update: Privacy Notes section of iOS Overview (#2817)

Signed-off-by: blacklight447 <niek@privacyguides.org>
Signed-off-by: Jonah Aragon <jonah@privacyguides.org>

.github/workflows/build-blog.yml

@@ -65,6 +65,10 @@ jobs:
         with:
           cache: "pipenv"
 
+      - name: Install Python (no pipenv)
+        if: ${{ !inputs.privileged }}
+        uses: actions/setup-python@v5
+
       - name: Install Python Dependencies
         if: inputs.privileged
         run: |
@@ -72,10 +76,22 @@ jobs:
           pipenv install
           sudo apt install pngquant
 
-      - name: Build Website
+      - name: Install Python Dependencies (Unprivileged)
+        if: ${{ !inputs.privileged }}
+        run: |
+          pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
+          sudo apt install pngquant
+
+      - name: Build Website (Privileged)
+        if: inputs.privileged
         run: |
           pipenv run mkdocs build --config-file mkdocs.blog.yml
 
+      - name: Build Website (Unprivileged)
+        if: ${{ !inputs.privileged }}
+        run: |
+          BUILD_INSIDERS=false mkdocs build --config-file mkdocs.blog.yml
+
       - name: Package Website
         run: |
           tar -czf site-build-blog.tar.gz site

.github/workflows/build-pr.yml

@@ -19,12 +19,19 @@ jobs:
     env:
       ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
     steps:
+      - name: Save PR metadata
+        run: |
+          mkdir -p ./metadata
+          echo ${{ github.event.number }} > ./metadata/NR
+          echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA
+
       - name: Set submodules for fork
         if: env.ACTIONS_SSH_KEY == ''
         id: submodules-fork
         run: |
           echo 'submodules={"repo":["brand","i18n"]}' >> "$GITHUB_OUTPUT"
           echo "privileged=false" >> "$GITHUB_OUTPUT"
+          echo "false" > ./metadata/PRIVILEGED
 
       - name: Set submodules for main repo
         if: env.ACTIONS_SSH_KEY != ''
@@ -32,12 +39,7 @@ jobs:
         run: |
           echo 'submodules={"repo":["brand","i18n","mkdocs-material-insiders"]}' >> "$GITHUB_OUTPUT"
           echo "privileged=true" >> "$GITHUB_OUTPUT"
-
-      - name: Save PR metadata
-        run: |
-          mkdir -p ./metadata
-          echo ${{ github.event.number }} > ./metadata/NR
-          echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA
+          echo "true" > ./metadata/PRIVILEGED
 
       - name: Upload metadata as artifact
         uses: actions/upload-artifact@v4

.github/workflows/publish-pr.yml

@@ -22,6 +22,7 @@ jobs:
     outputs:
       pr_number: ${{ steps.metadata.outputs.pr_number }}
       sha: ${{ steps.metadata.outputs.sha }}
+      privileged: ${{ steps.metadata.outputs.privileged }}
 
     steps:
       - name: Download Website Build Artifact
@@ -86,6 +87,7 @@ jobs:
           unzip metadata.zip -d metadata
           echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT"
           echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
+          echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT"
 
   deploy_netlify:
     needs: metadata
@@ -122,6 +124,7 @@ jobs:
       address: ${{ needs.deploy_garage.outputs.address }}
     steps:
       - uses: thollander/actions-comment-pull-request@v2.5.0
+        if: ${{ needs.metadata.outputs.privileged == 'true' }}
         with:
           pr_number: ${{ needs.metadata.outputs.pr_number }}
           message: |
@@ -132,3 +135,19 @@ jobs:
             | <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
             | <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
           comment_tag: deployment
+
+      - uses: thollander/actions-comment-pull-request@v2.5.0
+        if: ${{ needs.metadata.outputs.privileged == 'false' }}
+        with:
+          pr_number: ${{ needs.metadata.outputs.pr_number }}
+          message: |
+            ### <span aria-hidden="true">✅</span> Your preview is ready!
+
+            |  Name | Link |
+            | :---: | ---- |
+            | <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
+            | <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
+
+            Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features.
+            Maintainers should ensure this PR has been reviewed locally with a full build before merging.
+          comment_tag: deployment

blog/.authors.yml

@@ -51,3 +51,7 @@ authors:
     name: Sam Howell
     description: Guest Contributor
     avatar: https://gitlab.com/uploads/-/system/user/avatar/5349522/avatar.png
+  fria:
+    name: fria
+    description: Team Member
+    avatar: https://github.com/friadev.png

