392f17cb3990d0d2fd6e",
"sha256:127cee571038f252a552760076407f9cff79761c3d436a12af6000cd182a9d04",
"sha256:154e939c5f0053a383de4fd3d3da48d9427a7e985f58af8e94d0b3c9fcfcf4f9",
"sha256:15587643b9e5eb26c48e49a7b33659790d28f190fc514a322d55da2fb5c2950e",
"sha256:170aeb00224ab3dc54230c797f8404507240dd868cf52066f66a41b33169bdbe",
"sha256:1b5e1b74d1bd1b78bc3477528919414874748dd363e6272efd5abf7654e68bef",
"sha256:1da3b2703afd040cf65ec97efea81cfba59cdbed9c11d8efc5ab09df9509fc56",
"sha256:1e23412b5c41e58cec602f1135c57dfcf15482013ce6e5f093a86db69646a5aa",
"sha256:2247178effb34a77c11c0e8ac355c7a741ceca0a732b27bf11e747bbc950722f",
"sha256:257d8788df5ca62c980314053197f4d46eefedf4e6175bc9412f14412ec4ea2f",
"sha256:3031709084b6e7852d00479fd1d310b07d0ba82765f973b543c8af5061cf990e",
"sha256:322209c642aabdd6207517e9739c704dc9f9db943015535783239022002f054a",
"sha256:322bdf3c9b556e9ffb18f93462e5f749d3444ce081290352c6070d014c93feb2",
"sha256:33870dc4653c5017bf4c8873e5488d8f8d5f8935e2f1fb9a2208c47cdd66efd2",
"sha256:35bb52c37f256f662abdfa49d2dfa6ce5d93281d323a9af377a120e89a9eafb5",
"sha256:3c31822339516fb3c82d03f30e22b1d038da87ef27b6a78c9549888f8ceda39a",
"sha256:3eedd52442c0a5ff4f887fab0c1c0bb164d8635b32c894bc1faf4c618dd89df2",
"sha256:3ff074fc97dd4e80543a3e91f69d58889baf2002b6be64347ea8cf5533188213",
"sha256:47c0995fc4e7f79b5cfcab1fc437ff2890b770440f7696a3ba065ee0fd496563",
"sha256:49d9ba1ed0ef3e061088cd1e7538a0759aab559e2e0a80a36f9fd9d8c0c21591",
"sha256:51f1a1bffc50e2e9492e87d8e09a17c5eea8409cda8d3f277eb6edc82813c17c",
"sha256:52a50aa3fb3acb9cf7213573ef55d31d6eca37f5709c69e6858fe3bc04a5c2a2",
"sha256:54f1852cd531aa981bc0965b7d609f5f6cc8ce8c41b1139f6ed6b3c54ab82bfb",
"sha256:609448742444d9290fd687940ac0b57fb35e6fd92bdb65386e08e99af60bf757",
"sha256:69ffdd6120a4737710a9eee73e1d2e37db89b620f702754b8f6e62594471dee0",
"sha256:6fad5ff2f13d69b7e74ce5b4ecd12cc0ec530fcee76356cac6742785ff71c452",
"sha256:7049e301399273a0136ff39b84c3678e314f2158f50f517bc50285fb5ec847ad",
"sha256:70c61d4c475835a19b3a5aa42492409878bbca7438554a1f89d20d58a7c75c01",
"sha256:716d30ed977be8b37d3ef185fecb9e5a1d62d110dfbdcd1e2a122ab46fddb03f",
"sha256:753cd8f2086b2b80180d9b3010dd4ed147efc167c90d3bf593fe2af21265e5a5",
"sha256:773efe0603db30c281521a7c0214cad7836c03b8ccff897beae9b47c0b657d61",
"sha256:7823bdd049099efa16e4246bdf15e5a13dbb18a51b68fa06d6c1d4d8b99a796e",
"sha256:7c8f97e8e7a9009bcacbe3766a36175056c12f9a44e6e6f2d5caad06dcfbf03b",
"sha256:823ef7a27cf86df6597fa0671066c1b596f69eba53efa3d1e1cb8b30f3533068",
"sha256:8373c6c251f7ef8bda6675dd6d2b3a0fcc31edf1201266b5cf608b62a37407f9",
"sha256:83b2021f2ade7d1ed556bc50a399127d7fb245e725aa0113ebd05cfe88aaf588",
"sha256:870ea1ada0899fd0b79643990809323b389d4d1d46c192f97342eeb6ee0b8483",
"sha256:8d12251f02d69d8310b046e82572ed486685c38f02176bd08baf216746eb947f",
"sha256:9c23f307202661071d94b5e384e1e1dc7dfb972a28a2310e4ee16103e66ddb67",
"sha256:9d189550615b4948f45252d7f005e53c2040cea1af5b60d6f79491a6e147eef7",
"sha256:a086c2af425c5f62a65e12fbf385f7c9fcb8f107d0849dba5839461a129cf311",
"sha256:a2b56ba36e05f973d450582fb015594aaa78834fefe8dfb8fcd79b93e64ba4c6",
"sha256:aebb6044806f2e16ecc07b2a2637ee1ef67a11840a66752751714a0d924adf72",
"sha256:b1b3020d90c2d8e1dae29cf3ce54f8094f7938460fb5ce8bc5c01450b01fbaf6",
"sha256:b4b6b1e20608493548b1f32bce8cca185bf0480983890403d3b8753e44077129",
"sha256:b6f491cdf80ae540738859d9766783e3b3c8e5bd37f5dfa0b76abdecc5081f13",
"sha256:b792a349405fbc0163190fde0dc7b3fef3c9268292586cf5645598b48e63dc67",
"sha256:b7c2286c23cd350b80d2fc9d424fc797575fb16f854b831d16fd47ceec078f2c",
"sha256:babf5acfede515f176833ed6028754cbcd0d206f7f614ea3447d67c33be12516",
"sha256:c365fd1703040de1ec284b176d6af5abe21b427cb3a5ff68e0759e1e313a5e7e",
"sha256:c4225f5220f46b2fde568c74fca27ae9771536c2e29d7c04f4fb62c83275ac4e",
"sha256:c570f24be1e468e3f0ce7ef56a89a60f0e05b30a3669a459e419c6eac2c35364",
"sha256:c6dafac9e0f2b3c78df97e79af707cdc5ef8e88208d686a4847bab8266870023",
"sha256:c8de2789052ed501dd829e9cae8d3dcce7acb4777ea4a479c14521c942d395b1",
"sha256:cb28c753fd5eb3dd859b4ee95de66cc62af91bcff5db5f2571d32a520baf1f04",
"sha256:cb4c38abeef13c61d6916f264d4845fab99d7b711be96c326b84df9e3e0ff62d",
"sha256:d1b35bcd6c5543b9cb547dee3150c93008f8dd0f1fef78fc0cd2b141c5baf58a",
"sha256:d8e6aeb9201e655354b3ad049cb77d19813ad4ece0df1249d3c793de3774f8c7",
"sha256:d8ecd059fdaf60c1963c58ceb8997b32e9dc1b911f5da5307aab614f1ce5c2fb",
"sha256:da2b52b37dad6d9ec64e653637a096905b258d2fc2b984c41ae7d08b938a67e4",
"sha256:e87f0b2c78157e12d7686b27d63c070fd65d994e8ddae6f328e0dcf4a0cd007e",
"sha256:edca80cbfb2b68d7b56930b84a0e45ae1694aeba0541f798e908a49d66b837f1",
"sha256:f379abd2f1e3dddb2b61bc67977a6b5a0a3f7485538bcc6f39ec76163891ee48",
"sha256:fe4c15f6c9285dc54ce6553a3ce908ed37c8f3825b5a51a15c91442bb955b868"
],
"version": "==10.3.0"
"markers": "python_version >= '3.8'",
"version": "==10.2.0"
},
"platformdirs": {
"hashes": [

View File

@@ -1,4 +1,4 @@
<!-- markdownlint-disable MD041 MD045 -->
<!-- markdownlint-disable MD041 -->
<div align="center">
<a href="https://www.privacyguides.org">
<picture>
@@ -50,46 +50,22 @@ The current list of team members can be found [here](https://www.privacyguides.o
- 💖 [Sponsor the project](https://github.com/sponsors/privacyguides)
- 🈴 [Help translate the site](https://crowdin.com/project/privacyguides) [[Matrix chat](https://matrix.to/#/#pg-i18n:aragon.sh)]
- 📝 Edit the site, everything's accessible in this repo
- Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
- View the list of [approved topics waiting for a PR](https://discuss.privacyguides.net/tag/approved)
- Read some writing tips in our [style guide](https://www.privacyguides.org/en/meta/writing-style)
- Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
- View the list of [approved topics waiting for a PR](https://discuss.privacyguides.net/tag/approved)
- Read some writing tips in our [style guide](https://www.privacyguides.org/en/meta/writing-style)
All contributors to the site are listed [here](https://github.com/privacyguides/privacyguides.org/graphs/contributors). If you make a substantial (i.e. copyright eligible) contribution to the project and would like to be formally credited, you are welcome to include your information in the appropriate `authors` section in [`CITATION.cff`](/CITATION.cff) as well, just submit a PR or ask @jonaharagon to make the change.
## Mirrors
- **GitHub Pages:** [privacyguides.github.io/privacyguides.org](https://privacyguides.github.io/privacyguides.org/en/)
- **Netlify (AWS):** [illustrious-bavarois-56cf30.netlify.app](https://illustrious-bavarois-56cf30.netlify.app/en/)
- **BunnyCDN:** [privacyguides-org-production.b-cdn.net](https://privacyguides-org-production.b-cdn.net/en/)
- **Hetzner:** [direct.privacyguides.org](https://direct.privacyguides.org/en/) (discouraged!)
### Alternative Networks
> [!NOTE]
> Most hidden service providers are not very extensively used or tested, [which is why we strongly recommend Tor](https://www.privacyguides.org/en/tor/). Using other networks could be more likely to endanger your anonymity, so make sure you know what you're doing.
- **Tor/onion:** [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion)
- **IPFS:** `/ipns/ipfs.privacyguides.org` (**not** anonymous)
- Please help us out by pinning a copy: [Learn more](https://github.com/privacyguides/webserver/blob/main/ipfs/README.md)
- via Cloudflare: [cloudflare-ipfs.com/ipns/ipfs.privacyguides.org](https://cloudflare-ipfs.com/ipns/ipfs.privacyguides.org/en/)
- via 4everland: [ipfs-privacyguides-org.ipns.4everland.io](https://ipfs-privacyguides-org.ipns.4everland.io/)
- via [@jonaharagon](https://github.com/jonaharagon): [ipfs.jonaharagon.net/ipns/ipfs.privacyguides.org](https://ipfs.jonaharagon.net/ipns/ipfs.privacyguides.org/en/)
- via [peer](https://docs.ipfs.tech/how-to/peering-with-content-providers/): `/dnsaddr/node-1.ipfs.jonaharagon.net/p2p/12D3KooWMwqzuApCKxYfo66zq5BrTjCoz9naJ1rrMEBCnwuGGqWB`
- **I2P:** [privacyguides.i2p](http://privacyguides.i2p/?i2paddresshelper=fvbkmooriuqgssrjvbxu7nrwms5zyhf34r3uuppoakwwsm7ysv6q.b32.i2p)
- **Yggdrasil:** [http://[200:f3a6:4922:e067:770d:ac57:fcb1:8dbf]](http://[200:f3a6:4922:e067:770d:ac57:fcb1:8dbf]/en/) (**not** anonymous)
- via public peer: `tcp://5.161.245.8:45454`
### Git Mirrors
[![GitHub](https://img.shields.io/static/v1?logo=github&label=&message=GitHub&color=000&style=for-the-badge)](https://github.com/privacyguides/privacyguides.org)
[![GitLab](https://img.shields.io/static/v1?logo=gitlab&label=&message=GitLab&color=000&style=for-the-badge)](https://gitlab.com/privacyguides/privacyguides.org)
[![Codeberg](https://img.shields.io/static/v1?logo=codeberg&label=&message=Codeberg&color=000&style=for-the-badge)](https://codeberg.org/privacyguides/privacyguides.org)
[![Gitea](https://img.shields.io/static/v1?logo=gitea&label=&message=Gitea&color=000&style=for-the-badge)](https://code.privacyguides.dev/privacyguides/privacyguides.org)
[![Forgejo](https://img.shields.io/static/v1?logo=forgejo&label=&message=Forgejo&color=000&style=for-the-badge)](https://git.jonaharagon.net/privacyguides/privacyguides.org)
**Hidden service (Tor/onion):** [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion)
## License
Copyright &copy; 2019 - 2024 [Privacy Guides contributors](https://github.com/privacyguides/privacyguides.org/graphs/contributors).
@@ -110,14 +86,7 @@ When you contribute to this repository you are doing so under the above licenses
Committing to this repository requires [signing your commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) (`git config commit.gpgsign true`) unless you are making edits via the GitHub.com text editor interface. As of August 2022 the preferred signing method is [SSH commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification), but GPG signing is also acceptable. You should add your signing key to your GitHub profile.
### With `mkdocs-material`
1. Install required packages: `pip install mkdocs-material`
2. Run a local preview of the English site: `mkdocs serve --config-file config/mkdocs.en.yml`
### With `mkdocs-material-insiders`
This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. If you are submitting a PR, please ensure the automatic preview generated for your PR looks correct, as that site will be built with the production insiders build.
This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. Running this website locally without access to insiders is unsupported. If you are submitting a PR, please ensure the automatic preview generated for your PR looks correct, as that site will be built with the production insiders build.
**Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
@@ -126,9 +95,9 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
3. Install Python **3.12**.
4. Install **pipenv**: `pip install pipenv`
5. Install dependencies: `pipenv install --dev` (install [Pillow and CairoSVG](https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#dependencies) as well to generate social cards)
6. Serve the site locally: `MKDOCS_INHERIT=mkdocs-production.yml pipenv run mkdocs serve --config-file config/mkdocs.en.yml` (set `CARDS=true` to generate social cards)
6. Serve the site locally: `pipenv run mkdocs serve --config-file config/mkdocs.en.yml` (set `CARDS=true` to generate social cards)
- The site will be available at `http://localhost:8000`
- You can build the site locally with `MKDOCS_INHERIT=mkdocs-production.yml pipenv run mkdocs build --config-file config/mkdocs.en.yml`
- You can build the site locally with `pipenv run mkdocs build --config-file config/mkdocs.en.yml`
- This version of the site should be identical to the live, production version
If you commit to `main` with commits signed with your SSH key, you should add your SSH key to [`.allowed_signers`](/.allowed_signers) in this repo.

View File

@@ -1,4 +1,5 @@
definitions:
- &background_color >-
#FFD06F
@@ -24,7 +25,7 @@ definitions:
{{ page.meta.get("title", page.title) }}
- &page_description >-
{{ config.extra.privacy_guides.homepage.description }}
{{ config.extra.homepage_description }}
- &og_description >-
{{ page.meta.get("description", config.site_description) or "" }}
@@ -34,6 +35,7 @@ definitions:
# Meta tags
tags:
# Open Graph
og:type: website
og:title: *page_title_with_site_name
@@ -57,6 +59,7 @@ tags:
# Card size and layers
size: { width: 1200, height: 630 }
layers:
# Background
- background:
color: *background_color

View File

@@ -1,4 +1,5 @@
definitions:
- &background_image >-
{%- if page.meta.cover -%}
theme/assets/img/cover/{{ page.meta.cover }}
@@ -69,6 +70,7 @@ definitions:
# Meta tags
tags:
# Open Graph
og:type: website
og:title: *page_title_with_site_name
@@ -92,6 +94,7 @@ tags:
# Card size and layers
size: { width: 1200, height: 630 }
layers:
# Background
- background:
image: *background_image

View File

@@ -1,4 +1,5 @@
definitions:
- &background_image >-
{%- if page.meta.cover -%}
theme/assets/img/cover/{{ page.meta.cover }}
@@ -54,6 +55,7 @@ definitions:
# Meta tags
tags:
# Open Graph
og:type: website
og:title: *page_title_with_site_name
@@ -77,6 +79,7 @@ tags:
# Card size and layers
size: { width: 1200, height: 630 }
layers:
# Background
- background:
image: *background_image

View File

@@ -18,149 +18,23 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
docs_dir: "../docs"
docs_dir: '../docs'
site_url: "https://www.privacyguides.org/"
site_dir: "../site"
site_dir: '../site'
site_name: Privacy Guides
site_description:
!ENV [
SITE_DESCRIPTION,
"Privacy Guides is your central privacy and security resource to protect yourself online.",
]
edit_uri_template: blob/main/docs/{path}?plain=1
site_description: !ENV [SITE_DESCRIPTION, "Privacy Guides is your central privacy and security resource to protect yourself online."]
copyright: !ENV [FOOTER_COPYRIGHT, "&copy; 2019 Privacy Guides and contributors."]
edit_uri: edit/main/docs/
extra:
generator: false
context: !ENV [CONTEXT, "production"]
deploy: !ENV DEPLOY_ID
privacy_guides:
footer:
intro:
!ENV [
FOOTER_INTRO,
"Privacy Guides is a non-profit, socially motivated website that provides information for protecting your data security and privacy.",
]
note:
!ENV [
FOOTER_NOTE,
"We do not make money from recommending certain products, and we do not use affiliate links.",
]
copyright:
author:
!ENV [FOOTER_COPYRIGHT_AUTHOR, "Privacy Guides and contributors."]
date: !ENV [FOOTER_COPYRIGHT_DATE, "2019-2024"]
license:
- fontawesome/brands/creative-commons
- fontawesome/brands/creative-commons-by
- fontawesome/brands/creative-commons-nd
analytics: !ENV [FOOTER_ANALYTICS, "Anonymous statistics preferences."]
homepage:
description:
!ENV [
HOMEPAGE_DESCRIPTION,
"A socially motivated website which provides information about protecting your online data privacy and security.",
]
hero:
header:
!ENV [HOMEPAGE_HEADER, "The guide to restoring your online privacy."]
subheader:
!ENV [
HOMEPAGE_SUBHEADER,
"Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.",
]
buttons:
- name:
!ENV [
HOMEPAGE_BUTTON_GET_STARTED_NAME,
"Start Your Privacy Journey",
]
title:
!ENV [
HOMEPAGE_BUTTON_GET_STARTED_TITLE,
"The first step of your privacy journey",
]
link: basics/why-privacy-matters/
class: md-button md-button--primary
- name: !ENV [HOMEPAGE_BUTTON_TOOLS_NAME, "Recommended Tools"]
title:
!ENV [
HOMEPAGE_BUTTON_TOOLS_TITLE,
"Recommended privacy tools, services, and knowledge",
]
link: tools/
class: md-button
cta:
- title:
!ENV [
HOMEPAGE_CTA_TITLE,
"We need you! Here's how to get involved:",
]
links:
- icon: simple/discourse
name: !ENV [HOMEPAGE_CTA_FORUM_NAME, "Join the forum"]
link: https://discuss.privacyguides.net/
- icon: simple/mastodon
name: !ENV [HOMEPAGE_CTA_MASTODON_NAME, "Follow us on Mastodon"]
link: https://mastodon.neat.computer/@privacyguides
- icon: simple/github
name: !ENV [HOMEPAGE_CTA_GITHUB_NAME, "Contribute on GitHub"]
link: https://github.com/privacyguides/privacyguides.org
- icon: material/translate
name: !ENV [HOMEPAGE_CTA_TRANSLATE_NAME, "Help translate"]
link: https://crowdin.com/project/privacyguides
- icon: simple/matrix
name: !ENV [HOMEPAGE_CTA_MATRIX_NAME, "Join the Matrix chat"]
link: https://matrix.to/#/#privacyguides:matrix.org
- icon: material/information-outline
name: !ENV [HOMEPAGE_CTA_ABOUT_NAME, "Learn more about us"]
link: about/
- icon: material/hand-coin
name: !ENV [HOMEPAGE_CTA_DONATE_NAME, "Donate to Privacy Guides"]
link: about/donate/
description:
!ENV [
HOMEPAGE_CTA_DESCRIPTION,
"If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.",
]
rss:
- title:
!ENV [
HOMEPAGE_RSS_CHANGELOG_TITLE,
"Privacy Guides release changelog",
]
link:
!ENV [
HOMEPAGE_RSS_CHANGELOG_LINK,
"https://discuss.privacyguides.net/c/site-development/changelog/9.rss",
]
- title: !ENV [HOMEPAGE_RSS_BLOG_TITLE, "Privacy Guides blog feed"]
link:
!ENV [
HOMEPAGE_RSS_BLOG_LINK,
"https://blog.privacyguides.org/feed_rss_created.xml",
]
- title:
!ENV [HOMEPAGE_RSS_STORIES_TITLE, "Privacy Guides Web Stories feed"]
link:
!ENV [
HOMEPAGE_RSS_STORIES_LINK,
"https://share.privacyguides.org/web-stories/feed/",
]
- title:
!ENV [
HOMEPAGE_RSS_FORUM_TITLE,
"Latest Privacy Guides forum topics",
]
link:
!ENV [
HOMEPAGE_RSS_FORUM_LINK,
"https://discuss.privacyguides.net/latest.rss",
]
translation_notice:
notice: !ENV TRANSLATION_NOTICE
cta: !ENV [TRANSLATION_NOTICE_CTA, "Visit Crowdin"]
language: !ENV SITE_LANGUAGE_ENGLISH
homepage_description: !ENV [DESCRIPTION_HOMEPAGE, "A socially motivated website which provides information about protecting your online data privacy and security."]
translation_notice: !ENV DESCRIPTION_TRANSLATION
translation_notice_cta: !ENV [DESCRIPTION_TRANSLATION_CTA, "Visit Crowdin"]
translation_notice_language: !ENV LANG_ENGLISH
social:
- icon: simple/mastodon
link: https://mastodon.neat.computer/@privacyguides
@@ -210,45 +84,10 @@ extra:
link: /ru/
lang: ru
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f7-1f1fa.svg
analytics:
feedback:
title: !ENV [ANALYTICS_FEEDBACK_TITLE, "Was this page helpful?"]
ratings:
- icon: material/emoticon-happy-outline
name: !ENV [ANALYTICS_FEEDBACK_POSITIVE_NAME, "This page was helpful"]
data: 1
note:
!ENV [ANALYTICS_FEEDBACK_POSITIVE_NOTE, "Thanks for your feedback!"]
- icon: material/emoticon-sad-outline
name:
!ENV [
ANALYTICS_FEEDBACK_NEGATIVE_NAME,
"This page could be improved",
]
data: 0
note:
!ENV [ANALYTICS_FEEDBACK_NEGATIVE_NOTE, "Thanks for your feedback!"]
consent:
title: !ENV [ANALYTICS_CONSENT_TITLE, "Contribute anonymous statistics"]
description:
!ENV [
ANALYTICS_CONSENT_BODY,
"We use cookies to collect anonymous usage statistics. You can opt out if you wish.",
]
cookies:
analytics:
name: !ENV [ANALYTICS_COOKIE_UMAMI, "Self-Hosted Analytics"]
checked: true
github:
name: !ENV [ANALYTICS_COOKIE_GITHUB, "GitHub API"]
checked: true
actions:
- reject
- accept
- manage
repo_url: https://github.com/privacyguides/privacyguides.org
repo_name: ""
edit_uri: edit/main/docs/
theme:
name: material
@@ -287,17 +126,15 @@ theme:
- navigation.expand
- navigation.path
- navigation.indexes
- content.action.edit
- content.tabs.link
- content.tooltips
- search.highlight
extra_css:
- assets/stylesheets/extra.css?v=1
- assets/stylesheets/extra.css?v=3.17.0
extra_javascript:
- assets/javascripts/randomize-element.js?v=1
- assets/javascripts/resolution.js?v=1
- assets/javascripts/feedback.js?v=1
- assets/javascripts/mathjax.js
- assets/javascripts/randomize-element.js
watch:
- ../theme
@@ -307,7 +144,29 @@ watch:
plugins:
tags: {}
search: {}
privacy: {}
macros: {}
meta: {}
git-committers:
enabled: !ENV [GITCOMMITTERS, PRODUCTION, NETLIFY, false]
repository: privacyguides/privacyguides.org
branch: main
git-revision-date-localized:
enabled: !ENV [GITREVISIONDATE, PRODUCTION, NETLIFY, false]
exclude:
- index.md
fallback_to_build_date: true
privacy:
assets_exclude:
- cdn.jsdelivr.net/npm/mathjax@3/*
optimize:
enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false]
typeset: {}
social:
cards: !ENV [CARDS, PRODUCTION, NETLIFY, true]
cards_dir: assets/img/social
cards_layout_dir: config/layouts
cards_layout: page
# cards_layout: pride
markdown_extensions:
admonition: {}
@@ -346,89 +205,86 @@ markdown_extensions:
toc_depth: 4
nav:
- !ENV [NAV_HOME, "Home"]: "index.md"
- !ENV [NAV_KNOWLEDGE_BASE, "Knowledge Base"]:
- "basics/why-privacy-matters.md"
- "basics/threat-modeling.md"
- "basics/common-threats.md"
- "basics/common-misconceptions.md"
- "basics/account-creation.md"
- "basics/account-deletion.md"
- !ENV [NAV_TECHNOLOGY_ESSENTIALS, "Technology Essentials"]:
- "basics/passwords-overview.md"
- "basics/multi-factor-authentication.md"
- "basics/email-security.md"
- "basics/vpn-overview.md"
- !ENV [NAV_ADVANCED_TOPICS, "Advanced Topics"]:
- "advanced/dns-overview.md"
- "advanced/tor-overview.md"
- "advanced/payments.md"
- "advanced/communication-network-types.md"
- !ENV [NAV_OPERATING_SYSTEMS, "Operating Systems"]:
- "os/android-overview.md"
- "os/ios-overview.md"
- "os/linux-overview.md"
- "os/macos-overview.md"
- "os/qubes-overview.md"
- kb-archive.md
- !ENV [NAV_RECOMMENDATIONS, "Recommendations"]:
- "tools.md"
- !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
- "tor.md"
- "desktop-browsers.md"
- "mobile-browsers.md"
- "browser-extensions.md"
- !ENV [NAV_PROVIDERS, "Providers"]:
- "cloud.md"
- "dns.md"
- "email-aliasing.md"
- "email.md"
- "financial-services.md"
- "photo-management.md"
- "search-engines.md"
- "vpn.md"
- !ENV [NAV_SOFTWARE, "Software"]:
- "calendar.md"
- "cryptocurrency.md"
- "data-redaction.md"
- "email-clients.md"
- "encryption.md"
- "file-sharing.md"
- "frontends.md"
- "multi-factor-authentication.md"
- "news-aggregators.md"
- "notebooks.md"
- "passwords.md"
- "productivity.md"
- "real-time-communication.md"
- !ENV [NAV_OPERATING_SYSTEMS, "Operating Systems"]:
- "android.md"
- "desktop.md"
- "router.md"
- !ENV [NAV_ADVANCED, "Advanced"]:
- "alternative-networks.md"
- "device-integrity.md"
- !ENV [NAV_ABOUT, "About"]:
- "about/index.md"
- "about/criteria.md"
- "about/notices.md"
- "about/privacy-policy.md"
- "about/statistics.md"
- !ENV [NAV_COMMUNITY, "Community"]:
- "about/donate.md"
- !ENV [NAV_ONLINE_SERVICES, "Online Services"]: "about/services.md"
- !ENV [NAV_CODE_OF_CONDUCT, "Code of Conduct"]: "CODE_OF_CONDUCT.md"
- "about/privacytools.md"
- !ENV [NAV_CONTRIBUTING, "Contributing"]:
- !ENV [NAV_WRITING_GUIDE, "Writing Guide"]:
- "meta/writing-style.md"
- "meta/admonitions.md"
- "meta/brand.md"
- "meta/translations.md"
- !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
- "meta/uploading-images.md"
- "meta/git-recommendations.md"
- !ENV [NAV_CHANGELOG, "Changelog"]:
"https://github.com/privacyguides/privacyguides.org/releases"
- !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
- !ENV [NAV_BLOG, "Blog"]: "https://blog.privacyguides.org/"
- !ENV [NAV_HOME, 'Home']: 'index.md'
- !ENV [NAV_KNOWLEDGE_BASE, 'Knowledge Base']:
- 'basics/why-privacy-matters.md'
- 'basics/threat-modeling.md'
- 'basics/common-threats.md'
- 'basics/common-misconceptions.md'
- 'basics/account-creation.md'
- 'basics/account-deletion.md'
- !ENV [NAV_TECHNOLOGY_ESSENTIALS, 'Technology Essentials']:
- 'basics/passwords-overview.md'
- 'basics/multi-factor-authentication.md'
- 'basics/email-security.md'
- 'basics/vpn-overview.md'
- !ENV [NAV_ADVANCED_TOPICS, 'Advanced Topics']:
- 'advanced/dns-overview.md'
- 'advanced/tor-overview.md'
- 'advanced/payments.md'
- 'advanced/communication-network-types.md'
- !ENV [NAV_OPERATING_SYSTEMS, 'Operating Systems']:
- 'os/android-overview.md'
- 'os/ios-overview.md'
- 'os/linux-overview.md'
- 'os/macos-overview.md'
- 'os/qubes-overview.md'
- 'os/windows-overview.md'
- kb-archive.md
- !ENV [NAV_RECOMMENDATIONS, 'Recommendations']:
- 'tools.md'
- !ENV [NAV_INTERNET_BROWSING, 'Internet Browsing']:
- 'tor.md'
- 'desktop-browsers.md'
- 'mobile-browsers.md'
- !ENV [NAV_PROVIDERS, 'Providers']:
- 'cloud.md'
- 'dns.md'
- 'email-aliasing.md'
- 'email.md'
- 'financial-services.md'
- 'photo-management.md'
- 'search-engines.md'
- 'vpn.md'
- !ENV [NAV_SOFTWARE, 'Software']:
- 'calendar.md'
- 'cryptocurrency.md'
- 'data-redaction.md'
- 'email-clients.md'
- 'encryption.md'
- 'file-sharing.md'
- 'frontends.md'
- 'multi-factor-authentication.md'
- 'news-aggregators.md'
- 'notebooks.md'
- 'passwords.md'
- 'productivity.md'
- 'real-time-communication.md'
- !ENV [NAV_OPERATING_SYSTEMS, 'Operating Systems']:
- 'android.md'
- 'desktop.md'
- 'router.md'
- !ENV [NAV_ADVANCED, 'Advanced']:
- 'device-integrity.md'
- !ENV [NAV_ABOUT, 'About']:
- 'about/index.md'
- 'about/criteria.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- !ENV [NAV_COMMUNITY, 'Community']:
- 'about/donate.md'
- !ENV [NAV_ONLINE_SERVICES, 'Online Services']: 'about/services.md'
- !ENV [NAV_CODE_OF_CONDUCT, 'Code of Conduct']: 'CODE_OF_CONDUCT.md'
- 'about/privacytools.md'
- !ENV [NAV_CONTRIBUTING, 'Contributing']:
- !ENV [NAV_WRITING_GUIDE, 'Writing Guide']:
- 'meta/writing-style.md'
- 'meta/admonitions.md'
- 'meta/brand.md'
- 'meta/translations.md'
- !ENV [NAV_TECHNICAL_GUIDES, 'Technical Guides']:
- 'meta/uploading-images.md'
- 'meta/git-recommendations.md'
- !ENV [NAV_CHANGELOG, 'Changelog']: 'https://github.com/privacyguides/privacyguides.org/releases'
- !ENV [NAV_FORUM, 'Forum']: 'https://discuss.privacyguides.net/'
- !ENV [NAV_BLOG, 'Blog']: 'https://blog.privacyguides.org/'

View File

@@ -22,38 +22,15 @@ INHERIT: mkdocs-common.yml
# Disable any GitHub integrations
repo_url: ""
edit_uri_template: ""
extra:
# Disable language switcher
alternate: false
offline: true
privacy_guides:
homepage:
hero:
buttons:
- name:
!ENV [
HOMEPAGE_BUTTON_GET_STARTED_NAME,
"Start Your Privacy Journey",
]
title:
!ENV [
HOMEPAGE_BUTTON_GET_STARTED_TITLE,
"The first step of your privacy journey",
]
link: basics/why-privacy-matters.html
class: md-button md-button--primary
- name: !ENV [HOMEPAGE_BUTTON_TOOLS_NAME, "Recommended Tools"]
title:
!ENV [
HOMEPAGE_BUTTON_TOOLS_TITLE,
"Recommended privacy tools, services, and knowledge",
]
link: tools.html
class: md-button
theme:
# OFFLINE ONLY: this logo needs to be set separately because the relative path is different
logo: ../theme/assets/brand/logos/svg/logo/privacy-guides-logo-notext-colorbg.svg
features:
- navigation.tabs
- navigation.sections
@@ -67,4 +44,5 @@ plugins:
enabled: true
social:
enabled: false
# Edit the offline-mode navbar in mkdocs-common.yml

View File

@@ -1,29 +0,0 @@
INHERIT: mkdocs-common.yml
plugins:
macros: {}
meta: {}
git-committers:
enabled: !ENV [GITCOMMITTERS, PRODUCTION, NETLIFY, false]
repository: privacyguides/privacyguides.org
branch: main
git-revision-date-localized:
enabled: !ENV [GITREVISIONDATE, PRODUCTION, NETLIFY, false]
exclude:
- index.md
fallback_to_build_date: true
optimize:
enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false]
typeset: {}
social:
cards: !ENV [CARDS, PRODUCTION, NETLIFY, true]
cards_dir: assets/img/social
cards_layout_dir: config/layouts
cards_layout: page
# cards_layout: pride
markdown_extensions:
material.extensions.preview:
sources:
exclude:
- tools.md

View File

@@ -18,9 +18,9 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
INHERIT: mkdocs-common.yml
site_url: "https://www.privacyguides.org/en/"
site_dir: "../site/en"
site_dir: '../site/en'
theme:
# ENGLISH ONLY: this logo needs to be set separately because the relative path is different

View File

@@ -18,12 +18,12 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
docs_dir: "../i18n/es"
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/es'
site_url: "https://www.privacyguides.org/es/"
site_dir: "../site/es"
site_dir: '../site/es'
edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/es/{path}?plain=1
edit_uri: edit/main/i18n/es/
theme:
language: es

View File

@@ -18,12 +18,12 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
docs_dir: "../i18n/fr"
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/fr'
site_url: "https://www.privacyguides.org/fr/"
site_dir: "../site/fr"
site_dir: '../site/fr'
edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/fr/{path}?plain=1
edit_uri: edit/main/i18n/fr/
theme:
language: fr

View File

@@ -18,12 +18,12 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
docs_dir: "../i18n/he"
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/he'
site_url: "https://www.privacyguides.org/he/"
site_dir: "../site/he"
site_dir: '../site/he'
edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/he/{path}?plain=1
edit_uri: edit/main/i18n/he/
extra_css:
- assets/stylesheets/extra.css?v=3.2.0

View File

@@ -18,12 +18,12 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
docs_dir: "../i18n/it"
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/it'
site_url: "https://www.privacyguides.org/it/"
site_dir: "../site/it"
site_dir: '../site/it'
edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/it/{path}?plain=1
edit_uri: edit/main/i18n/it/
theme:
language: it

View File

@@ -18,12 +18,12 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
docs_dir: "../i18n/nl"
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/nl'
site_url: "https://www.privacyguides.org/nl/"
site_dir: "../site/nl"
site_dir: '../site/nl'
edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/nl/{path}?plain=1
edit_uri: edit/main/i18n/nl/
theme:
language: nl

View File

@@ -18,12 +18,12 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
docs_dir: "../i18n/ru"
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/ru'
site_url: "https://www.privacyguides.org/ru/"
site_dir: "../site/ru"
site_dir: '../site/ru'
edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/ru/{path}?plain=1
edit_uri: edit/main/docs/
extra_css:
- assets/stylesheets/extra.css?v=3.2.0

View File

@@ -18,12 +18,12 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: !ENV [MKDOCS_INHERIT, mkdocs-common.yml]
docs_dir: "../i18n/zh-Hant"
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/zh-Hant'
site_url: "https://www.privacyguides.org/zh-Hant/"
site_dir: "../site/zh-Hant"
site_dir: '../site/zh-Hant'
edit_uri_template: https://github.com/privacyguides/i18n/blob/main/i18n/zh-Hant/{path}?plain=1
edit_uri: edit/main/i18n/zh-Hant/
extra_css:
- assets/stylesheets/extra.css?v=3.2.0

View File

@@ -18,16 +18,25 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
#checkov:skip=CKV_SECRET_6:obviously a variable name and not a secret
api_token_env: CROWDIN_PERSONAL_TOKEN
project_id: "509862"
"preserve_hierarchy": true
files:
- source: "/docs/**/*.*"
translation: "/i18n/%two_letters_code%/**/%file_name%.%file_extension%"
skip_untranslated_files: false
- source: "/includes/*.en.*"
translation: "/includes/%file_name%.%two_letters_code%.%file_extension%"
translation_replace:
"en.": ""
skip_untranslated_files: false
- source: "/docs/**/*.*"
translation: "/i18n/%two_letters_code%/**/%file_name%.%file_extension%"
skip_untranslated_files: false
- source: "/theme/overrides/*.en.html"
translation: "/theme/overrides/%file_name%.%two_letters_code%.html"
translation_replace:
"en.": ""
skip_untranslated_files: false
- source: "/includes/*.en.*"
translation: "/includes/%file_name%.%two_letters_code%.%file_extension%"
translation_replace:
"en.": ""
skip_untranslated_files: false
- source: "/static/i18n/*.en.*"
translation: "/static/i18n/%file_name%.%two_letters_code%.%file_extension%"
translation_replace:
"en.": ""
skip_untranslated_files: false

View File

@@ -12,11 +12,11 @@ What we expect from members of our communities:
1. **Do not spread misinformation**
We are creating an evidence-based educational community around information privacy and security, not an information home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
We are creating an evidence-based educational community around information privacy and security, not an information home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive; explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
2. **Do not abuse our willingness to help**
Our community members are not free tech support. We are happy to help with specific steps for your privacy journey, if you are willing to put in effort. We are not obligated to answer endless, repetitive questions about general computer problems solvable with a simple internet search. **Do not** become a [help vampire](https://slash7.com/2006/12/22/vampires).
Our community members are not free tech support. We are happy to help with specific steps for individual's, privacy journey, if they are willing to put in effort. We are not obligated to answer endless, repetitive questions, about general computer problems solvable with a simple internet search. **Do not** become a [help vampire](https://slash7.com/2006/12/22/vampires).
3. **Behave in a positive and constructive manner**
@@ -25,7 +25,7 @@ What we expect from members of our communities:
- Being respectful of differing opinions, viewpoints, and experiences.
- Demonstrating empathy and kindness toward others.
- Focusing on what is best not just for us as overseers, but for the overall community.
- Giving and gracefully accepting constructive feedback within our community while growing and improving.
- Giving and gracefully accepting constructive feedback within' our community while growing and improving.
- Operating with a communal mindset at all times.
## Unacceptable Behavior
@@ -34,7 +34,7 @@ The following behaviors are considered harassment and are unacceptable within ou
- Any other conduct which would reasonably be considered inappropriate in a professional setting.
- Public and/or private harassment of any kind.
- Publishing others' private information, such as a physical address and/or an email address, without their explicit permission.
- Publishing others' private information, such as a physical address and/or email address, without a persons explicit permission.
- The use of sexualized language or imagery, and sexual attention or advances of any kind.
- Trolling, insulting and/or derogatory comments, including personal or political attacks.

View File

@@ -2,19 +2,30 @@
title: General Criteria
---
Below are some general priorities we consider for all submissions to Privacy Guides. Each category will have additional requirements for inclusion.
<div class="admonition example" markdown>
<p class="admonition-title">Work in Progress</p>
- **Security**: Tools should follow security best-practices wherever applicable.
- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
- **Cross-Platform Availability**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in.
- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases.
- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required.
- **Documentation**: Tools should have clear and extensive documentation for use.
The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24)
</div>
Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion.
## Financial Disclosure
We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors.
## General Guidelines
We apply these priorities when considering new recommendations:
- **Secure**: Tools should follow security best-practices wherever applicable.
- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
- **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in.
- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases.
- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required.
- **Documented**: Tools should have clear and extensive documentation for use.
## Developer Self-Submissions
We have these requirements in regard to developers which wish to submit their project or software for consideration.