blog/posts/where-are-all-the-mprs.md

@@ -0,0 +1,58 @@
+---
+date:
+    created: 2024-11-17
+categories:
+    - Opinion
+authors:
+    - fria
+tags:
+    - MPR
+    - VPN
+license: BY-SA
+---
+# Where are all the Multi-Party Relays?
+
+Multi-Party Relays (MPRs) are a technology that aims to provide better privacy protections than VPNs do. MPRs showed a lot of promise when they first emerged, but years later there are fewer options than ever. What happened?<!-- more -->
+
+## Traditional VPNs
+
+The original purpose of Virtual Private Networks (VPNs) was to access a network privately when you're not physically there, with encryption in between, so you can securely access your files or manage your network from wherever you are. It extends the security you'd expect from being physically at your LAN to anywhere you are.
+
+[Commercial VPNs](https://www.privacyguides.org/en/basics/vpn-overview) like Proton VPN use this technology to allow you to connect to *their* network, and then connect to your destination. This keeps sites and services you connect to from knowing your real IP address and using it as a metric to track you. But there's a problem here: you now need to fully trust your VPN provider in the same way you need to trust your ISP with all your internet traffic. This "shifting trust" problem has haunted VPNs for as long as they've been marketed as a privacy product. It's clear that a better solution is needed.
+
+## The Alternative: Tor
+
+Mix networks like [Tor](https://www.privacyguides.org/en/advanced/tor-overview) have solved this problem by decoupling the sender from the destination. No relay along the path has all the information: the entry (or *guard*) relay knows who you are but not where you're going, the middle relay knows the other two relays, and the exit relay knows the destination but not the sender. There's also separate encryption between each relay.
+
+<figure markdown>
+  ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](https://www.privacyguides.org/en/assets/img/how-tor-works/tor-path.svg#only-light)
+  ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](https://www.privacyguides.org/en/assets/img/how-tor-works/tor-path-dark.svg#only-dark)
+  <figcaption>Tor circuit pathway</figcaption>
+</figure>
+
+Tor provides great privacy properties, but the relays are run by volunteers, so they can be extremely slow and unreliable. Anyone who's tried to download a file while connected to Tor knows how painful it can be. Even normal browsing can be slow, with potentially minutes collectively wasted on loading times in any given browsing session. Tor is hands down the most private way to [browse the web](https://www.privacyguides.org/en/tor), and if your threat model calls for it there is no substitute. But for VPN users who want better privacy, an obvious next step is a paid solution where you have access to fast and reliable servers like on a VPN, and *also* separation between who you are and what you're connecting to.
+
+## A Solution: Multi-Party Relays
+
+Enter Multi-Party Relays. Services like iCloud Private Relay and (the unfortunately discontinued) INVISV Multi-Party Relay take inspiration from mix networks like Tor and separate the sender from the destination using two relays operated by different parties, as the name implies. There's separate encryption between each relay as well. MPRs *do* require you to trust that the two parties don't collaborate to correlate your traffic, so keep that in mind.
+
+Typically, the first relay is controlled by the provider (either Apple or INVISV in the previous examples), and the second relay is controlled by another company such as Fastly or Cloudflare. These are big names, so you won't need to worry about reliability.
+
+<figure markdown>
+  ![A diagram showing how your IP address is known to your ISP and Apple, and the server you're accessing is known to Cloudflare and the destination, in the case of iCloud Private Relay](../assets/images/where-are-all-the-mprs/icloud-private-relay.png)
+  <figcaption>source: <a href="https://blog.cloudflare.com/icloud-private-relay/">blog.cloudflare.com</a></figcaption>
+</figure>
+
+They also provide *speed*. Private Relay uses the QUIC protocol and as a result it's lightning fast. You wouldn't even know you were connecting to two servers in between your cat videos. The reliability is so good that I forget I even have it on. It even integrates with Safari and gives you a different IP address for different websites, similar to Tor's stream isolation.
+
+So why haven't MPRs taken off? INVISV's Pretty Good Phone Privacy service never seemed to make it out of [beta](https://invisv.com/pgpp/#pgpp-release-notes). INVISV [partnered](https://invisv.com/articles/vivaldi-privacy-guard) with Vivaldi, but I can't seem to find any mention of it in the Vivaldi settings or on their website outside of the original [announcement](https://vivaldi.com/blog/desktop/privacy-guard-your-privacy-matters-vivaldi-browser-snapshot-3319-12/). INVISV ultimately [shut down](https://invisv.com/articles/service_shutdown.html) their service back in June. I hope to see more from them in the future because they were providing something that currently isn't possible to get anymore on Android.
+
+That leaves [iCloud Private Relay](https://support.apple.com/en-us/102602) as the only commercial offering that I'm aware of, but it's limited to Apple devices only. Great for Apple users, but everyone else is left high and dry. As is Apple's way, they didn't want any extra inconvenience from using their service, so they restrict you to your real country and timezone. You don't have the same freedom to choose a server wherever in the world you want like a [traditional VPN service](https://www.privacyguides.org/en/vpn) would allow.
+
+There is one more honorary mention: [OHTTP](https://blog.cloudflare.com/stronger-than-a-promise-proving-oblivious-http-privacy-properties). It's a new protocol with a design based on the same principles as those of MPRs: two servers, a relay and a gateway, that decouple the sender from the destination. It's already seeing use by large companies to maintain user privacy for things like Google's Safe Browsing and Apple's new Safari Highlights feature. Unfortunately, it's not quite comparable to MPRs. According to Cloudflare:
+
+> OHTTP is not a general purpose proxy protocol: it's fit for purpose, aimed at transactional interactions between clients and servers (such as app-level APIs).
+
+So it can't cover all the traffic on your device. Still, it's a promising protocol and I hope it becomes more widespread.
+
+It really is a shame to see such a promising technology go so underutilized. Perhaps VPN companies could make their own MPR product and fill the gap in the market. Only time will tell.