View File

@@ -48,12 +48,12 @@ So far in 2023 we've launched international translations of our website in [Fren
<!-- markdownlint-disable MD030 -->
<div class="grid cards" markdown>
<!-- Every team member should have a unique emoji.
Team member cards should include ONLY the following links:
- Discourse Profile
- ONE Link of team member's choice
- Email if applicable
This is to keep it fair and not spammy, especially as we grow.
<!-- Every team member should have a unique emoji.
Team member cards should include ONLY the following links:
- Discourse Profile
- ONE Link of team member's choice
- Email if applicable
This is to keep it fair and not spammy, especially as we grow.
-->
- :robot:{ .lg .middle } **@jonah**

View File

@@ -24,9 +24,10 @@ Unless otherwise noted, all **content** on this website is made available under
This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive:
* The [Bagnard](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Bagnard/LICENSE.txt).
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/theme/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt).
* The [Bagnard](https://github.com/privacyguides/brand/tree/main/WOFF/bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/bagnard/LICENSE.txt).
* The [Public Sans](https://github.com/privacyguides/brand/tree/main/WOFF/public_sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/main/WOFF/public_sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/main/WOFF/dm_mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/dm_mono/LICENSE.txt).
This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo.

View File

@@ -7,18 +7,13 @@ Privacy Guides is a community project operated by a number of active volunteer c
The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website:
- No personal information is stored
- No personal information is collected
- No information such as cookies are stored in the browser
- No information is shared with, sent to or sold to third-parties
- No information is shared with advertising companies
- No information is mined and harvested for personal and behavioral trends
- No information is monetized
You can view the data we collect on our [statistics](statistics.md) page.
We run a self-hosted installation of [Umami](https://umami.is) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only, and no personal data is stored.
The only data which is collected is data sent in a standard web request, which includes referral sources, the page you're visiting, your user agent, your IP address, and your screen resolution. The raw data is immediately discarded after statistics have been generated, for example if we collect your screen resolution as `1125x2436`, the only data we retain is "mobile device" and not your specific resolution.
## Data We Collect From Account Holders
If you register for an account on one of our services, we may collect any information you provide us (such as your email, password, profile information, etc.) and use that information to provide you with the service. We never share or sell this data.

View File

@@ -1,6 +1,8 @@
---
title: "PrivacyTools FAQ"
---
# Why we moved on from PrivacyTools
In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools founder and controller of the domain name had disappeared for an extended period of time and could not be contacted.
Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition.
@@ -47,11 +49,11 @@ Reddit requires that subreddits have active moderators. If the primary moderator
On September 14th, 2021, we [announced](https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides) the beginning of our migration to this new domain:
> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to `www.privacyguides.org`, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
- Posting announcements to our subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
@@ -62,7 +64,7 @@ Things appeared to be going smoothly, and most of our active community made the
Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://reddit.com/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project.
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
@@ -82,7 +84,7 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It's not a task for dilettantes or commitment-challenged people. It cant thrive under a gardener who abandons it for several years, then shows up demanding this years harvest as their tribute. It's unfair to the team formed years ago. Its unfair to you. [...]
> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. Its not a task for dilettantes or commitment-challenged people. It cant thrive under a gardener who abandons it for several years, then shows up demanding this years harvest as their tribute. Its unfair to the team formed years ago. Its unfair to you. [...]
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
@@ -98,7 +100,7 @@ Our fundraising platform, OpenCollective, is another source of contention. Our p
Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer:
> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing `jonah@triplebit.net`.
> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net.
## Further Reading

View File

@@ -13,14 +13,14 @@ We run a number of web services to test out features and promote cool decentrali
## Gitea
- Domain: [code.privacyguides.dev](https://code.privacyguides.dev)
- Availability: Invite-Only
- Availability: Invite-Only
Access may be granted upon request to any team working on *Privacy Guides*-related development or content.
- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea)
## Matrix
- Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org)
- Availability: Invite-Only
- Availability: Invite-Only
Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence.
- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)
@@ -33,6 +33,6 @@ Access may be granted upon request to Privacy Guides team members, Matrix modera
## Invidious
- Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net)
- Availability: Semi-Public
- Availability: Semi-Public
We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)

View File

@@ -1,14 +0,0 @@
---
title: Traffic Statistics
---
<!-- markdownlint-disable MD051 -->
We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below. With this process:
- Your information is never shared with a third-party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is required
Because of these facts, keep in mind our statistics may be inaccurate. It is a useful tool to compare different dates with each other and analyze overall trends, but the actual numbers may be far off from reality. They're *precise* statistics, but not *accurate* statistics.
[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary }
[Opt-Out](#__consent){ .md-button }

View File

@@ -354,8 +354,8 @@ dig +nocmd @9.9.9.11 -t txt o-o.myaddr.l.google.com +nocomments +noall +answer +
If the results include a second edns0-client-subnet TXT record (like shown below), then your DNS server is passing along EDNS information. The IP or network shown after is the precise information which was shared with Google by your DNS provider.
```text
o-o.myaddr.l.google.com. 60 IN TXT "198.51.100.32"
o-o.myaddr.l.google.com. 60 IN TXT "edns0-client-subnet 198.51.100.0/24"
o-o.myaddr.l.google.com. 60 IN TXT "198.51.100.32"
o-o.myaddr.l.google.com. 60 IN TXT "edns0-client-subnet 198.51.100.0/24"
;; Query time: 64 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Wed Mar 13 10:23:08 CDT 2024

View File

@@ -4,21 +4,11 @@ icon: 'simple/torproject'
description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible.
---
![Tor logo](../assets/img/self-contained-networks/tor.svg){ align=right }
[**Tor**](../alternative-networks.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
Tor works by routing your internet traffic through volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
[:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/core/tor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications.
## Safely Connecting to Tor
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
Before connecting to [Tor](../tor.md), you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.

View File

@@ -1,107 +0,0 @@
---
title: "Alternative Networks"
icon: material/vector-polygon
description: These tools allow you to access networks other than the World Wide Web.
cover: alternative-networks.webp
---
## Anonymizing Networks
When it comes to anonymizing networks, we want to specially note that [Tor](advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your anonymity, unless you know what you're doing.
### Tor
<div class="admonition recommendation" markdown>
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
[:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/core/tor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
</div>
The recommended way to access the Tor network is via the official Tor Browser, which we have covered in more detail on a dedicated page:
[Tor Browser Info :material-arrow-right-drop-circle:](tor.md){ .md-button .md-button--primary } [Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md){ .md-button }
<div class="admonition example" markdown>
<p class="admonition-title">Try it out!</p>
You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion).
</div>
#### Snowflake
<div class="admonition recommendation" markdown>
![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
[:octicons-home-16: Homepage](https://snowflake.torproject.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
</details>
</div>
You can enable Snowflake in your browser by opening it in another tab and turning the switch on. You can leave it running in the background while you browse to contribute your connection. We don't recommend installing Snowflake as a browser extension, because adding third-party extensions can increase your attack surface.
[Run Snowflake in your Browser :material-arrow-right-drop-circle:](https://snowflake.torproject.org/embed.html){ .md-button }
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
<div class="admonition recommendation" markdown>
![I2P logo](assets/img/self-contained-networks/i2p.svg#only-light){ align=right }
![I2P logo](assets/img/self-contained-networks/i2p-dark.svg#only-dark){ align=right }
**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
[:octicons-code-16:](https://github.com/i2p/i2p.i2p){ .card-link title="Source Code" }
[:octicons-heart-16:](https://geti2p.net/en/get-involved){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
- [:simple-android: Android](https://geti2p.net/en/download#android)
- [:simple-windows11: Windows](https://geti2p.net/en/download#windows)
- [:simple-apple: macOS](https://geti2p.net/en/download#mac)
- [:simple-linux: Linux](https://geti2p.net/en/download#unix)
</details>
</div>
Unlike Tor, all I2P traffic is internal to the I2P network, which means regular internet websites are **not** directly accessible from I2P. Instead, you can connect to websites which are hosted anonymously and directly on the I2P network, which are called "eepsites" and have domains which end in `.i2p`.
<div class="admonition example" markdown>
<p class="admonition-title">Try it out!</p>
You can try connecting to *Privacy Guides* via I2P at [privacyguides.i2p](http://privacyguides.i2p/?i2paddresshelper=fvbkmooriuqgssrjvbxu7nrwms5zyhf34r3uuppoakwwsm7ysv6q.b32.i2p).
</div>
Also unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users, there's no "crowd" to blend in with in that regard.
Tor is likely to be more resistant to censorship, due to their robust network of bridges and varying [pluggable transports](https://tb-manual.torproject.org/circumvention), but on the other hand I2P uses directory servers for the initial connection which are varying/untrusted and run by volunteers, compared to the hard-coded/trusted ones Tor uses which are likely easier to block.

View File

@@ -123,7 +123,7 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos){ .md-button }
@@ -202,18 +202,7 @@ A few more tips for purchasing a Google Pixel:
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
- Consider price beating options and specials offered at physical stores.
- Look at online community bargain sites in your country. These can alert you to good sales.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as:
<math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;">
<mfrac>
<mtext>Cost</mtext>
<mrow>
<mtext>End of Life Date</mtext>
<mo></mo>
<mtext>Current Date</mtext>
</mrow>
</mfrac>
</math>
, meaning that the longer use of the device the lower cost per day.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
## General Apps
@@ -281,7 +270,7 @@ Main privacy features include:
Metadata is not currently deleted from video files but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser).
</div>
@@ -322,7 +311,6 @@ The image orientation metadata is not deleted. If you enable location (in Secure
**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
@@ -364,7 +352,7 @@ The Google Play Store requires a Google account to login which is not great for
</div>
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
### Manually with RSS Notifications
@@ -430,7 +418,7 @@ That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](http
<div class="admonition note" markdown>
<p class="admonition-title">F-Droid Basic</p>
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic can do unattended updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
</div>

View File

@@ -39,13 +39,13 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
### Overwriting Account information
In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information.
For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email-aliasing.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
### Delete

View File

@@ -77,21 +77,21 @@ One of the clearest threat models is one where people *know who you are* and one
1. **Known identity** - A known identity is used for things where you must declare your name. There are many legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, customs declarations when importing items, or otherwise dealing with your government. These things will usually lead to credentials such as credit cards, credit rating checks, account numbers, and possibly physical addresses.
We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
</div>
</div>
2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc.
You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://getmonero.org). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://getmonero.org). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly.
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).

View File

@@ -158,7 +158,7 @@ Qubes OS has support for Challenge-Response authentication with YubiKeys. If you
SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH) on how to set this up.
#### TOTP
#### Time-based One-time Password (TOTP)
SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.

View File

@@ -82,62 +82,11 @@ We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_l
To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as <math>
<mrow>
<msub>
<mtext>log</mtext>
<mn>2</mn>
</msub>
<mo form="prefix" stretchy="false">(</mo>
<mtext>WordsInList</mtext>
<mo form="postfix" stretchy="false">)</mo>
</mrow>
</math> and the overall entropy of the passphrase is calculated as: <math>
<mrow>
<msub>
<mtext>log</mtext>
<mn>2</mn>
</msub>
<mo form="prefix" stretchy="false">(</mo>
<msup>
<mtext>WordsInList</mtext>
<mtext>WordsInPhrase</mtext>
</msup>
<mo form="postfix" stretchy="false">)</mo>
</mrow>
</math>
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as $\text{log}_2(\text{WordsInList})$ and the overall entropy of the passphrase is calculated as $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$.
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (<math>
<mrow>
<msub>
<mtext>log</mtext>
<mn>2</mn>
</msub>
<mo form="prefix" stretchy="false">(</mo>
<mn>7776</mn>
<mo form="postfix" stretchy="false">)</mo>
</mrow>
</math>), and a seven word passphrase derived from it has ~90.47 bits of entropy (<math>
<mrow>
<msub>
<mtext>log</mtext>
<mn>2</mn>
</msub>
<mo form="prefix" stretchy="false">(</mo>
<msup>
<mn>7776</mn>
<mn>7</mn>
</msup>
<mo form="postfix" stretchy="false">)</mo>
</mrow>
</math>).
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy ($\text{log}_2(7776)$), and a seven word passphrase derived from it has ~90.47 bits of entropy ($\text{log}_2(7776^7)$).
The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is <math>
<msup>
<mtext>WordsInList</mtext>
<mtext>WordsInPhrase</mtext>
</msup>
</math>, or in our case, <math><msup><mn>7776</mn><mn>7</mn></msup></math>.
The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is $\text{WordsInList}^\text{WordsInPhrase}$, or in our case, $7776^7$.
Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.

View File

@@ -10,19 +10,16 @@ Privacy is ultimately about human information, and this is important because we
Many people get the concepts of **privacy**, **security**, and **anonymity** confused. You'll see people criticize various products as "not private" when really they mean it doesn't provide anonymity, for example. On this website, we cover all three of these topics, but it is important you understand the difference between them, and when each one comes into play.
<!-- markdownlint-disable-next-line -->
**Privacy**
: ==Privacy is the assurance that your data is only seen by the parties you intend to view it.== In the context of an instant messenger, for example, end-to-end encryption provides privacy by keeping your message visible only to yourself and the recipient.
<!-- markdownlint-disable-next-line -->
**Security**
: Security is the ability to trust the applications you use—that the parties involved are who they say they are—and keep those applications safe. In the context of browsing the web, for example, security can be provided by HTTPS certificates.
: Certificates prove you are talking directly to the website you're visiting, and keep attackers on your network from reading or modifying the data sent to or from the website.
<!-- markdownlint-disable-next-line -->
**Anonymity**
: Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../tor.md), which allows you to browse the internet with a random IP address and network connection instead of your own.

View File

@@ -1,115 +0,0 @@
---
title: Browser Extensions
icon: material/puzzle-outline
description: These browser extensions can enhance your browsing experience and protect your privacy.
cover: browser-extensions.webp
---
In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface. They have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
However, some provide functionality which can outweigh these downsides in certain situations, particularly when it comes to [content blocking](basics/common-threats.md#mass-surveillance-programs).
Don't install extensions which you don't immediately have a need for, or ones that duplicate the functionality of your browser. For example, [Brave](desktop-browsers.md#brave) users don't need to install uBlock Origin, because Brave Shields already provides the same functionality.
## Content Blockers
### uBlock Origin
<div class="admonition recommendation" markdown>
![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right }
**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
</details>
</div>
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding:
- [x] Check **Privacy** > **AdGuard URL Tracking Protection**
- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt)
### uBlock Origin Lite
uBlock Origin also has a "Lite" version of their extension, which offers a very limited feature-set compared to the original extension. However, it has a few distinct advantages over its full-fledged sibling, so you may want to consider it if...
- ...you don't want to grant full "read/modify website data" permissions to any extensions (even a trusted one like uBlock Origin)
- ...you want a more resource (memory/CPU) efficient content blocker[^1]
- ...your browser only supports Manifest V3 extensions
<div class="admonition recommendation" markdown>
![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ align=right }
**uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function.
[:octicons-repo-16: Repository](https://github.com/uBlockOrigin/uBOL-home#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/uBlockOrigin/uBOL-home/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/uBlockOrigin/uBOL-home/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock/tree/master/platform/mv3){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/addon/ublock-origin-lite)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
</details>
</div>
We only recommend this version of uBlock Origin if you never want to make any changes to your filter lists, because it only supports a few pre-selected lists and offers no additional customization options, including the ability to select elements to block manually. These restrictions are due to limitations in Manifest V3's design.
This version offers three levels of blocking: "Basic" works without requiring any special privileges to view and modify site content, while the "Optimal" and "Complete" levels do require that broad permission, but offer a better filtering experience with additional cosmetic rules and scriptlet injections.
If you set the default filtering mode to "Optimal" or "Complete" the extension will request read/modify access to **all** websites you visit. However, you also have the option to change the setting to "Optimal" or "Complete" on a **per-site** basis by adjusting the slider in the extension's pop-up panel on any given site. When you do so, the extension will request read/modify access to that site only. Therefore, if you want to take advantage of uBlock Origin Lite's "permission-less" configuration, you should probably leave the default setting as "Basic" and only adjust it higher on sites where that level is not adequate.
uBlock Origin Lite only receives block list updates whenever the extension is updated from your browser's extension marketplace, as opposed to on demand. This means that you may miss out on new threats being blocked for weeks until a full extension release is published.
### AdGuard
We recommend [Safari](mobile-browsers.md#safari) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
<div class="admonition recommendation" markdown>
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/app/id1047223162)
</details>
</div>
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
## Criteria
- Must not replicate built-in browser or OS functionality.
- Must directly impact user privacy, i.e. must not simply provide information.
[^1]: uBlock Origin Lite *itself* will consume no resources, because it uses newer APIs which make the browser process the filter lists natively, instead of running JavaScript code within the extension to handle the filtering. However, this resource advantage is only [theoretical](https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#is-ubol-more-efficient-cpu--and-memory-wise-than-ubo), because it's possible that standard uBlock Origin's filtering code is more efficient than your browser's native filtering code. This has not yet been benchmarked.

View File

@@ -18,7 +18,7 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
[:octicons-home-16: Homepage](https://tuta.com/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tuta.com/support){ .card-link title=Documentation}
[:octicons-info-16:](https://tuta.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tuta.com/community){ .card-link title=Contribute }
@@ -43,11 +43,11 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
![Proton](assets/img/calendar/proton-calendar.svg){ align=right }
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier gain access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/calendar){ .card-link title=Documentation}
[:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
<details class="downloads" markdown>

View File

@@ -45,7 +45,7 @@ The Proton Drive web application has been independently audited by Securitum in
> Auditors identified two low-severity vulnerabilities. Additionally, five general recommendations were reported. At the same time, we confirm that no important security issues were identified during the pentest.
Proton Drive's brand new mobile clients have not yet been publicly audited by a third party.
Proton Drive's brand new mobile clients have not yet been publicly audited by a third-party.
## Tresorit
@@ -86,39 +86,6 @@ Tresorit has received a number of independent security audits:
They have also received the Digital Trust Label, a certification from the [Swiss Digital Initiative](https://www.efd.admin.ch/efd/en/home/digitalisierung/swiss-digital-initiative.html) which requires passing [35 criteria](https://digitaltrust-label.swiss/criteria) related to security, privacy, and reliability.
## Peergos
<div class="admonition recommendation" markdown>
![Peergos logo](assets/img/cloud/peergos.svg){ align=right }
**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. It is built on top of [IPFS (InterPlanetary File System)](https://ipfs.tech).
[:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://book.peergos.org){ .card-link title="Documentation" }
[:octicons-code-16:](https://github.com/Peergos/Peergos){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:octicons-globe-16: Web](https://peergos.net)
- [:simple-windows11: Windows](https://github.com/Peergos/web-ui/releases)
- [:simple-apple: macOS](https://github.com/Peergos/web-ui/releases)
- [:simple-linux: Linux](https://github.com/Peergos/web-ui/releases)
</details>
</div>
Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server negating the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
Peergos was [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in September 2019, and all found issues were subsequently fixed.
Also, the Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

View File

@@ -94,7 +94,7 @@ Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprintin
Note that while you can use Mullvad Browser with any VPN provider, other people on that VPN must also be using Mullvad Browser for this "crowd" to exist, something which is more likely on Mullvad VPN compared to other providers, particularly this close to the launch of Mullvad Browser. Mullvad Browser does not have built-in VPN connectivity, nor does it check whether you are using a VPN before browsing; your VPN connection has to be configured and managed separately.
Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically discourage adding *additional* [browser extensions](browser-extensions.md), these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically [don't recommend](#extensions) adding *additional* browser extensions, these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
### Private Browsing Mode
@@ -104,7 +104,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly (which is why it is limited to paying subscribers), however because of this limitation it is possible for Mullvad to correlate search queries and Mullvad VPN accounts. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -116,7 +116,7 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-
[:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mozilla.org/privacy/firefox){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mozilla.org/products/firefox){ .card-link title=Documentation}
[:octicons-info-16:](https://firefox-source-docs.mozilla.org){ .card-link title=Documentation}
[:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.mozilla.org){ .card-link title=Contribute }
@@ -135,29 +135,22 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases).
</div>
### Recommended Firefox Configuration
### Recommended Configuration
These options can be found in :material-menu: → **Settings**
#### Search
- [ ] Uncheck **Show search suggestions**
- [ ] Uncheck **Provide search suggestions**
Search suggestion features may not be available in your region.
Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider.
##### Firefox Suggest (US only)
[Firefox Suggest](https://support.mozilla.org/kb/firefox-suggest) is a feature similar to search suggestions which is only available in the US. We recommend disabling it for the same reason we recommend disabling search suggestions. If you don't see these options under the **Address Bar** header, you do not have the new experience and can ignore these changes.
- [ ] Uncheck **Suggestions from Firefox**
- [ ] Uncheck **Suggestions from sponsors**
#### Privacy & Security
##### Enhanced Tracking Protection
@@ -166,6 +159,13 @@ Search suggestions send everything you type in the address bar to the default se
This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from *all* fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability.
##### Firefox Suggest (US only)
[Firefox Suggest](https://support.mozilla.org/kb/firefox-suggest) is a feature similar to search suggestions which is only available in the US. We recommend disabling it for the same reason we recommend disabling search suggestions. If you don't see these options under the **Address Bar** header, you do not have the new experience and can ignore these changes.
- [ ] Uncheck **Suggestions from the web**
- [ ] Uncheck **Suggestions from sponsors**
##### Sanitize on Close
If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data****Manage Exceptions...**
@@ -182,7 +182,7 @@ This protects you from persistent cookies, but does not protect you against cook
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
Additionally, the Firefox Accounts service collects [some technical data](https://mozilla.org/privacy/firefox/#firefox-accounts). If you use a Firefox Account you can opt-out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -256,7 +256,7 @@ Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave%
</div>
### Recommended Brave Configuration
### Recommended Configuration
These options can be found in :material-menu: → **Settings**.
@@ -288,7 +288,7 @@ Brave allows you to select additional content filters within the internal `brave
</div>
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode).
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net) extension.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar.
##### Privacy and security
@@ -339,7 +339,7 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
1. This option is not present on all platforms.
#### Brave Sync
#### Sync
[Brave Sync](https://support.brave.com/hc/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.
@@ -351,6 +351,76 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
## Additional Resources
In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. However, uBlock Origin may prove useful if you value content blocking functionality.
### uBlock Origin
<div class="admonition recommendation" markdown>
![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right }
**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
</details>
</div>
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding:
- [x] Check **Privacy** > **AdGuard URL Tracking Protection**
- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt)
### uBlock Origin Lite
uBlock Origin also has a "Lite" version of their extension, which offers a very limited feature-set compared to the original extension. However, it has a few distinct advantages over its full-fledged sibling, so you may want to consider it if...
- ...you don't want to grant full "read/modify website data" permissions to any extensions (even a trusted one like uBlock Origin)
- ...you want a more resource (memory/CPU) efficient content blocker[^1]
- ...your browser only supports Manifest V3 extensions
<div class="admonition recommendation" markdown>
![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ align=right }
**uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function.
[:octicons-repo-16: Repository](https://github.com/uBlockOrigin/uBOL-home#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/uBlockOrigin/uBOL-home/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock/tree/master/platform/mv3){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/addon/ublock-origin-lite)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
</details>
</div>
We only recommend this version of uBlock Origin if you never want to make any changes to your filter lists, because it only supports a few pre-selected lists and offers no additional customization options, including the ability to select elements to block manually. These restrictions are due to limitations in Manifest V3's design.
This version offers three levels of blocking: "Basic" works without requiring any special privileges to view and modify site content, while the "Optimal" and "Complete" levels do require that broad permission, but offer a better filtering experience with additional cosmetic rules and scriptlet injections.
If you set the default filtering mode to "Optimal" or "Complete" the extension will request read/modify access to **all** websites you visit. However, you also have the option to change the setting to "Optimal" or "Complete" on a **per-site** basis by adjusting the slider in the extension's pop-up panel on any given site. When you do so, the extension will request read/modify access to that site only. Therefore, if you want to take advantage of uBlock Origin Lite's "permission-less" configuration, you should probably leave the default setting as "Basic" and only adjust it higher on sites where that level is not adequate.