docs/os/ios-overview.md

@@ -21,9 +21,15 @@ The only source for apps on iOS is Apple's App Store, which requires an Apple Ac
 
 ### Invasive Telemetry
 
-Apple has historically had problems with properly anonymizing their telemetry on iOS. [In 2019](https://theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings), Apple was found to transmit Siri recordings—some containing highly confidential information—to their servers for manual review by third-party contractors. While they temporarily stopped that program after that practice was [widely reported on](https://theverge.com/2019/8/23/20830120/apple-contractors-siri-recordings-listening-1000-a-day-globetech-microsoft-cortana), the problem wasn't completely resolved [until 2021](https://theguardian.com/technology/2021/jun/07/apple-overhauls-siri-to-address-privacy-concerns-and-improve-performance).
+Apple has historically had problems with properly disassociating their telemetry from Apple Accounts on iOS. In [2019](https://theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings), Apple was found to transmit Siri recordings—some containing highly confidential information—to their servers for manual review by third-party contractors. Though Apple temporarily stopped that program after that practice was [widely reported on](https://theverge.com/2019/8/23/20830120/apple-contractors-siri-recordings-listening-1000-a-day-globetech-microsoft-cortana), the company rolled out a switch to [**opt out** of uploading conversations with Siri](https://theguardian.com/technology/2019/oct/30/apple-lets-users-opt-out-of-having-siri-conversations-recorded) a few months later in the succeeding iOS update. Moreover, in 2021, [Apple reworked Siri](https://theguardian.com/technology/2021/jun/07/apple-overhauls-siri-to-address-privacy-concerns-and-improve-performance) so that it processes voice recordings locally rather than sending it to their servers.
 
-More recently, Apple has been found to [transmit analytics even when analytics sharing is disabled](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558) on iOS, and this data [appears](https://twitter.com/mysk_co/status/1594515229915979776) to be easily linked to unique iCloud account identifiers despite supposedly being anonymous.
+More recently, Apple has been found to transmit analytics [even when analytics sharing is disabled](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558) on iOS, and this data [appears](https://twitter.com/mysk_co/status/1594515229915979776) to be easily linked to unique iCloud account identifiers despite supposedly being decoupled from Apple Accounts.
+
+### Traffic Outside Active VPN Connections
+
+Apple's [privacy policy regarding VPNs](https://apple.com/legal/privacy/data/en/vpns) states:
+
+> Even when a VPN is active, some traffic that is necessary for essential system services will take place outside the VPN so that your device can function properly.
 
 ## Recommended Configuration
 

docs/passwords.md

@@ -228,8 +228,6 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
 
 With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
 
-Proton Pass currently doesn't have any "master password" functionality, which means that your vault is protected with the password for your Proton account and any of their supported [two factor authentication](basics/multi-factor-authentication.md) methods.
-
 The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
 
 > Proton Pass apps and components leave a rather positive impression in terms of security.

docs/real-time-communication.md

@@ -39,6 +39,7 @@ These messengers are great for securing your sensitive communications.
 
 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
 - [:simple-appstore: App Store](https://apps.apple.com/app/id874139669)
+- [:simple-github: GitHub](https://github.com/signalapp/Signal-Android/releases)
 - [:simple-android: Android](https://signal.org/android/apk)
 - [:fontawesome-brands-windows: Windows](https://signal.org/download/windows)
 - [:simple-apple: macOS](https://signal.org/download/macos)