uBlock Origin Lite only receives block list updates whenever the extension is updated from your browser's extension marketplace, as opposed to on demand. This means that you may miss out on new threats being blocked for weeks until a full extension release is published.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -363,7 +433,7 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
- Available on Linux, macOS, and Windows.
- Any changes required to make the browser more privacy-respecting should not negatively impact user experience.
- Blocks third-party cookies by default.
- Supports [state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1]
- Supports [state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^2]
### Best-Case
@@ -378,4 +448,10 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Provides open-source sync server implementation.
- Defaults to a [private search engine](search-engines.md).
[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state).
### Extension Criteria
- Must not replicate built-in browser or OS functionality.
- Must directly impact user privacy, i.e. must not simply provide information.
[^1]: uBlock Origin Lite *itself* will consume no resources, because it uses newer APIs which make the browser process the filter lists natively, instead of running JavaScript code within the extension to handle the filtering. However, this resource advantage is only [theoretical](https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#is-ubol-more-efficient-cpu--and-memory-wise-than-ubo), because it's possible that standard uBlock Origin's filtering code is more efficient than your browser's native filtering code. This has not yet been benchmarked.
[^2]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state).

View File

@@ -83,7 +83,6 @@ A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org)
**Fedora Atomic Desktops** are variants of Fedora which use the `rpm-ostree` package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
[:octicons-home-16: Homepage](https://fedoraproject.org/atomic-desktops){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/emerging){ .card-link title=Documentation}
[:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title=Contribute }
</details>
@@ -176,7 +175,7 @@ Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) t
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
Tails includes [uBlock Origin](browser-extensions.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
Tails includes [uBlock Origin](desktop-browsers.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.net/doc/persistent_storage/index.en.html) can be configured to store some data between reboots.

View File

@@ -206,7 +206,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-fdroid: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner)
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner)
</details>

View File

@@ -15,21 +15,20 @@ Encrypted DNS with third-party servers should only be used to get around basic [
These are our favorite public DNS resolvers based on their privacy and security characteristics, and their worldwide performance. Some of these services offer basic DNS-level blocking of malware or trackers depending on the server you choose, but if you want to be able to see and customize what is blocked you should use a dedicated DNS filtering product instead.
| DNS Provider | Protocols | Logging / Privacy Policy | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile |
|---|---|---|---|---|---|
| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext DoH/3 DoT DoQ DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard.com/en/blog/encrypted-dns-ios-14.html) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext DoH/3 DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
| [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext DoH/3 DoT DoQ | No[^3] | No | Based on server choice. | Yes [:octicons-link-external-24:](https://docs.controld.com/docs/macos-platform) |
| [**dns0.eu**](https://dns0.eu) | Cleartext DoH/3 DoH DoT DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH DoT | No[^5] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://mullvad.net/en/blog/profiles-to-configure-our-encrypted-dns-on-apple-devices) |
| [**Quad9**](https://quad9.net) | Cleartext DoH DoT DNSCrypt | Anonymized[^6] | Optional | Based on server choice, malware blocking by default. | Yes [:octicons-link-external-24:](https://quad9.net/news/blog/ios-mobile-provisioning-profiles) |
| DNS Provider | Privacy Policy | Protocols | Logging | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile |
|---|---|---|---|---|---|---|
| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext DoH/3 DoT DoQ DNSCrypt | Some[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard.com/en/blog/encrypted-dns-ios-14.html) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver) | Cleartext DoH/3 DoT | Some[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
| [**Control D Free DNS**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext DoH/3 DoT DoQ | Optional[^3] | No | Based on server choice. | Yes [:octicons-link-external-24:](https://docs.controld.com/docs/macos-platform) |
| [**dns0.eu**](https://dns0.eu) | [:octicons-link-external-24:](https://dns0.eu/privacy) | Cleartext DoH/3 DoH DoT DoQ | No | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://www.dns0.eu/zero.dns0.eu.mobileconfig) |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy) | DoH DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://mullvad.net/en/blog/profiles-to-configure-our-encrypted-dns-on-apple-devices) |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy) | Cleartext DoH DoT DNSCrypt | Some[^5] | Optional | Based on server choice, malware blocking by default. | Yes [:octicons-link-external-24:](https://quad9.net/news/blog/ios-mobile-provisioning-profiles) |
[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver)
[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy)
[^4]: dns0.eu collects some data for their threat intelligence feeds, to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some [partners](https://docs.dns0.eu/data-feeds/introduction) for e.g. security research. They do not collect any Personally Identifiable Information. [https://dns0.eu/privacy](https://dns0.eu/privacy)
[^5]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy)
[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://quad9.net/privacy/policy](https://quad9.net/privacy/policy)
[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy)
[^5]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://quad9.net/privacy/policy](https://quad9.net/privacy/policy)
## Self-Hosted DNS Filtering
@@ -173,6 +172,10 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
<div class="admonition warning" markdown>
<p class="admonition-title">The anonymized DNS feature does <a href="advanced/dns-overview.md#why-shouldnt-i0-use-encrypted-dns"><strong>not</strong></a> anonymize other network traffic.</p>
</div>
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
@@ -189,25 +192,13 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
The anonymized DNS feature does [not](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic.
</div>
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
All DNS products must support:
### Minimum Requirements
- [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
- Anonymize [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) or disable it by default.
Additionally, all public providers:
- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support.
- Must not log any personal data to disk
- As noted in our footnotes, some providers collect query information for example, for purposes like security research, but in that case that data must not be associated with any PII such as IP address, etc.

View File

@@ -8,8 +8,8 @@ An email aliasing service allows you to easily generate a new email address for
<div class="grid cards" markdown>
- ![addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji } [addy.io](email-aliasing.md#addyio)
- ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji } [SimpleLogin](email-aliasing.md#simplelogin)
- ![addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji } [addy.io](email.md#addyio)
- ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
</div>
@@ -24,7 +24,7 @@ They also have a number of benefits over "temporary email" services:
- Aliases are permanent and can be turned on again if you need to receive something like a password reset.
- Emails are sent to your trusted mailbox rather than stored by the alias provider.
- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, while aliases are private to you.
- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you.
Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.
@@ -40,7 +40,7 @@ Using an aliasing service requires trusting both your email provider and your al
[:octicons-home-16: Homepage](https://addy.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://addy.io/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://addy.io/faq){ .card-link title=Documentation}
[:octicons-info-16:](https://app.addy.io/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://addy.io/donate){ .card-link title=Contribute }
@@ -56,7 +56,7 @@ Using an aliasing service requires trusting both your email provider and your al
</div>
The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can create unlimited standard aliases which end in a domain like @[username].addy.io or a custom domain on paid plans. However, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit) addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can create unlimited standard aliases (which end in a domain like @[username].addy.io or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit) addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
Notable free features:
@@ -88,7 +88,7 @@ Notable free features:
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/simplelogin)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
- [:simple-safari: Safari](https://apps.apple.com/app/id6475835429)
- [:simple-safari: Safari](https://apps.apple.com/app/id1494051017)
</details>

View File

@@ -9,7 +9,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
<details class="warning" markdown>
<summary>Email does not provide forward secrecy</summary>
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](basics/email-security.md#email-metadata-overview) that is not encrypted in the header of the email.
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email.
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](basics/email-security.md) Consider using a medium that provides forward secrecy:
@@ -61,7 +61,7 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
#### Thunderbird-user.js (advanced)
[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js).
[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js), is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce surface area and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js).
## Platform Specific
@@ -93,7 +93,7 @@ Apple Mail has the ability to load remote content in the background or block it
[:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://canarymail.io/help){ .card-link title=Documentation}
[:octicons-info-16:](https://canarymail.zendesk.com){ .card-link title=Documentation}
<details class="downloads" markdown>
<summary>Downloads</summary>

View File

@@ -5,7 +5,6 @@ icon: material/email
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
cover: email.webp
---
<!-- markdownlint-disable MD024 -->
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
[Recommended Instant Messengers](real-time-communication.md){ .md-button }
@@ -71,7 +70,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
If you have the Proton Unlimited, Business, Family, or Visionary Plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
@@ -101,7 +100,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } Account Termination
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. Proton will [delete inactive free accounts](https://proton.me/support/inactive-accounts) after one year. You **cannot** reuse the email address on a deactivated account.
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
#### :material-information-outline:{ .pg-blue } Additional Functionality
@@ -136,7 +135,7 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
@@ -156,7 +155,7 @@ Mailbox.org also supports the discovery of public keys via HTTP from their [Web
#### :material-information-outline:{ .pg-blue } Account Termination
Your account will be set to a restricted user account when your contract ends. It will be irrevocably deleted after [30 days](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
#### :material-information-outline:{ .pg-blue } Additional Functionality
@@ -186,7 +185,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tuta.com/support){ .card-link title=Documentation}
[:octicons-info-16:](https://tuta.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tuta.com/community){ .card-link title=Contribute }
@@ -205,11 +204,11 @@ These providers store your emails with zero-knowledge encryption, making them gr
</div>
Tuta doesn't support the [IMAP protocol](https://tuta.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
Tuta doesn't support the [IMAP protocol](https://tuta.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and unlimited aliases on [custom domains](https://tuta.com/support#custom-domain). Tuta doesn't allow for [sub-addressing (plus addresses)](https://tuta.com/support#plus), but you can use a [catch-all](https://tuta.com/support#settings-global) with a custom domain.
Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and unlimited aliases on [custom domains](https://tuta.com/faq#custom-domain). Tuta doesn't allow for [sub-addressing (plus addresses)](https://tuta.com/faq#plus), but you can use a [catch-all](https://tuta.com/howto#settings-global) with a custom domain.
#### :material-information-outline:{ .pg-blue } Private Payment Methods
@@ -217,11 +216,11 @@ Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cry
#### :material-check:{ .pg-green } Account Security
Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
Tuta supports [two factor authentication](https://tuta.com/faq#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
Tuta has [zero access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
Tuta has [zero access encryption at rest](https://tuta.com/faq#what-encrypted) for your emails, [address book contacts](https://tuta.com/faq#encrypted-address-book), and [calendars](https://tuta.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -229,12 +228,14 @@ Tuta [does not use OpenPGP](https://tuta.com/support/#pgp). Tuta accounts can on
#### :material-information-outline:{ .pg-blue } Account Termination
Tuta will [delete inactive free accounts](https://tuta.com/support#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
Tuta will [delete inactive free accounts](https://tuta.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
#### :material-information-outline:{ .pg-blue } Additional Functionality
Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
Tuta also has a business feature called [Secure Connect](https://tuta.com/secure-connect). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
Tuta doesn't offer a digital legacy feature.
## Self-Hosting Email
@@ -275,7 +276,7 @@ For a more manual approach we've picked out these two articles:
## Criteria
**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an email provider, and conduct your own research to ensure the email provider you choose is the right choice for you.
**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
### Technology

View File

@@ -126,32 +126,28 @@ BitLocker is [only supported](https://support.microsoft.com/windows/turn-on-devi
To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
```powershell
powershell Get-Disk
```
```powershell
powershell Get-Disk
```
2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
```powershell
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
```
```powershell
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
```
3. Access [Advanced Startup Options](https://support.microsoft.com/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
4. Login with your admin account and type this in the command prompt to start encryption:
```powershell
manage-bde -on c: -used
```
```powershell
manage-bde -on c: -used
```
5. Close the command prompt and continue booting to regular Windows.
6. Open an admin command prompt and run the following commands:
```powershell
manage-bde c: -protectors -add -rp -tpm
manage-bde -protectors -enable c:
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
```
```powershell
manage-bde c: -protectors -add -rp -tpm
manage-bde -protectors -enable c:
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
```
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
@@ -259,7 +255,7 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
![Tomb logo](assets/img/encryption-software/tomb.png){ align=right }
**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://dyne.org/software/tomb/#advanced-usage).
**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
[:octicons-home-16: Homepage](https://dyne.org/software/tomb){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}

View File

@@ -14,7 +14,7 @@ Discover how to privately share your files between your devices, with your frien
![Send logo](assets/img/file-sharing-sync/send.svg){ align=right }
**Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
**Send** is a fork of Mozillas discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
[:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
@@ -144,7 +144,6 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

View File

@@ -84,7 +84,6 @@ These services allow you to purchase gift cards for a variety of merchants onlin
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

View File

@@ -11,38 +11,6 @@ If you choose to self-host these frontends, it is important that you have other
When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance. They can be modified by their owners and therefore may not reflect the default policy. Some instances have [Tor](tor.md) .onion addresses which may grant some privacy as long as your search queries don't contain PII.
## Reddit
### Redlib
<div class="admonition recommendation" markdown>
![Redlib logo](assets/img/frontends/redlib.svg){ align=right }
**Redlib** is an open-source frontend to the [Reddit](https://www.reddit.com) website that is also self-hostable.
There are a number of public instances, with some instances having [Tor](tor.md) onion services support.
[:octicons-repo-16: Repository](https://github.com/redlib-org/redlib){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/redlib-org/redlib-instances/blob/main/instances.md){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/redlib-org/redlib?tab=readme-ov-file#table-of-contents){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/redlib-org/redlib){ .card-link title="Source Code" }
</div>
<div class="admonition note" markdown>
<p class="admonition-title">Note</p>
The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](tor.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
</div>
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level.
</div>
## TikTok
### ProxiTok
@@ -154,11 +122,10 @@ By default, Yattee blocks all YouTube advertisements. In addition, Yattee option
LibreTube allows you to store your subscription list and playlists locally on your Android device, or to an account on your Piped instance of choice, which allows you to access them seamlessly on other devices as well.
[:octicons-home-16: Homepage](https://libretube.dev){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/libre-tube/LibreTube/blob/master/PRIVACY_POLICY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://libretube.dev/#faq){ .card-link title=Documentation}
[:octicons-home-16: Homepage](https://libre-tube.github.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/libre-tube/LibreTube#privacy-policy-and-disclaimer){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/libre-tube/LibreTube#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/libre-tube/LibreTube#donate){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>Downloads</summary>
@@ -176,7 +143,7 @@ When using LibreTube, your IP address will be visible to the [Piped](https://git
</div>
By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
### NewPipe (Android)
@@ -190,7 +157,7 @@ Your subscription list and playlists are saved locally on your Android device.
[:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://newpipe.net/FAQ){ .card-link title=Documentation}
[:octicons-info-16:](https://teamnewpipe.github.io/documentation){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
[:octicons-heart-16:](https://newpipe.net/donate){ .card-link title=Contribute }
@@ -258,8 +225,8 @@ Invidious is useful if you want to disable JavaScript in your browser, such as [
Piped requires JavaScript in order to function and there are a number of public instances.
[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/TeamPiped/Piped/wiki/Instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://docs.piped.video/docs){ .card-link title=Documentation}
[:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
[:octicons-info-16:](https://piped-docs.kavin.rocks){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
@@ -284,8 +251,6 @@ Recommended frontends...
- Must be self-hostable.
- Must provide all basic website functionality available to anonymous users.
We only consider frontends if one of the following is true for a platform:
We only consider frontends for websites which are...
- Normally only accessible with JavaScript enabled.
- Normally only accessible with an account.
- Blocks access from commercial [VPNs](vpn.md).

View File

@@ -1,6 +1,6 @@
---
meta_title: "Privacy Guides: Your Independent Privacy and Security Resource"
template: home.html
template: overrides/home.en.html
social:
cards_layout: home
hide:
@@ -36,7 +36,7 @@ schema:
urlTemplate: "https://www.privacyguides.org/?q={search_term_string}"
query-input: required name=search_term_string
---
<!-- markdownlint-disable -->
<!-- markdownlint-disable-next-line -->
## Why should I care?
##### “I have nothing to hide. Why should I care about my privacy?”
@@ -56,3 +56,17 @@ Trying to protect all your data from everyone all the time is impractical, expen
==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan.
[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md){ class="md-button md-button--primary" }
---
## We need you! Here's how to get involved:
[:simple-discourse:](https://discuss.privacyguides.net){ title="Join our Forum" }
[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" }
[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" }
[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" }
[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" }
[:material-information-outline:](about/index.md){ title="Learn more about us" }
[:material-hand-coin-outline:](about/donate.md){ title="Support the project" }
It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.

View File

@@ -3,6 +3,8 @@ title: KB Archive
icon: material/archive
description: Some pages that used to be in our knowledge base can now be found on our blog.
---
# Pages Moved to Blog
Some pages that used to be in our knowledge base can now be found on our blog:
- [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos)

View File

@@ -19,4 +19,4 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand](
"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at `jonah@privacyguides.org`. Consult your legal counsel if you have questions.
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.

View File

@@ -8,18 +8,15 @@ If you make changes to this website on GitHub.com's web editor directly, you sho
You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo):
```bash
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global tag.gpgSign true
```
```
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global tag.gpgSign true
```
2. Set your SSH key for signing in Git with the following command, substituting `/PATH/TO/.SSH/KEY.PUB` with the path to the public key you'd like to use, e.g. `/home/user/.ssh/id_ed25519.pub`:
```bash
git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
```
```
git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
```
Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).
@@ -29,7 +26,7 @@ Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHu
You can set this to be the default behavior:
```bash
```
git config --global pull.rebase true
```
@@ -37,7 +34,7 @@ git config --global pull.rebase true
If you are working on your own branch, run these commands before submitting a PR:
```bash
```
git fetch origin
git rebase origin/main
```

View File

@@ -40,6 +40,8 @@ These are our currently recommended mobile web browsers and configurations for s
## Android
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
### Brave
<div class="admonition recommendation" markdown>
@@ -66,7 +68,7 @@ Brave is built upon the Chromium web browser project, so it should feel familiar
</div>
#### Recommended Brave Configuration
#### Recommended Configuration
Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another.
@@ -128,45 +130,6 @@ Brave allows you to select additional content filters within the internal `brave
[Brave Sync](https://support.brave.com/hc/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.
### Mull
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
Firefox (Gecko)-based browsers on Android [lack per-site process isolation](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196), a powerful security feature that offers additional protection against a malicious website exploiting a security vulnerability. Missing this feature likely won't pose an issue for low-risk web browsers who keep their browser up-to-date, but those visiting higher-risk sites or at risk of targeted/0-day attacks should strongly consider a Chromium-based browser like [Brave](#brave) instead.
</div>
<div class="admonition recommendation" markdown>
![Mull logo](assets/img/browsers/mull.svg){ align=right }
**Mull** is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references.
[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#mull){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://divestos.org/pages/browsers#tuningFenix){ .card-link title=Documentation }
[:octicons-code-16:](https://codeberg.org/divested-mobile/mull-fenix){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-fdroid: F-Droid](https://f-droid.org/en/packages/us.spotco.fennec_dos)
</details>
</div>
Enable DivestOS's [F-Droid Repo](https://divestos.org/fdroid/official) to receive updates directly from the developer. Downloading Mull from the default F-Droid repo will mean your updates could be delayed by a few days or longer.
Mull enables many features upstreamed by the [Tor uplift project](https://wiki.mozilla.org/Security/Tor_Uplift) using preferences from [Arkenfox](desktop-browsers.md#arkenfox-advanced). Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.
#### Recommended Mull Configuration
We would suggest installing [uBlock Origin](browser-extensions.md#ublock-origin) as a content blocker if you want to block trackers within Mull.
Mull comes with privacy protecting settings configured by default. You might consider configuring the **Delete browsing data on quit** options in Mull's settings if you want to close all your open tabs when quitting the app automatically, or clear other data such as browsing history and cookies automatically.
## iOS
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
@@ -187,11 +150,9 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
</div>
#### Recommended Safari Configuration
#### Recommended Configuration
We would suggest installing [AdGuard](browser-extensions.md#adguard) as a content blocker if you want to block trackers within Safari.
The following privacy/security-related options can be found in the :gear: **Settings** app → **Safari**
These options can be found in :gear: **Settings****Safari**
##### Profiles
@@ -247,6 +208,32 @@ You can enable E2EE for your Safari bookmarks and downloads by enabling [Advance
If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings****Safari****General****Downloads**.
### AdGuard
<div class="admonition recommendation" markdown>
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/app/id1047223162)
</details>
</div>
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -254,6 +241,13 @@ If you use iCloud with Advanced Data Protection disabled, we also recommend chec
### Minimum Requirements
- Must support automatic updates.
- Must receive engine updates from upstream releases quickly.
- Must support content blocking.
- Must receive engine updates in 0-1 days from upstream release.
- Any changes required to make the browser more privacy-respecting should not negatively impact user experience.
- Android browsers must use the Chromium engine.
- Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android.
- iOS browsers are limited to WebKit.
### Extension Criteria
- Must not replicate built-in browser or OS functionality.
- Must directly impact user privacy, i.e. must not simply provide information.

View File

@@ -151,7 +151,6 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

411
docs/os/windows-overview.md Normal file
View File

@@ -0,0 +1,411 @@
---
title: Windows Overview
icon: simple/windows
description: Windows is a traditonal operating system developed by Microsoft that provides a platform for running software applications and managing computer hardware.
---
Windows, a renowned desktop operating system developed by Microsoft, made its debut in 1985. It boasts a broad user base across various hardware manufacturers. Nonetheless, it grapples with issues such as bloatware, intrusive tracking, and security vulnerabilities. This guide aims to address and mitigate these concerns to enhance your Windows experience, though complete elimination may not be achievable.
## Hardware and Firmware Security
### Choosing a Secure Hardware
- Choose a secured-core PC that has long-term lifetime support. The Microsoft Surface for Business series is the best option in this regard.
- Choose a PC with Microsoft Pluton.
<details class="note" markdown>
<summary>Secure Launch and Secure Boot</summary>
TBC
</details>
### Firmware Settings
- Enable Secure Boot and, if applicable, disable the third-party Microsoft UEFI CA.
- Enable Virtualization settings.
- Enable Dynamic Root of Trust for Measurement (DRTM).
- If available, set Thunderbolt Security Settings to the highest level.
- Be sure to set a firmware password.
- Configure Boot Sequence to exclusively boot from your hard drive while disabling all other items, if accessible.
- Enable Trusted Platform Module (TPM) and designate Microsoft Pluton as default if applicable.
## Operating System Security
### Choose the Correct Version and Edition
Use Windows 11 Enterprise, version 23H2 as your operating system.
### Out-of-Box-Experience (OOBE)
- Select your region to European Union (EU) and allow optional diagnostic data.
- Use a local account instead of a Microsoft account.
- After OOBE, enable Smart App Control in Start → Windows Security → App & Browser Control → Smart App Control.
<details class="note" markdown>
<summary>Activate Windows Enterprise</summary>
For Key Management Service (KMS) activation, execute the following command from an elevated command prompt:
```
cd "c:\windows\system32"
cscript slmgr.vbs /skms input.your.kms.server.here
cscript slmgr.vbs /ato
```
For Multiple Activation Key (MAK) activation, execute the following command from an elevated command prompt:
```
cd "c:\windows\system32"
cscript slmgr.vbs /ipk input-your-mak-key-here
cscript slmgr.vbs /ato
```
</details>
<details class="note" markdown>
<summary>Upgrade Windows</summary>
To upgrade from Windows Home to Windows Pro, enter your product key in Sttings → System → Activation → Change product key.
To upgrade from Windows Pro to Windows Enterprise, execute the following command from an elevated command prompt:
```
cd "c:\windows\system32"
cscript slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43
cscript slmgr.vbs /ato
```
Please note that the above command will not activate Windows Enterprise.
</details>
<details class="info" markdown>
<summary>Command Prompt and Group Policy</summary>
TBC
</details>
### Install Updates
Installing updates is crucial. Windows Update delivers updates to Windows automatically. You can also manually check for updates in Start → Settings → Windows Update → Check for Updates. You should [update](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#apply-the-update-to-a-running-pc) Windows Recovery Environment (Windows RE) by yourself. If you have other Windows installation media, such as Windows Preinstallation Environment (Windows PE) or Windows RE that is not recognized by the current Windows operating system, you should [update](https://learn.microsoft.com/en-us/windows/deployment/update/media-dynamic-update) them manually.
You can track update packages for Windows operating system, Windows RE and Windows PE using [this](https://support.microsoft.com/en-us/feed/rss/4ec863cc-2ecd-e187-6cb3-b50c6545db92) RSS feed. *Compatibility update for installing and recovering Windows* denotes updates for Windows RE. *Setup Dynamic Update for Windows* denotes updates for Windows PE. You can download update packages from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx).
You should also enable automatic updates in Microsoft Store in Start → Microsoft Store → Personal Profile → Settings → App Updates. You can also obtain drivers and firmware updates from original equipment manufacturers (OEMs).
<details class="info" markdown>
<summary>Types of Windows updates</summary>
**Feature updates** are released annually to add new features and functionality to Windows.
**Quality updates**, which encompass security and non-security fixes such as security updates, critical updates, servicing stack updates, and driver updates, are typically released on the second Tuesday of each month but can be released at any time.
</details>
### Security Baselines
A security baseline is a group of Microsoft-recommended configuration settings that explains their security implication.
- [Download](https://www.microsoft.com/en-us/download/details.aspx?id=55319) the following files: `Windows 11 v23H2 Security Baseline.zip` and `LGPO.zip`.
- Unzip both files. In `LGPO\LGPO_30`, copy `LGPO.exe` to `Windows 11 v23H2 Security Baseline\Scripts\Tools`.
- In `Windows 11 v23H2 Security Baseline\Scripts`, execute the following command from an elevated command prompt:
```
Set-ExecutionPolicy -Scope Process Unrestricted
.\Baseline-LocalInstall.ps1 -Win11NonDomainJoined
```
You can track security baseline updates using [this](https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Microsoft-Security-Baselines) RSS feed.
### Application Security
Most applications on Windows are not sandboxed. In Microsoft Store, only the apps without the permission "This app can access all your files, peripheral devices, apps, programs, and registry" are sandboxed. If you sideload apps, only those with the file extensions `.msix`, `.msixbundle`, `.appx`, `.appxbundle`, and without the permission "This app can access all your files, peripheral devices, apps, programs, and registry" are sandboxed.
Smart App Control can check the security of apps while they are running. You should enable Smart App Control in Start → Windows Security → App & Browser Control → Smart App Control.
You can also use Windows Sandbox to run untrusted apps. Enable Windows Sandbox in Start → Settings → System → Optional Fetures → More Windows Features. Open Windows Sandbox in Start → Windows Sandbox. You can transfer files and apps into Windows Sandbox by copying them.
### Device Encryption
BitLocker is a disk encryption feature. Before enabling Bitlocker, you should configure it to use stronger encryption methods as well as allow for more secure unlocking methods:
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)` and set the options to `XTS-AES 256-bit`, `XTS-AES 256-bit`, `AES-CBC 256-bit` respectively.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require additional authentication at startup` and set the options to unchecked, `Allow TPM`, `Allow startup PIN with TPM`, `Allow startup key with TPM` and `Allow startup key and PIN with TPM` respectively.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Allow enhanced PINs for startup`.
You should enable Bitlocker in Start → Windows Security → Device Security → Data Encryption. You should set a strong PIN for BitLocker and encrypt the entire disk space.
### Antivirus Protection
Windows include Windows Security, which provides the latest antivirus protection.
- Enable all options in Start → Windows Security → App & Browser Control → Reputation Based Protection.
- Enable all options in Start → Windows Security → App & Browser Control → Exploit Protection → System Settings.
- Enable all options in Start → Windows Security → Virus & Threat Protection → Virus & Threat Protection Settings.
- Enable the option in Start → Windows Security → Virus & Threat Protection → Ransomware Protection → Controlled Folder Access.
- Enable `Block all inbound connections` options in Start → Windows Security → Firewall and Network Protection → Public Network/Private Network/Domain Network.
- Check if `Memory access protection` is displayed in Start → Windows Security → Device Security → Core Isolation. If not, enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Disable new DMA devices when this computer is locked`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Turn on e-mail scanning`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Scan removable drives`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Scan network files`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Scan\Run full scan on mapped network drives`.
- Execute `setx /M MP_FORCE_USE_SANDBOX 1` from an elevated command prompt.
### Account Security
You should use a local user account for daily tasks. Use complex passwords for your accounts. You can create a local user account in Start → Settings → Accounts → Other users → Add account → I don't have this person's sign-in information → Add a user without a Microsoft account. You should add security questions to your local account in case you forget your password in Start → Settings → Accounts → Sign-in options → Update your security questions. You can also create a password reset disk for your local account. In the search box on the taskbar, type `Control Panel`, and then choose it from the list of results. In the Control Panel search box, type `create password reset`. Select `Create a password reset disk`, and follow the remaining instructions.
You can hide your account info when logging in by enabling the Group Policy `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Dont display last signed-in` and `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Dont display username at sign-in`. You can also find the related option in Start → Settings → Accounts → Sign-in Options → Show account details such as my email address on the sign-in screen.
### Network & Bluetooth Security
- Disable all options in Start → Settings → Network & Internet → Advanced Network Setings → Advanced Sharing Setings → Private Networks/Public Networks. Set options in Start → Settings → Network & Internet → Advanced Network Setings → Advanced Sharing Setings → All Networks to disable public folder sharing, use 128-bit encryption and enable password protected sharing.
- Enable MAC Address Randomization in Start → Settings → Network & Internet → Wi-Fi → Random Hardware Addresses and set the option in Start → Settings → Network & Internet → Wi-Fi → (Your Network Display Name) → Random Hardware Addresses to `Change every day`.
- Turn off Bluetooth when not in use. Disable device discovery in Start → Settings → Devices → Devices → More Bluetooth Settings.
- Set your encrypted DNS in Start → Settings → Network & Internet → Wi-Fi → (Your Network Properties) → DNS Server Assignment → Edit → Manual.
### Developer Mode
- Disable Developer Mode in Start → Settings → System → For Developers → Developer Mode.
- Disable Remote Desktop in Start → Settings → System → For Developers → Remote Desktop.
- Enable all options in Start → Settings → System → For Developers → File Explorer.
### Additional Attack Surface Reduction Measures
In addition to the security baselines, there are some additional attack surface reduction measures.
- Disable Remote Assistance. In the search box on the taskbar, type `remote assistance`, and then select `Allow Remote Assistance invitations to be sent from this computer` from the list of results. Then, on the `Remote` tab, unselect the Allow Remote Assistance connections to this computer check box, and then select OK.
- Uninstall features you won't use like Internet Explorer mode in Start → Settings → System → Optional Fetures and Start → Settings → System → Optional Fetures → More Windows Features.
- Enable the Group Policy `Computer Configuration\Administrative Templates\MS Security Guide\Enable Certificate Padding`.
- Add additional attack surface reduction rules and set them to warn mode. Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack surface reduction\Configure Attack Surface Reduction rules`. Select `Show...` and add the following [rule IDs](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#asr-rule-to-guid-matrix) in the Value Name column. Then change the status of all rules to 6 in the Value column.
```
56a863a9-875e-4185-98a7-b882c64b5ce5
d1e49aac-8f56-4280-b9ba-993a6d77406c
01443614-cd74-433a-b99e-2ecdc07bfc25
```
- Execute the following command from an elevated command prompt:
```
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa" /v DisableRestrictedAdmin /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\OLELinkConversionFromOLESTREAMToIStorage" /v Disabled /t REG_DWORD /d 1 /f
```
- Enable [additional mitigations](https://support.microsoft.com/en-us/topic/kb4073119-windows-client-guidance-for-it-pros-to-protect-against-silicon-based-microarchitectural-and-speculative-execution-side-channel-vulnerabilities-35820a8a-ae13-1299-88cc-357f104f5b11) against silicon-based microarchitectural and speculative execution side-channel vulnerabilities without disabling Hyper-Threading (also known as Simultaneous Multi Threading (SMT)) in Intel processors by executing the following command from an elevated command prompt.
```
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800048 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v RetsPredictedFromRsbOnly /t REG_DWORD /d 1 /f
```
Enable additional mitigations against silicon-based microarchitectural and speculative execution side-channel vulnerabilities with Hyper-Threading disabled in Intel processors by executing the following command from an elevated command prompt.
```
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00802048 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v RetsPredictedFromRsbOnly /t REG_DWORD /d 1 /f
```
Enable additional mitigations against silicon-based microarchitectural and speculative execution side-channel vulnerabilities in AMD processors by executing the following command from an elevated command prompt. To be fully protected, you might also need to disable Hyper-Threading (also known as Simultaneous Multi Threading (SMT)).
```
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 16842760 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v RetsPredictedFromRsbOnly /t REG_DWORD /d 1 /f
```
Enable additional mitigations against silicon-based microarchitectural and speculative execution side-channel vulnerabilities in ARM processors by executing the following command from an elevated command prompt. To be fully protected, you might also need to disable Hyper-Threading (also known as Simultaneous Multi Threading (SMT)).
```
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 64 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v RetsPredictedFromRsbOnly /t REG_DWORD /d 1 /f
```
## Privacy Settings
Windows collects [three categories](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1iLkl) of personal data to send to Microsoft: Windows Diagnostic Data, Account Data, and Windows Required Service Data.
### Windows Diagnostic Data
Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Data Collection And Preview Builds\Allow Diagnostic Data` and set it to `Diagnostic data off (not recommended)`.
### Account Data
Use local accounts instead of online accounts like Microsoft accounts to sign in to your devices and enable the Group Policy `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft accounts` and set it to `Users cant add Microsoft accounts`. You can still log on apps likw Microsoft Store with Microsoft accounts. If you have logged on apps using a Microsoft account, you can limit its use in Start → Settings → Accounts → Email & accounts → (Your Microsoft Account) → Sign-in Options and select the option to `Apps need to ask me to use this account`.
<details class="warning" markdown>
<summary>Warning</summary>
If the Group Policy `Accounts: Block Microsoft accounts` is set to `Users cant add or log on with Microsoft accounts`, attempting to restore the System in Windows Recovery Environment (Windows RE) will [fail](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference?view=windows-11#known-issue) with the error message "You need to sign in as an administrator to continue, but there aren't any administrator accounts on this PC."
</details>
### Windows Required Service Data
Some Required Service Data is necessary for Windows security and should be retained.
- Uninstall pre-installed apps you won't use in Start → Settings → Apps → Installed Apps and Start → Settings → System → System Components.
- Disable all options in Start → Settings → Privacy & Security → Windows Permissions.
- Do not join the Windows Insider Program in Start → Settings → Windows Update → Windows Insider Program.
- Disable suggestions and recommendations in Start → Settings → Personalization → Start.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana`.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cloud Search`.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Do not allow web search`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results in Search`.
- Enable all Group Policy objects under `Computer Configuration\Administrative Templates\Windows Components\Cloud Content`.
- Enable the Group Policy `User Configuration\Administrative Templates\Windows Components\Cloud Content\Do not use diagnostic data for tailored experiences`.
- Enable the Group Policy `User Configuration\Administrative Templates\Windows Components\Cloud Content\Do not suggest third-party content in Windows spotlight`.
- Enable the Group Policy `User Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off cloud optimized content`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Windows Error Reporting`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Software Protection Platform\Turn off KMS Client Online AVS Validation`.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Messaging\Allow Message Service Cloud Sync`.
- Execute `reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Messaging" /v CloudServiceSyncEnabled /t REG_DWORD /d 0 /f` from an elevated command prompt.
- Execute `reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MRT" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f` from an elevated command prompt.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Reporting\Configure Watson events`.
- In Start → Settings → Apps → Advanced app settings, set `Choose where to get apps` to `Anywhere`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization\Download Mode` and set it to `Simple (99)`.
- Execute `reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" /v "EnableFeeds" /t REG_DWORD /d 0 /f` from an elevated command prompt.
- Execute `setx /M DOTNET_CLI_TELEMETRY_OPTOUT 1` from an elevated command prompt.
- Execute `setx /M POWERSHELL_TELEMETRY_OPTOUT 1` from an elevated command prompt.
- Execute `setx /M MSEDGEDRIVER_TELEMETRY_OPTOUT 1` from an elevated command prompt.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\Widgets\Allow Widgets`.
- If you are using a Input Method Editors (IME), disable the option in Start → Settings → Time & Language → Language & Region → (Your Language) → Language Options → (Your IME) → Keyboard Options → Lexicon and Self-Learning → Try text suggestions from Bing.
- You can manage Copilot in Windows by configuring the Group Policy `User Configuration\Administrative Templates\Windows Components\Windows Copilot\Turn off Windows Copilot`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Windows Components\OneDrive\Prevent OneDrive from generating network traffic until the user signs in to OneDrive`.
## Microsoft Edge
- [Download](https://www.microsoft.com/en-us/edge/business/download) the Microsoft Edge policy and unzip the file.
- Copy `MicrosoftEdgePolicyTemplates.cab\MicrosoftEdgePolicyTemplates.zip\windows\admx\msedge.admx` to `C:\Windows\PolicyDefinitions`. Copy `MicrosoftEdgePolicyTemplates.cab\MicrosoftEdgePolicyTemplates.zip\windows\admx\msedge.admx\(Your locale ID)\msedge.adml` to `C:\Windows\PolicyDefinitions\(Your locale ID)`.
- You can track security baseline updates using [this](https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Microsoft-Security-Baselines) RSS feed.
### Microsoft Edge Security
- [Download](https://www.microsoft.com/en-us/download/details.aspx?id=55319) the following files: `Microsoft Edge v117 Security Baseline.zip` and `LGPO.zip`.Unzip both files. In `LGPO\LGPO_30`, copy `LGPO.exe` to `Microsoft Edge v117 Security Baseline\Scripts\Tools`. In `Microsoft Edge v117 Security Baseline\Scripts`, execute the following command from an elevated command prompt:
```
Set-ExecutionPolicy -Scope Process Unrestricted
.\Baseline-LocalInstall.ps1
```
- Microsoft Edge automatically updates itself. You can also update it manually in `edge://settings/help`.
- Enable the option(s) `Microsoft Defender SmartScreen` in `edge://settings/privacy`.
- Enable the option(s) `Block potentially unwanted apps` in `edge://settings/privacy`.
- Enable the option(s) `Website typo protection` in `edge://settings/privacy`.
- Enable the option(s) `Enhance your security on the web` in `edge://settings/privacy` and set it to `Strict`.
- Enable the option(s) `Allow extensions from other stores` in `edge://extensions/`. Prioritize installing extensions from Chrome Web Store, as Chrome Web Store more aggressively uses Manifest V3.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Configure browser process code integrity guard setting` and set it to `Enable code integrity guard enforcement in the browser process`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Enable online OCSP/CRL checks`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Enable the network service sandbox`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Restrict exposure of local IP address by WebRTC` and set it to `Use TCP unless proxy server supports UDP`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Configure Automatic HTTPS` and set it to `All navigations delivered over HTTP are switched to HTTPS`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Control the mode of DNS-over-HTTPS` and set it to `Enable DNS-over-HTTPS without insecure fallback`. Configure the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Specify URI template of desired DNS-over-HTTPS resolver` according to your needs.
### Microsoft Edge Privacy
For diagnostic data, enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Send required and optional diagnostic data about browser usage` and set the option to `off`.
For account data, use local profiles instead of online accounts like Microsoft accounts to sign in to Microsoft Edge. Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Browser sign-in settings` and set the option to `Disable browser sign-in`. Then disable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Configure whether a user always has a default profile automatically signed in with their work or school account`.
For required service data:
- Disable the option(s) in `edge://settings/profiles/rewards`.
- Disable the option(s) in `edge://settings/profiles/multiProfileSettings`.
- Disable the option(s) in `edge://settings/profiles/localBrowserDataShare`.
- Disable the option(s) in `edge://wallet/settings`.
- Enable the option(s) `Tracking Prevention` in `edge://settings/privacy` and set the option to `Strict`.
- Enable the option(s) in `edge://settings/clearBrowsingDataOnClose`.
- Enable the option(s) `Send "Do Not Track" requests` in `edge://settings/privacy`.
- Disable the option(s) `Allow sites to check if you have payment methods saved` in `edge://settings/privacy`.
- Disable the option(s) `Allow sites to check if you have payment methods saved` in `edge://settings/privacy`.
- Disable the option(s) `Help improve Microsoft products by sending the results from searches on the web` in `edge://settings/privacy`.
- Disable the option(s) `Allow Microsoft to save your browsing activity including history, usage, favorites, web content, and other browsing data to personalize Microsoft Edge and Microsoft services like ads, search, shopping and news.` in `edge://settings/privacy`.
- Disable all option(s) under the `Services` section in `edge://settings/privacy`.
- Disable the option(s) `Show me search and site suggestions using my typed characters` in `edge://settings/searchFilters`.
- Disable the option(s) `Show me suggestions from history, favorites and other data on this device using my typed characters` in `edge://settings/searchFilters`.
- Disable the option(s) `Personalize my top sites in customize sidebar` in `edge://settings/sidebar`.
- Disable the option(s) `Allow Microsoft to access page content` and `Show shopping notifications` in `edge://settings/sidebar/appSettings?hubApp=cd4688a9-e888-48ea-ad81-76193d56b1be`.
- Disable the option(s) `Allow access to page URLs` in `edge://settings/sidebar/appSettings?hubApp=96defd79-4015-4a32-bd09-794ff72183ef`.
- Disable the option(s) `Preload your new tab page for a faster experience` in `edge://settings/startHomeNTP`.
- Configure the option(s) `Customize your new tab page layout and content` in `edge://settings/startHomeNTP` according to your needs.
- Enable the option(s) `Block third-party cookies` in `edge://settings/content/cookies`.
- Disable the option(s) `Preload pages for faster browsing and searching` in `edge://settings/content/cookies`.
- Disable the option(s) `Use text prediction` in `edge://settings/languages`.
- Disable the option(s) `Enable grammar and spellcheck assistance` or enable it with `Basic` in `edge://settings/languages`.
- Configure the option(s) `Share additional operating system region` to `Never` in `edge://settings/languages`.
- Disable the option(s) `Get image descriptions from Microsoft for screen readers` in `edge://settings/accessibility`.
- Disable the option(s) `Allow identifiers for protected content (computer restart may be required)` in `edge://settings/content/protectedContent`.
- Configure `edge://flags/#edge-widevine-drm` according to your needs.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Enables default browser settings campaigns`.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Edge 3P SERP Telemetry Enabled`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Enable network prediction` and set it to `Dont predict network actions on any network connection`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Secure mode and Certificate-based Digital Signature validation in native PDF reader`.
- Disable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Content settings\Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services`.
- Enable the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Configure InPrivate mode availability` and set it to `Forced`.
<details class="warning" markdown>
<summary>Warning</summary>
Setting ```Configure InPrivate mode availability``` to ```Forced``` will prevent you from accessing `edge://settings`.
</details>
- If you are using others PC, use Guest mode in Start → Microsoft Edge → Personal Profile icon → Other Profiles → Browse as Guest.
- You can manage Copilot in Windows by configuring the Group Policy `Computer Configuration\Administrative Templates\Microsoft Edge\Show Hubs Sidebar`.
## Office
- The advice in this guide does not apply to Office downloaded from the Microsoft Store.
- [Download](https://www.microsoft.com/en-us/download/details.aspx?id=49030) the corresponding Office policy and execute it to extract the files.
- Copy `(Extracted Files)\admx\(Your Office Apps).admx` to `C:\Windows\PolicyDefinitions`. Copy `(Extracted Files)\admx\(Your locale ID)\(Your Office Apps).adml` to `C:\Windows\PolicyDefinitions\(Your locale ID)`.
- You can track security baseline updates using [this](https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=Microsoft-Security-Baselines) RSS feed.
<details class="note" markdown>
<summary>Install and Activate Office 2021</summary>
You can buy and download [Office Home & Student 2021](https://go.microsoft.com/fwlink/?linkid=2022066), [Office Home & Business 2021](https://go.microsoft.com/fwlink/?linkid=2022187) or [Office Professional 2021](https://go.microsoft.com/fwlink/?linkid=2022071) online.
To install Office LTSC 2021, download the [Office Deployment Tool](https://www.microsoft.com/en-us/download/details.aspx?id=49117) and execute it to extract the files. Create and download a configuration file using the [Office Customization Tool](https://config.office.com/deploymentsettings). Copy `your-created-config-file.xml` to `(Extracted Files Folder)`. In `(Extracted Files Folder)`, execute the following command from an elevated command prompt:
```
setup /download your-created-config-file.xml
```
For Key Management Service (KMS) activation, execute the following command from an elevated command prompt:
```
cd "c:\Program Files\Microsoft Office\Office16"
cscript ospp.vbs /sethst:your.kms.server.here
cscript ospp.vbs /act
```
For Multiple Activation Key (MAK) activation, execute the following command from an elevated command prompt:
```
cd "c:\Program Files\Microsoft Office\Office16"
cscript ospp.vbs /inpkey:input-your-mak-key-here
cscript ospp.vbs /act
```
</details>
### Office Security
- [Download](https://www.microsoft.com/en-us/download/details.aspx?id=55319) the following files: `Microsoft 365 Apps for Enterprise 2306.zip` and `LGPO.zip`.Unzip both files. In `LGPO\LGPO_30`, copy `LGPO.exe` to `Microsoft 365 Apps for Enterprise 2306\Scripts\Tools`. In `Microsoft 365 Apps for Enterprise 2306\Scripts`, execute the following command from an elevated command prompt:
```
Set-ExecutionPolicy -Scope Process Unrestricted
.\Baseline-LocalInstall.ps1
```
- Office automatically updates itself. You can also update it manually in Start → (Your Office Apps) → File → Account → Update Options.
### Office Privacy
For diagnostic data, enable the Group Policy `User Configuration\Administrative Templates\Microsoft Office 2016\Privacy\Trust Center\Configure the level of client software diagnostic data sent by Office to Microsoft` and set the option to `Neither`.
For account data, enable the Group Policy `User Configuration\Administrative Templates\Microsoft Office 2016\Miscellaneous\Block signing into Office`.
<details class="info" markdown>
<summary>Microsoft 365</summary>
You cannot disable the subscription version of Office, Microsoft 365.
</details>
For required service data, disable the Group Policy `User Configuration\Administrative Templates\Microsoft Office 2016\Privacy\Trust Center\Allow the use of connected experiences in Office` and `User Configuration\Administrative Templates\Microsoft Office 2016\Privacy\Trust Center\Enable Customer Experience Improvement Program`.

View File

@@ -46,20 +46,6 @@ schema:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Proton Pass
image: /assets/img/password-management/protonpass.svg
url: https://proton.me/pass
applicationCategory: Password Manager
operatingSystem:
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
@@ -154,7 +140,7 @@ These password managers sync your passwords to a cloud server for easy accessibi
![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right }
**Bitwarden** is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.
**Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.
[:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" }
@@ -173,7 +159,6 @@ These password managers sync your passwords to a cloud server for easy accessibi
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
- [:simple-safari: Safari](https://apps.apple.com/us/app/bitwarden/id1352778147)
</details>
@@ -192,51 +177,13 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute }
### Proton Pass
<div class="admonition recommendation" markdown>
![Proton Pass logo](assets/img/password-management/protonpass.svg){ align=right }
Proton Pass is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](email.md#proton-mail). It securely stores your login credentials, generates unique email aliases, supports and stores passkeys, and offers a community-funded, Swiss-based service with strict data privacy laws.
[:octicons-home-16: Homepage](https://proton.me/pass){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/pass/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/pass){ .card-link title="Documentation"}
[:octicons-code-16:](https://github.com/protonpass){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=proton.android.pass)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/proton-pass-password-manager/id6443490629)
- [:simple-windows11: Windows](https://proton.me/pass/download)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/proton-pass)
- [:simple-googlechrome: Chrome](https://chromewebstore.google.com/detail/proton-pass-free-password/ghmbeldphafepmbegfdlkpapadhbakde)
- [:simple-microsoftedge: Edge](https://chromewebstore.google.com/detail/proton-pass-free-password/ghmbeldphafepmbegfdlkpapadhbakde)
- [:octicons-globe-16: Web](https://pass.proton.me)
</details>
</div>
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
Proton Pass currently doesn't have any "master password" functionality, which means that your vault is protected with the password for your Proton account and any of their supported [two factor authentication](basics/multi-factor-authentication.md) methods.
The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
All issues were addressed and fixed shortly after the [report](https://res.cloudinary.com/dbulfrlrz/images/v1707561557/wp-pme/Cure53-proton-pass-20230717/Cure53-proton-pass-20230717.pdf).
### 1Password
<div class="admonition recommendation" markdown>
![1Password logo](assets/img/password-management/1password.svg){ align=right }
**1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up). 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
**1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up). 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
[:octicons-home-16: Homepage](https://1password.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://1password.com/legal/privacy){ .card-link title="Privacy Policy" }
@@ -250,11 +197,6 @@ All issues were addressed and fixed shortly after the [report](https://res.cloud
- [:simple-windows11: Windows](https://1password.com/downloads/windows)
- [:simple-apple: macOS](https://1password.com/downloads/mac)
- [:simple-linux: Linux](https://1password.com/downloads/linux)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/1password-x-password-manager)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/1password-%E2%80%93-password-mana/aeblfdkhhhdcdjpifhhbdiojplfjncoa)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/dppgmdbiimibapkepcbdbmkaabgiofem)
- [:simple-safari: Safari](https://apps.apple.com/us/app/1password-for-safari/id1569813296)
- [:octicons-globe-16: Web](https://my.1password.com/signin)
</details>
@@ -395,13 +337,17 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/id1581589638). This version is stripped down in an attempt to reduce attack surface.
### gopass (CLI)
### Command-line
These products are minimal password managers that can be used within scripting applications.
#### gopass
<div class="admonition recommendation" markdown>
![gopass logo](assets/img/password-management/gopass.svg){ align=right }
**gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
**gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
[:octicons-home-16: Homepage](https://gopass.pw){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation}
@@ -420,7 +366,6 @@ Additionally, there is an offline-only version offered: [Strongbox Zero](https:/
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

View File

@@ -4,7 +4,6 @@ icon: material/file-sign
description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
cover: productivity.webp
---
<!-- markdownlint-disable MD024 -->
Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints.
## Collaboration Platforms

View File

@@ -89,7 +89,6 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
@@ -97,11 +96,16 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider.
</div>
Startpage is based in the Netherlands. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
## Criteria

View File

@@ -40,29 +40,37 @@ For more details about each project, why they were chosen, and additional tips o
[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md)
### Additional Resources
<div class="grid cards" markdown>
- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
- ![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ .twemoji } [uBlock Origin Lite](desktop-browsers.md#ublock-origin-lite)
</div>
[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources)
## Mobile Web Browsers
<div class="grid cards" markdown>
- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Android)](mobile-browsers.md#brave)
- ![Mull logo](assets/img/browsers/mull.svg){ .twemoji } [Mull (Android)](mobile-browsers.md#mull)
- ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](mobile-browsers.md#safari)
</div>
[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md)
## Browser Extensions
### Additional Resources
<div class="grid cards" markdown>
<div class="grid cards annotate" markdown>
- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](browser-extensions.md#ublock-origin)
- ![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ .twemoji } [uBlock Origin Lite](browser-extensions.md#ublock-origin-lite)
- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](browser-extensions.md#adguard)
- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard)
</div>
[Learn more :material-arrow-right-drop-circle:](browser-extensions.md)
[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md#adguard)
## Service Providers
@@ -72,7 +80,6 @@ For more details about each project, why they were chosen, and additional tips o
- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
- ![Tresorit logo](assets/img/cloud/tresorit.svg){ .twemoji } [Tresorit](cloud.md#tresorit)
- ![Peergos logo](assets/img/cloud/peergos.svg){ .twemoji } [Peergos](cloud.md#peergos)
</div>
@@ -383,13 +390,12 @@ For encrypting your operating system drive, we typically recommend using whichev
<div class="grid cards" markdown>
- ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](passwords.md#bitwarden)
- ![Proton Pass logo](assets/img/password-management/protonpass.svg){ .twemoji } [Proton Pass](passwords.md#proton-pass)
- ![1Password logo](assets/img/password-management/1password.svg){ .twemoji } [1Password](passwords.md#1password)
- ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono)
- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc)
- ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx-android)
- ![Strongbox logo](assets/img/password-management/strongbox.svg){ .twemoji } [Strongbox (iOS & macOS)](passwords.md#strongbox-ios-macos)
- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass (CLI)](passwords.md#gopass-cli)
- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass)
</div>
@@ -483,15 +489,6 @@ For encrypting your operating system drive, we typically recommend using whichev
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to utilize effectively.
### Alternative Networks
<div class="grid cards" markdown>
- ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](alternative-networks.md#tor)
</div>
### Device Integrity Verification
<div class="grid cards" markdown>

View File

@@ -1,7 +1,7 @@
---
meta_title: "Tor Browser and Network: Anonymous Web Browsing - Privacy Guides"
title: "Tor Browser"
icon: simple/torbrowser
title: "Tor Network"
icon: simple/torproject
description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship.
cover: tor.webp
schema:
@@ -23,10 +23,22 @@ schema:
url: "./"
---
**Tor** is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
[:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/core/tor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md){ .md-button }
## Connecting to Tor
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
@@ -40,7 +52,7 @@ Some of these apps are better than others, and again making a determination come
If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
### Tor Browser
<div class="admonition recommendation" markdown>
@@ -78,7 +90,7 @@ The Tor Browser is designed to prevent fingerprinting, or identifying you based
In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
## Orbot
### Orbot
<div class="admonition recommendation" markdown>
@@ -116,7 +128,7 @@ All versions are signed using the same signature so they should be compatible wi
</div>
## Onion Browser
### Onion Browser
<div class="admonition recommendation" markdown>
@@ -138,3 +150,35 @@ All versions are signed using the same signature so they should be compatible wi
</details>
</div>
## Relays and Bridges
### Snowflake
<div class="admonition recommendation" markdown>
![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
[:octicons-home-16: Homepage](https://snowflake.torproject.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
</details>
</div>
You can enable Snowflake in your browser by opening it in another tab and turning the switch on. You can leave it running in the background while you browse to contribute your connection. We don't recommend installing Snowflake as a browser extension; adding third-party extensions can increase your attack surface.
[Run Snowflake in your Browser :material-arrow-right-drop-circle:](https://snowflake.torproject.org/embed.html){ .md-button }
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
[^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html) and [Whonix's Stream Isolation documentation](https://whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.

View File

@@ -4,19 +4,26 @@ title: "VPN Services"
icon: material/vpn
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isnt out to spy on you.
cover: vpn.webp
global:
- [randomize-element, "table tbody"]
---
<!-- markdownlint-disable MD024 -->
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you.
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
<div class="grid cards" markdown>
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn)
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad)
</div>
<div class="admonition danger" markdown>
<p class="admonition-title">VPNs do not provide anonymity</p>
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
If you are looking for **anonymity**, you should use the Tor Browser.
If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
[Download Tor](https://torproject.org){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
@@ -26,13 +33,7 @@ If you are looking for **anonymity**, you should use the Tor Browser. If you're
## Recommended Providers
Our recommended providers use encryption, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
| Provider | Countries | WireGuard | Port Forwarding | IPv6 | Anonymous Payments
|---|---|---|---|---|---
| [Proton](#proton-vpn) | 91+ | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Partial Support | :material-alert-outline:{ .pg-orange } | Cash
| [IVPN](#ivpn) | 37+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero, Cash
| [Mullvad](#mullvad) | 41+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero, Cash
Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
### Proton VPN
@@ -60,12 +61,12 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have
</div>
#### :material-check:{ .pg-green } 91 Countries
#### :material-check:{ .pg-green } 88 Countries
Proton VPN has [servers in 91 countries](https://protonvpn.com/vpn-servers) or [5](https://protonvpn.com/support/how-to-create-free-vpn-account) if you use their [free plan](https://protonvpn.com/free-vpn/server).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
Proton VPN has [servers in 88 countries](https://protonvpn.com/vpn-servers) [or 5 if you use their free plan](https://protonvpn.com/free-vpn).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2024-04-02
1. Last checked: 2024-03-23
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@@ -87,15 +88,11 @@ Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://wiregua
Proton VPN [recommends](https://protonvpn.com/blog/wireguard) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols) for the protocol is not present in their Linux app.
#### :material-alert-outline:{ .pg-orange } No IPv6 Support
Proton VPN's servers are only compatible with IPv4. The Proton VPN applications will block all outgoing IPv6 traffic, so you don't have to worry about your IPv6 address being leaked, but you will not be able to connect to any IPv6-only sites, and you will not be able to connect to Proton VPN from an IPv6-only network.
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
#### :material-information-outline:{ .pg-orange } Censorship Circumvention
Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
@@ -105,11 +102,11 @@ Unfortunately it does not work very well in countries where sophisticated filter
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/app/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
#### :material-alert-outline:{ .pg-orange } Additional Notes
#### :material-information-outline:{ .pg-blue } Additional Functionality
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://torproject.org) for this purpose.
##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
@@ -119,7 +116,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
![IVPN logo](assets/img/vpn/ivpn.svg){ align=right }
**IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and does not offer a free trial.
**IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
[:octicons-home-16: Homepage](https://ivpn.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ivpn.net/privacy){ .card-link title="Privacy Policy" }
@@ -145,7 +142,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
IVPN has [servers in 37 countries](https://ivpn.net/status).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2024-04-02
1. Last checked: 2023-12-21
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@@ -167,15 +164,11 @@ IVPN supports the WireGuard® protocol. [WireGuard](https://wireguard.com) is a
IVPN [recommends](https://ivpn.net/wireguard) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://wireguard.com/install).
#### :material-information-outline:{ .pg-blue } IPv6 Support
IVPN allows you to [connect to services using IPv6](https://ivpn.net/knowledgebase/general/do-you-support-ipv6) but doesn't allow you to connect from a device using an IPv6 address.
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
IVPN previously supported port forwarding, but removed the option in [June 2023](https://ivpn.net/blog/gradual-removal-of-port-forwarding). Missing this feature could negatively impact certain applications, especially peer-to-peer applications like torrent clients.
#### :material-check:{ .pg-green } Anti-Censorship
#### :material-check:{ .pg-green } Censorship Circumvention
IVPN has obfuscation modes using the [v2ray](https://v2ray.com/en/index.html) project which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
@@ -183,9 +176,9 @@ IVPN has obfuscation modes using the [v2ray](https://v2ray.com/en/index.html) pr
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/app/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
#### :material-information-outline:{ .pg-blue } Additional Notes
#### :material-information-outline:{ .pg-blue } Additional Functionality
IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -193,7 +186,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not offer a free trial.
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -220,7 +213,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
Mullvad has [servers in 41 countries](https://mullvad.net/servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2024-04-02
1. Last checked: 2024-03-23
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@@ -252,13 +245,13 @@ Mullvad [recommends](https://mullvad.net/en/help/why-wireguard) the use of WireG
#### :material-check:{ .pg-green } IPv6 Support
Mullvad allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support) and connect from a device using an IPv6 address.
Mullvad allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support), as opposed to other providers which block IPv6 connections.
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
Mullvad previously supported port forwarding, but removed the option in [May 2023](https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports). Missing this feature could negatively impact certain applications, especially peer-to-peer applications like torrent clients.
#### :material-check:{ .pg-green } Anti-Censorship
#### :material-check:{ .pg-green } Censorship Circumvention
Mullvad has obfuscation an mode using [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) which may be useful in situations where VPN protocols like OpenVPN or Wireguard are blocked.
@@ -266,9 +259,9 @@ Mullvad has obfuscation an mode using [Shadowsocks with v2ray](https://mullvad.n
Mullvad has published [App Store](https://apps.apple.com/app/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
#### :material-information-outline:{ .pg-blue } Additional Notes
#### :material-information-outline:{ .pg-blue } Additional Functionality
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They use [ShadowSocks](https://shadowsocks.org) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22).
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They use [ShadowSocks](https://shadowsocks.org) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
## Criteria
@@ -294,6 +287,7 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi
**Best Case:**
- WireGuard and OpenVPN support.
- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.

View File

@@ -1,58 +1,41 @@
ANALYTICS_CONSENT_BODY="We collect anonymous statistics about your visits to help us improve the site. We do not track you across other websites. If you disable this, we will not know when you have visited our site. We will save a single cookie in your browser to remember your preference."
ANALYTICS_CONSENT_TITLE="Contribute anonymous statistics"
ANALYTICS_COOKIE_GITHUB="GitHub API"
ANALYTICS_COOKIE_UMAMI="Self-Hosted Analytics"
ANALYTICS_FEEDBACK_NEGATIVE_NAME="This page could be improved"
ANALYTICS_FEEDBACK_NEGATIVE_NOTE='Thanks for your feedback! If you want to let us know more, please leave a post on our <a href="https://discuss.privacyguides.net/c/site-development/7" target="_blank" rel="noopener">forum</a>.'
ANALYTICS_FEEDBACK_POSITIVE_NAME="This page was helpful"
ANALYTICS_FEEDBACK_POSITIVE_NOTE="Thanks for your feedback!"
ANALYTICS_FEEDBACK_TITLE="Was this page helpful?"
DESCRIPTION_HOMEPAGE="A socially motivated website which provides information about protecting your online data privacy and security."
FOOTER_ANALYTICS="Anonymous statistics preferences."
FOOTER_COPYRIGHT_AUTHOR="Privacy Guides and contributors."
FOOTER_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
FOOTER_NOTE="We do not make money from recommending certain products, and we do not use affiliate links."
HOMEPAGE_CTA_DESCRIPTION="It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know."
HOMEPAGE_DESCRIPTION="A socially motivated website which provides information about protecting your online data privacy and security."
HOMEPAGE_RSS_CHANGELOG_LINK="https://discuss.privacyguides.net/c/site-development/changelog/9.rss"
HOMEPAGE_RSS_CHANGELOG_TITLE="Privacy Guides release changelog"
HOMEPAGE_RSS_BLOG_LINK="https://blog.privacyguides.org/feed_rss_created.xml"
HOMEPAGE_RSS_BLOG_TITLE="Privacy Guides blog feed"
HOMEPAGE_RSS_STORIES_LINK="https://share.privacyguides.org/web-stories/feed/"
HOMEPAGE_RSS_STORIES_TITLE="Privacy Guides web stories feed"
HOMEPAGE_RSS_FORUM_LINK="https://discuss.privacyguides.net/latest.rss"
HOMEPAGE_RSS_FORUM_TITLE="Latest Privacy Guides forum topics"
NAV_ABOUT="About"
NAV_ADVANCED="Advanced"
NAV_ADVANCED_TOPICS="Advanced Topics"
NAV_BLOG="Blog"
NAV_CHANGELOG="Changelog"
NAV_CODE_OF_CONDUCT="Code of Conduct"
NAV_COMMUNITY="Community"
NAV_CONTRIBUTING="Contributing"
NAV_FORUM="Forum"
NAV_HOME="Home"
NAV_INTERNET_BROWSING="Internet Browsing"
NAV_KNOWLEDGE_BASE="Knowledge Base"
NAV_ONLINE_SERVICES="Online Services"
NAV_OPERATING_SYSTEMS="Operating Systems"
NAV_PROVIDERS="Providers"
NAV_RECOMMENDATIONS="Recommendations"
NAV_SOFTWARE="Software"
NAV_TECHNICAL_GUIDES="Technical Guides"
NAV_TECHNOLOGY_ESSENTIALS="Technology Essentials"
NAV_WRITING_GUIDE="Writing Guide"
SITE_DESCRIPTION="Privacy Guides is your central privacy and security resource to protect yourself online."
SITE_LANGUAGE="English"
SITE_LANGUAGE_ENGLISH="English"
LANG="English"
LANG_ENGLISH="English"
SITE_NAME="Privacy Guides"
SOCIAL_FORUM="Forum"
SOCIAL_GITHUB="GitHub"
SITE_DESCRIPTION="Privacy Guides is your central privacy and security resource to protect yourself online."
FOOTER_COPYRIGHT_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
FOOTER_COPYRIGHT_AFFILIATE="We do not make money from recommending certain products, and we do not use affiliate links."
FOOTER_COPYRIGHT_DATE="2019 - 2024 Privacy Guides and contributors."
FOOTER_COPYRIGHT_ICON='<span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="m245.83 214.87-33.22 17.28c-9.43-19.58-25.24-19.93-27.46-19.93-22.13 0-33.22 14.61-33.22 43.84 0 23.57 9.21 43.84 33.22 43.84 14.47 0 24.65-7.09 30.57-21.26l30.55 15.5c-6.17 11.51-25.69 38.98-65.1 38.98-22.6 0-73.96-10.32-73.96-77.05 0-58.69 43-77.06 72.63-77.06 30.72-.01 52.7 11.95 65.99 35.86zm143.05 0-32.78 17.28c-9.5-19.77-25.72-19.93-27.9-19.93-22.14 0-33.22 14.61-33.22 43.84 0 23.55 9.23 43.84 33.22 43.84 14.45 0 24.65-7.09 30.54-21.26l31 15.5c-2.1 3.75-21.39 38.98-65.09 38.98-22.69 0-73.96-9.87-73.96-77.05 0-58.67 42.97-77.06 72.63-77.06 30.71-.01 52.58 11.95 65.56 35.86zM247.56 8.05C104.74 8.05 0 123.11 0 256.05c0 138.49 113.6 248 247.56 248 129.93 0 248.44-100.87 248.44-248 0-137.87-106.62-248-248.44-248zm.87 450.81c-112.54 0-203.7-93.04-203.7-202.81 0-105.42 85.43-203.27 203.72-203.27 112.53 0 202.82 89.46 202.82 203.26-.01 121.69-99.68 202.82-202.84 202.82z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M314.9 194.4v101.4h-28.3v120.5h-77.1V295.9h-28.3V194.4c0-4.4 1.6-8.2 4.6-11.3 3.1-3.1 6.9-4.7 11.3-4.7H299c4.1 0 7.8 1.6 11.1 4.7 3.1 3.2 4.8 6.9 4.8 11.3zm-101.5-63.7c0-23.3 11.5-35 34.5-35s34.5 11.7 34.5 35c0 23-11.5 34.5-34.5 34.5s-34.5-11.5-34.5-34.5zM247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3zm94 144.3v42.5H162.1V197h180.3zm0 79.8v42.5H162.1v-42.5h180.3z"></path></svg></span>'
FOOTER_COPYRIGHT_LICENSE="Content license:"
FOOTER_COPYRIGHT="$FOOTER_COPYRIGHT_INTRO <br> $FOOTER_COPYRIGHT_AFFILIATE <br> &copy; $FOOTER_COPYRIGHT_DATE $FOOTER_COPYRIGHT_ICON $FOOTER_COPYRIGHT_LICENSE <a href='/license'><strong>CC BY-ND 4.0</strong></a>."
THEME_LIGHT="Switch to light mode"
THEME_DARK="Switch to dark mode"
THEME_AUTO="Switch to system theme"
DESCRIPTION_HOMEPAGE="A socially motivated website which provides information about protecting your online data privacy and security."
DESCRIPTION_TRANSLATION="You're viewing the $LANG copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!"
DESCRIPTION_TRANSLATION_CTA="Visit Crowdin"
SOCIAL_MASTODON="Mastodon"
SOCIAL_MATRIX="Matrix"
SOCIAL_FORUM="Forum"
SOCIAL_GITHUB="GitHub"
SOCIAL_TOR_SITE="Hidden service"
THEME_AUTO="Switch to system theme"
THEME_DARK="Switch to dark mode"
THEME_LIGHT="Switch to light mode"
TRANSLATION_NOTICE="You're viewing the $SITE_LANGUAGE copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!"
TRANSLATION_NOTICE_CTA="Visit Crowdin"
NAV_HOME="Home"
NAV_KNOWLEDGE_BASE="Knowledge Base"
NAV_TECHNOLOGY_ESSENTIALS="Technology Essentials"
NAV_OPERATING_SYSTEMS="Operating Systems"
NAV_ADVANCED_TOPICS="Advanced Topics"
NAV_RECOMMENDATIONS="Recommendations"
NAV_INTERNET_BROWSING="Internet Browsing"
NAV_PROVIDERS="Providers"
NAV_SOFTWARE="Software"
NAV_ADVANCED="Advanced"
NAV_ABOUT="About"
NAV_COMMUNITY="Community"
NAV_ONLINE_SERVICES="Online Services"
NAV_CODE_OF_CONDUCT="Code of Conduct"
NAV_CONTRIBUTING="Contributing"
NAV_WRITING_GUIDE="Writing Guide"
NAV_TECHNICAL_GUIDES="Technical Guides"
NAV_CHANGELOG="Changelog"
NAV_FORUM="Forum"
NAV_BLOG="Blog"

104
netlify.toml Normal file
View File

@@ -0,0 +1,104 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
[build]
publish = "site/"
command = "mkdocs build --config-file config/mkdocs.en.yml && cp -r static/* site/"
[context.production]
command = "rm -rf i18n-download || true && git clone https://github.com/privacyguides/i18n i18n-download && cp -rl i18n-download/i18n . && cp -rl i18n-download/includes . && cp -rl i18n-download/theme . && mkdocs build --config-file config/mkdocs.en.yml && mkdocs build --config-file config/mkdocs.es.yml && mkdocs build --config-file config/mkdocs.fr.yml && mkdocs build --config-file config/mkdocs.he.yml && mkdocs build --config-file config/mkdocs.it.yml && mkdocs build --config-file config/mkdocs.nl.yml && mkdocs build --config-file config/mkdocs.zh-Hant.yml && mkdocs build --config-file config/mkdocs.ru.yml && cp -r static/* site/"
[context.branch-deploy]
command = "crowdin download && for i in config/mkdocs.*.yml; do mkdocs build --config-file $i; done && cp -r static/* site/"
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "0"
X-Content-Type-Options = "nosniff"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none'"
Permissions-Policy = "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
[[headers]]
for = "/:lang/about/donate/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://opencollective.com https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com; frame-ancestors 'none'"
[[headers]]
for = "/:lang/tor/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://snowflake.torproject.org; frame-ancestors 'none'"
[[redirects]]
from = "/es/*"
to = "/i18n/404.es.html"
status = 404
[[redirects]]
from = "/fr/*"
to = "/i18n/404.fr.html"
status = 404
[[redirects]]
from = "/he/*"
to = "/i18n/404.he.html"
status = 404
[[redirects]]
from = "/it/*"
to = "/i18n/404.it.html"
status = 404
[[redirects]]
from = "/nl/*"
to = "/i18n/404.nl.html"
status = 404
[[redirects]]
from = "/zh-hant/*"
to = "/i18n/404.zh-Hant.html"
status = 404
[[redirects]]
from = "/ru/*"
to = "/i18n/404.ru.html"
status = 404
[[redirects]]
from = "/*"
to = "/i18n/404.en.html"
status = 404
[[plugins]]
package = "@netlify/plugin-lighthouse"
[[plugins.inputs.audits]]
path = "en"
[[plugins.inputs.audits]]
path = "en/tools"
[[plugins.inputs.audits]]
path = "en/basics/why-privacy-matters"
[[plugins.inputs.audits]]
path = "en/vpn"

89
static/_redirects Normal file
View File

@@ -0,0 +1,89 @@
# Copyright (c) 2023 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
/ /en/ 302 Language=en
/ /es/ 302 Language=es
/ /fr/ 302 Language=fr
/ /he/ 302 Language=he
/ /it/ 302 Language=it
/ /nl/ 302 Language=nl
/ /zh-hant/ 302 Language=zh-Hant
/ /ru/ 302 Language=ru
/ /en/ 302
/.well-known/matrix/* https://matrix.privacyguides.org/.well-known/matrix/:splat 200
/.well-known/* /well-known/:splat 200
/kb /en/basics/why-privacy-matters/
/:lang/kb /:lang/basics/why-privacy-matters/
/coc /en/CODE_OF_CONDUCT/
/license https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
/team /en/about/
/browsers /en/desktop-browsers/
/blog https://blog.privacyguides.org
/basics/dns-overview /en/advanced/dns-overview/
/basics/tor-overview /en/advanced/tor-overview/
/real-time-communication/communication-network-types /en/advanced/communication-network-types
/advanced/real-time-communication /en/advanced/communication-network-types
/android/overview /en/os/android-overview/
/linux-desktop/overview /en/os/linux-overview/
/android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
/ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
/linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
/linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
/advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
/real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
/advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
/advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
/operating-systems /en/desktop/
/threat-modeling /en/basics/threat-modeling/
/self-contained-networks /en/tor/
/privacy-policy /en/about/privacy-policy/
/metadata-removal-tools /en/data-redaction/
/basics /en/kb
/software/file-encryption /en/encryption/
/providers /en/tools/#service-providers
/software/calendar-contacts /en/calendar/
/calendar-contacts /en/calendar/
/software/metadata-removal-tools /en/data-redaction/
/contact /en/about/
/welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
/software/email /en/email-clients/
/providers/paste /en/tools/
/blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
/terms-and-notices /en/about/notices/
/software/networks /en/tor/
/social-news-aggregator /en/news-aggregators/
/basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
/linux-desktop /en/desktop/
/providers/:slug /en/:slug/
/software/:slug /en/:slug/
/blog/* https://blog.privacyguides.org/:splat
/assets/* /en/assets/:splat
/:slug/ /en/:slug/
/about/:slug/ /en/about/:slug/
/advanced/:slug/ /en/advanced/:slug/
/basics/:slug/ /en/basics/:slug/
/meta/:slug/ /en/meta/:slug/
/os/:slug/ /en/os/:slug/

24
static/i18n/404.en.html Normal file

File diff suppressed because one or more lines are too long

View File

@@ -0,0 +1,5 @@
Contact: mailto:jonah@triplebit.net
Expires: 2024-01-01T18:00:00.000Z
Preferred-Languages: en
Canonical: https://www.privacyguides.org/.well-known/security.txt
Policy: https://github.com/privacyguides/privacyguides.org/security/policy

View File

@@ -1 +0,0 @@
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.23559 0 0 .23559 1.8105e-7 .00017997)"><path d="m97.545 29.843s2.554-8.59 10.911-13c8.357-4.411 28.553-4.411 31.57-3.018 3.018 1.393 3.947 25.999 0 32.034-3.946 6.036-11.839 9.286-18.106 9.286-6.268 0-25.999-15.089-25.999-15.089z" fill="#e91e63"/><path d="m104.86 31.267s1.694-5.697 7.238-8.623c5.543-2.926 18.941-2.926 20.943-2.002s2.618 17.247 0 21.251-7.854 6.159-12.011 6.159c-4.158 0-17.248-10.009-17.248-10.009z" fill="#424242"/><path d="m46.206 29.843s-2.554-8.59-10.911-13c-8.356-4.411-28.553-4.411-31.57-3.018-3.018 1.393-3.946 25.999 0 32.034 3.946 6.036 11.839 9.286 18.106 9.286 6.268 0 25.999-15.089 25.999-15.089z" fill="#e91e63"/><path d="m38.888 31.267s-1.694-5.697-7.237-8.623c-5.544-2.926-18.941-2.926-20.943-2.002s-2.618 17.247 0 21.251 7.854 6.159 12.012 6.159 17.247-10.009 17.247-10.009z" fill="#424242"/></g><path d="m8.1036 7.1525s1.1318 0.00899 2.048 0.26551c0 0-2.3456 0.47637-4.178 1.6856 0 0 0.69618 0.036774 1.6126 0.18329 0 0-2.8064 2.0574-4.9931 5.1856 7.3768 1.4324 8.7289 9.3139 8.7289 9.3139 0.30485-0.48744 2.4372-1.9497 2.4372-1.9497 0.91786-10.59-0.71926-15.081-1.5827-16.652-1.5059 0.43396-2.9788 1.0762-4.0729 1.9677zm18.177 2.1344c0.91621-0.14654 1.6126-0.18329 1.6126-0.18329-1.8324-1.2093-4.1777-1.6856-4.1777-1.6856 0.91622-0.25656 2.048-0.26551 2.048-0.26551-1.0943-0.89148-2.567-1.5337-4.0731-1.9677-0.86343 1.5709-2.5006 6.0615-1.5827 16.652 0 0 2.1326 1.4623 2.4372 1.9497 0 0 1.3521-7.8815 8.7289-9.3139-2.1868-3.1279-4.9931-5.1856-4.9931-5.1856z" fill="#212121" stroke-width=".23559"/><g transform="matrix(.23559 0 0 .23559 1.8105e-7 .00017997)"><path d="m128.2 91.998c9.178-0.623 15.556 4.2 15.556 4.2-1.4-14.468-11.044-19.134-11.044-19.134 6.222 0.622 9.645 4.666 9.645 4.666-1.845-7.679-5.674-14.776-10.023-20.884 0.139 0.194 0.279 0.387 0.416 0.583-31.312 6.08-37.051 39.534-37.051 39.534-1.293-2.069-10.345-8.276-10.345-8.276-3.896-44.952 3.054-64.013 6.718-70.681-7.263-2.092-14.707-3.04-20.19-3.04-6.07 0-14.542 1.159-22.511 3.752 0.77-0.25 1.544-0.488 2.321-0.712 3.665 6.668 10.614 25.729 6.718 70.681 0 0-9.052 6.207-10.345 8.276 0 0-5.74-33.454-37.052-39.534 0.138-0.196 0.277-0.389 0.416-0.583-4.351 6.108-8.18 13.206-10.025 20.885 0 0 3.422-4.044 9.645-4.666 0 0-9.645 4.666-11.045 19.134 0 0 6.378-4.823 15.556-4.2 0 0-9.8 0.934-13.222 11.667 0 0 12.013-7.723 29.168-2.784 15.974 4.599 15.005 24.445 26.677 28.606 9.641 3.438 13.697-1.244 13.697-1.244s4.056 4.682 13.697 1.244c11.671-4.161 10.703-24.008 26.677-28.606 17.156-4.938 29.169 2.784 29.169 2.784-3.423-10.734-13.223-11.668-13.223-11.668z" fill="#e91e63"/><path d="m71.876 101.79c-10.66 0-15.61 4.697-15.61 4.697s10.557 14.105 15.61 14.352c5.053-0.247 15.61-14.352 15.61-14.352s-4.95-4.697-15.61-4.697z" fill="#212121"/><path d="m71.876 104.16c9.164 0 14.204 1.759 15.605 2.332l4e-3 -6e-3s-4.95-4.697-15.61-4.697-15.61 4.697-15.61 4.697l4e-3 6e-3c1.403-0.573 6.442-2.332 15.607-2.332z" fill="#424242"/><ellipse transform="matrix(.9602 -.2794 .2794 .9602 -15.818 30.286)" cx="98.317" cy="70.621" rx="10.771" ry="13.034" fill="#424242"/><circle cx="98.316" cy="69.891" r="6.81" fill="#332a24"/><circle cx="98.317" cy="69.891" r="4.375" fill="#4d4a47"/><circle cx="96.999" cy="68.527" r="1.761" fill="#fff"/><ellipse transform="matrix(-.9602 -.2794 .2794 -.9602 69.326 151.13)" cx="45.435" cy="70.621" rx="10.771" ry="13.034" fill="#424242"/><circle cx="45.435" cy="69.891" r="6.81" fill="#332a24"/><circle cx="45.435" cy="69.891" r="4.375" fill="#4d4a47"/><circle cx="44.117" cy="68.527" r="1.761" fill="#fff"/></g><path d="m30.064 21.674c2.1623-0.14678 3.6649 0.98948 3.6649 0.98948-0.32982-3.4085-2.6019-4.5078-2.6019-4.5078 1.4658 0.14654 2.2723 1.0993 2.2723 1.0993-0.421-1.7523-1.2819-3.3739-2.2664-4.7818 8.9e-4 -2.4e-4 0.0018-4.72e-4 0.0027-8.9e-4 -0.03223-0.04621-0.06527-0.09164-0.09801-0.13735 2.41e-4 2.32e-4 2.41e-4 4.72e-4 4.72e-4 7.04e-4 -0.38401-0.5395-0.78476-1.0463-1.1853-1.5148 1.1546-0.29802 2.322-0.98288 2.9981-2.0169 0.92988-1.4218 0.71101-7.219 0-7.5469-0.71101-0.32841-5.4688-0.32841-7.4376 0.71101-0.96545 0.50959-1.6006 1.255-1.9987 1.8833-0.59843-0.26056-1.2265-0.48343-1.8624-0.66672-1.7111-0.49286-3.4648-0.71619-4.7566-0.71619v25.744s0.95556 1.103 3.2269 0.29307c2.7496-0.98029 2.5215-5.6561 6.2849-6.7393 4.0418-1.1634 6.8717 0.65588 6.8717 0.65588-0.80642-2.5284-3.1155-2.7484-3.1155-2.7484z" fill="#5c4337" opacity=".1" stroke-width=".23559"/></svg>

Before

Width:  |  Height:  |  Size: 4.4 KiB

View File

@@ -1 +0,0 @@
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g fill="#26b99a"><rect class="cls-2" x="6.0734" y="30.393" width="21.72" height="3.4742" stroke-width="1.2679"/><polygon class="cls-2" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="13.73 13.61 23.67 13.61 25.36 31.59 12.03 31.59"/><polygon class="cls-2" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="21.68 9.2 21.68 8.29 19.7 8.29 19.7 9.2 17.7 9.2 17.7 8.29 15.72 8.29 15.72 9.2 13.72 9.2 13.72 8.29 11.74 8.29 11.74 9.2 11.74 10.27 11.74 11.61 25.66 11.61 25.66 10.27 25.66 9.2 25.66 8.29 23.68 8.29 23.68 9.2"/></g><g fill="#209e84"><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="23.67 13.61 25.66 11.61 11.74 11.61 13.73 13.61"/><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="25.36 30.91 27.26 32.26 10.13 32.26 12.03 30.91"/><g stroke-width="1.2679"><path class="cls-3" d="m20.186 17.269-0.90024-0.19019a2.3837 2.3837 0 0 0 0-0.48182v-0.97631a2.371 2.371 0 1 0-4.7421 0v0.97631 0.15215l-0.9256 0.0634v-0.21555-0.97631a3.2966 3.2966 0 1 1 6.5933 0v0.97631a3.2966 3.2966 0 0 1-0.02536 0.67201z"/><circle class="cls-3" cx="16.94" cy="18.55" r=".60861"/><path class="cls-3" d="m21.048 18.55a3.9687 3.9687 0 0 1-4.1081 3.9053 3.9306 3.9306 0 1 1 0-7.8359 3.9433 3.9433 0 0 1 4.1081 3.9306zm-6.8849 0a2.7768 2.7768 0 0 0 2.7895 2.7514 2.7514 2.7514 0 1 0-2.7895-2.7514z"/></g><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="19.03 23.96 18.81 23.24 18.56 23.24 18.36 23.96"/></g></svg>

Before

Width:  |  Height:  |  Size: 1.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 30 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 12 KiB

View File

@@ -1 +0,0 @@
<svg version="1.1" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.18818 0 0 .18818 -.18928 -.040985)"><circle cx="341.11" cy="340.32" r="340.1" fill="#1a1a1a"/><path d="m320.64 126.73v300.8h92.264v-207.92h75.803v-92.83h-75.803v-0.0508z" fill="#0ff"/><path d="m193.1 126.74v383.96h6e-3v43.543h295.82v-92.338h-202.74v-335.16z" fill="#f9f9f9"/></g></svg>

Before

Width:  |  Height:  |  Size: 384 B

View File

@@ -1,39 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="128px" height="128px" viewBox="0 0 128 128" version="1.1">
<defs>
<radialGradient id="radial0" gradientUnits="userSpaceOnUse" cx="0" cy="0" fx="0" fy="0" r="1" gradientTransform="matrix(56.396445,-90.752896,141.918875,88.192448,38.6304,130.494578)">
<stop offset="0" style="stop-color:rgb(100%,83.529412%,50.196078%);stop-opacity:1;"/>
<stop offset="0.09375" style="stop-color:rgb(96.470588%,77.254902%,57.254902%);stop-opacity:1;"/>
<stop offset="0.205" style="stop-color:rgb(92.156863%,71.372549%,63.529412%);stop-opacity:1;"/>
<stop offset="0.324466" style="stop-color:rgb(87.45098%,64.705882%,68.627451%);stop-opacity:1;"/>
<stop offset="0.42875" style="stop-color:rgb(82.745098%,59.215686%,74.509804%);stop-opacity:1;"/>
<stop offset="0.53375" style="stop-color:rgb(76.862745%,52.54902%,79.607843%);stop-opacity:1;"/>
<stop offset="0.64875" style="stop-color:rgb(70.980392%,47.058824%,85.098039%);stop-opacity:1;"/>
<stop offset="0.77125" style="stop-color:rgb(63.137255%,40%,89.803922%);stop-opacity:1;"/>
<stop offset="0.89125" style="stop-color:rgb(54.509804%,34.117647%,94.901961%);stop-opacity:1;"/>
<stop offset="1" style="stop-color:rgb(43.921569%,29.803922%,100%);stop-opacity:1;"/>
</radialGradient>
<linearGradient id="linear0" gradientUnits="userSpaceOnUse" x1="9.62492" y1="-7.14818" x2="16.6259" y2="35.5867" gradientTransform="matrix(3.555556,0,0,3.555556,0,0)">
<stop offset="0" style="stop-color:rgb(42.745098%,29.019608%,100%);stop-opacity:1;"/>
<stop offset="0.392009" style="stop-color:rgb(70.196078%,62.352941%,98.431373%);stop-opacity:0.976471;"/>
<stop offset="1" style="stop-color:rgb(100%,90.980392%,85.882353%);stop-opacity:0.8;"/>
</linearGradient>
<radialGradient id="radial1" gradientUnits="userSpaceOnUse" cx="0" cy="0" fx="0" fy="0" r="1" gradientTransform="matrix(45.362325,-72.996842,114.152316,70.937514,29.244693,117.483378)">
<stop offset="0" style="stop-color:rgb(100%,83.529412%,50.196078%);stop-opacity:1;"/>
<stop offset="0.09375" style="stop-color:rgb(96.470588%,77.254902%,57.254902%);stop-opacity:1;"/>
<stop offset="0.205" style="stop-color:rgb(92.156863%,71.372549%,63.529412%);stop-opacity:1;"/>
<stop offset="0.324466" style="stop-color:rgb(87.45098%,64.705882%,68.627451%);stop-opacity:1;"/>
<stop offset="0.42875" style="stop-color:rgb(82.745098%,59.215686%,74.509804%);stop-opacity:1;"/>
<stop offset="0.53375" style="stop-color:rgb(76.862745%,52.54902%,79.607843%);stop-opacity:1;"/>
<stop offset="0.64875" style="stop-color:rgb(70.980392%,47.058824%,85.098039%);stop-opacity:1;"/>
<stop offset="0.77125" style="stop-color:rgb(63.137255%,40%,89.803922%);stop-opacity:1;"/>
<stop offset="0.89125" style="stop-color:rgb(54.509804%,34.117647%,94.901961%);stop-opacity:1;"/>
<stop offset="1" style="stop-color:rgb(43.921569%,29.803922%,100%);stop-opacity:1;"/>
</radialGradient>
</defs>
<g id="surface1">
<path style=" stroke:none;fill-rule:nonzero;fill:url(#radial0);" d="M 38.492188 16.171875 C 47.417969 7.242188 51.882812 2.777344 57.03125 1.105469 C 61.5625 -0.367188 66.4375 -0.367188 70.96875 1.105469 C 76.117188 2.777344 80.582031 7.242188 89.507812 16.171875 L 111.828125 38.492188 C 120.757812 47.417969 125.222656 51.882812 126.894531 57.03125 C 128.367188 61.5625 128.367188 66.4375 126.894531 70.96875 C 125.222656 76.117188 120.757812 80.582031 111.828125 89.507812 L 89.507812 111.828125 C 80.582031 120.757812 76.117188 125.222656 70.96875 126.894531 C 66.4375 128.367188 61.5625 128.367188 57.03125 126.894531 C 51.882812 125.222656 47.417969 120.757812 38.492188 111.828125 L 34.292969 107.125 C 31.753906 104.277344 30.484375 102.855469 29.578125 101.234375 C 28.777344 99.800781 28.1875 98.253906 27.832031 96.648438 C 27.429688 94.835938 27.429688 92.929688 27.429688 89.113281 L 27.429688 38.886719 C 27.429688 35.070312 27.429688 33.164062 27.832031 31.351562 C 28.1875 29.746094 28.777344 28.199219 29.578125 26.765625 C 30.484375 25.144531 31.753906 23.722656 34.292969 20.875 Z M 38.492188 16.171875 "/>
<path style=" stroke:none;fill-rule:nonzero;fill:url(#linear0);" d="M 38.492188 16.171875 C 47.417969 7.242188 51.882812 2.777344 57.03125 1.105469 C 61.5625 -0.367188 66.4375 -0.367188 70.96875 1.105469 C 76.117188 2.777344 80.582031 7.242188 89.507812 16.171875 L 111.828125 38.492188 C 120.757812 47.417969 125.222656 51.882812 126.894531 57.03125 C 128.367188 61.5625 128.367188 66.4375 126.894531 70.96875 C 125.222656 76.117188 120.757812 80.582031 111.828125 89.507812 L 89.507812 111.828125 C 80.582031 120.757812 76.117188 125.222656 70.96875 126.894531 C 66.4375 128.367188 61.5625 128.367188 57.03125 126.894531 C 51.882812 125.222656 47.417969 120.757812 38.492188 111.828125 L 34.292969 107.125 C 31.753906 104.277344 30.484375 102.855469 29.578125 101.234375 C 28.777344 99.800781 28.1875 98.253906 27.832031 96.648438 C 27.429688 94.835938 27.429688 92.929688 27.429688 89.113281 L 27.429688 38.886719 C 27.429688 35.070312 27.429688 33.164062 27.832031 31.351562 C 28.1875 29.746094 28.777344 28.199219 29.578125 26.765625 C 30.484375 25.144531 31.753906 23.722656 34.292969 20.875 Z M 38.492188 16.171875 "/>
<path style=" stroke:none;fill-rule:nonzero;fill:url(#radial1);" d="M 36.894531 17.761719 C 41.359375 13.296875 43.59375 11.066406 46.167969 10.230469 C 48.433594 9.492188 50.871094 9.492188 53.132812 10.230469 C 55.707031 11.066406 57.941406 13.296875 62.40625 17.761719 L 95.886719 51.242188 C 100.351562 55.707031 102.582031 57.941406 103.421875 60.515625 C 104.15625 62.777344 104.15625 65.21875 103.421875 67.480469 C 102.582031 70.054688 100.351562 72.289062 95.886719 76.753906 L 62.40625 110.234375 C 57.941406 114.699219 55.707031 116.929688 53.132812 117.765625 C 50.871094 118.503906 48.433594 118.503906 46.167969 117.765625 C 43.59375 116.929688 41.359375 114.699219 36.894531 110.234375 L 16.171875 89.507812 C 7.242188 80.578125 2.777344 76.113281 1.105469 70.964844 C -0.367188 66.4375 -0.367188 61.558594 1.105469 57.03125 C 2.777344 51.882812 7.242188 47.417969 16.171875 38.488281 Z M 36.894531 17.761719 "/>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 6.0 KiB

View File

@@ -1,2 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 -263.13)"><g transform="matrix(.072143 0 0 .072143 -44.234 303.31)"><g transform="matrix(4.2693 0 0 4.2693 375.06 -875.07)"><g fill="#fff"><path d="m55.768 116.33h5.6254v26.531h-5.6254z"/><path d="m83.567 142.86h-18.761v-3.9469l6.7371-6.8105c1.9948-2.0436 3.2979-3.4605 3.9102-4.2498 0.61183-0.78977 1.0522-1.5205 1.3217-2.1937 0.26898-0.67315 0.4037-1.3705 0.4037-2.0928 0-1.0769-0.29639-1.8787-0.8901-2.405-0.59371-0.52589-1.3858-0.78929-2.3772-0.78929-1.0406 0-2.0501 0.23877-3.0289 0.71589-0.97976 0.47756-2.0013 1.1568-3.0661 2.0376l-3.0838-3.6528c1.3217-1.1261 2.4167-1.9214 3.2859-2.3865 0.86873-0.46502 1.8174-0.8232 2.8454-1.0741 1.0281-0.25087 2.1783-0.3763 3.4512-0.3763 1.6766 0 3.1576 0.30615 4.4426 0.91798 1.285 0.61229 2.2824 1.4685 2.9922 2.57 0.70938 1.1015 1.0648 2.3623 1.0648 3.7815 0 1.2367-0.21742 2.3958-0.65178 3.4791-0.43437 1.0829-1.1075 2.1936-2.0195 3.3318-0.91147 1.1382-2.5179 2.76-4.8189 4.8644l-3.4512 3.2496v0.2569h11.694z"/><path d="m92.214 128.81h1.8508c1.73 0 3.0243-0.34145 3.8837-1.0253 0.85851-0.68337 1.2882-1.6785 1.2882-2.9853 0-1.3184-0.36003-2.2922-1.0796-2.9216-0.72008-0.62854-1.8485-0.94352-3.3843-0.94352h-2.5588zm12.703-4.2103c0 2.8557-0.89243 5.0391-2.6768 6.5513-1.7848 1.5126-4.3223 2.2684-7.6128 2.2684h-2.4134v9.4362h-5.6254v-26.531h8.4746c3.218 0 5.6644 0.69266 7.3406 2.078 1.6752 1.3853 2.5133 3.4508 2.5133 6.1968"/></g><path d="m121.18 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m121.18 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m136.03 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#e15647"/><path d="m136.03 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m150.88 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m150.88 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m165.73 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m165.73 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#e15647"/></g></g></g></svg>

Before

Width:  |  Height:  |  Size: 3.0 KiB

View File

@@ -1,2 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 -263.13)"><g transform="matrix(.072143 0 0 .072143 -44.234 303.31)"><g transform="matrix(4.2693 0 0 4.2693 375.06 -875.07)"><g fill="#231f20"><path d="m55.768 116.33h5.6254v26.531h-5.6254z"/><path d="m83.567 142.86h-18.761v-3.9469l6.7371-6.8105c1.9948-2.0436 3.2979-3.4605 3.9102-4.2498 0.61183-0.78977 1.0522-1.5205 1.3217-2.1937 0.26898-0.67315 0.4037-1.3705 0.4037-2.0928 0-1.0769-0.29639-1.8787-0.8901-2.405-0.59371-0.52589-1.3858-0.78929-2.3772-0.78929-1.0406 0-2.0501 0.23877-3.0289 0.71589-0.97976 0.47756-2.0013 1.1568-3.0661 2.0376l-3.0838-3.6528c1.3217-1.1261 2.4167-1.9214 3.2859-2.3865 0.86873-0.46502 1.8174-0.8232 2.8454-1.0741 1.0281-0.25087 2.1783-0.3763 3.4512-0.3763 1.6766 0 3.1576 0.30615 4.4426 0.91798 1.285 0.61229 2.2824 1.4685 2.9922 2.57 0.70938 1.1015 1.0648 2.3623 1.0648 3.7815 0 1.2367-0.21742 2.3958-0.65178 3.4791-0.43437 1.0829-1.1075 2.1936-2.0195 3.3318-0.91147 1.1382-2.5179 2.76-4.8189 4.8644l-3.4512 3.2496v0.2569h11.694z"/><path d="m92.214 128.81h1.8508c1.73 0 3.0243-0.34145 3.8837-1.0253 0.85851-0.68337 1.2882-1.6785 1.2882-2.9853 0-1.3184-0.36003-2.2922-1.0796-2.9216-0.72008-0.62854-1.8485-0.94352-3.3843-0.94352h-2.5588zm12.703-4.2103c0 2.8557-0.89243 5.0391-2.6768 6.5513-1.7848 1.5126-4.3223 2.2684-7.6128 2.2684h-2.4134v9.4362h-5.6254v-26.531h8.4746c3.218 0 5.6644 0.69266 7.3406 2.078 1.6752 1.3853 2.5133 3.4508 2.5133 6.1968"/></g><path d="m121.18 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m121.18 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m136.03 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#e15647"/><path d="m136.03 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m150.88 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#ffc434"/><path d="m150.88 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m165.73 137.1c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#60ab60"/><path d="m165.73 122.25c0-3.4494-2.7962-6.2456-6.2456-6.2456-3.4494 0-6.2456 2.7962-6.2456 6.2456 0 3.4494 2.7962 6.2456 6.2456 6.2456 3.4494 0 6.2456-2.7962 6.2456-6.2456" fill="#e15647"/></g></g></g></svg>

Before

Width:  |  Height:  |  Size: 3.0 KiB

Some files were not shown because too many files have changed in this diff Show More