privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-24 20:31:05 +00:00
Code Issues Activity

Compare commits

base: privacyguides:35dc235a9d95620e85ff7f02a07508f760d1ac99
Branches Tags
privacyguides:main privacyguides:mullvad-leta privacyguides:peekyou-optout-link privacyguides:brave-v8-renamed privacyguides:self-hosting-pt-2 privacyguides:libretranslate privacyguides:send-and-instances privacyguides:EmAtPrivacyGuides-patch-1 privacyguides:ltex-vscode privacyguides:emphasize-docs privacyguides:kpham42-getting-started-publishing privacyguides:android-user-profiles privacyguides:kpham42-getting-started-targeted-attacks privacyguides:kpham42-getting-started-section-mass-surveillance privacyguides:kpham42-getting-started-big-tech-patch privacyguides:blacklight447-patch-2 privacyguides:recall privacyguides:revert-2790 privacyguides:brave-tor-windows privacyguides:getting-started-section privacyguides:ai-chat-cloud privacyguides:simplex-group privacyguides:pr-add_windscribe privacyguides:blacklight447-patch-1 privacyguides:volunteer-policies privacyguides:russian-service-providers privacyguides:signal-desktop privacyguides:jonaharagon/remove-nitrokey privacyguides:jonaharagon/security-keys privacyguides:jonaharagon/fingerprinting privacyguides:jonaharagon/remove-startpage privacyguides:all-contributors/add-lamtrinhdev privacyguides:magic privacyguides:pr-add_vanadium privacyguides:all-contributors/add-dzenan privacyguides:all-contributors/add-merlinscholz privacyguides:all-contributors/add-paulverbeke privacyguides:all-contributors/add-rollsicecream privacyguides:all-contributors/add-redoomed1 privacyguides:all-contributors/add-PoorPocketsMcNewHold privacyguides:all-contributors/add-r2fo privacyguides:all-contributors/add-dioxias privacyguides:all-contributors/add-ph00lt0 privacyguides:production privacyguides:jonaharagon/remove-standard-notes privacyguides:blacklight447-ptio-patch-5 privacyguides:mfmyfw-pr-info privacyguides:mfmyfw-pr-mac privacyguides:blacklight447-ptio-patch-4 privacyguides:blacklight447-ptio-patch-3 privacyguides:pr/1659 privacyguides:jonaharagon/voip privacyguides:pr-Revolut privacyguides:pr-libredirect privacyguides:health
privacyguides:2025.07.22 privacyguides:2025.06.03 privacyguides:2025.05.04 privacyguides:2025.04.15 privacyguides:2025.03.17 privacyguides:2025.03.13 privacyguides:2025.03.05 privacyguides:2025.02.14 privacyguides:2025.02.07 privacyguides:2025.01.25 privacyguides:2025.01.17 privacyguides:2024.12.25 privacyguides:2024.12.14 privacyguides:2024.11.30 privacyguides:2024.11.26 privacyguides:2024.11.17 privacyguides:2024.11.14 privacyguides:2024.11.11 privacyguides:2024.10.28-8f7de57 privacyguides:2024.10.28 privacyguides:2024.09.08 privacyguides:2024.08.21 privacyguides:2024.08.19 privacyguides:2024.08.05 privacyguides:2024.08.01 privacyguides:2024.07.29-a58f090 privacyguides:2024.07.29 privacyguides:2024.07.28 privacyguides:2024.07.21 privacyguides:2024.07.15 privacyguides:2024.07.14 privacyguides:2024.06.01 privacyguides:2024.05.31 privacyguides:2024.05.22 privacyguides:2024.05.20 privacyguides:2024.04.16 privacyguides:2024.04.14 privacyguides:2024.04.11 privacyguides:2024.04.10 privacyguides:2024.04.08-a1b01b8b privacyguides:2024.04.08 privacyguides:2024.04.02 privacyguides:2024.03.31-82ab189d privacyguides:2024.03.31 privacyguides:v3.22 privacyguides:v3.21 privacyguides:v3.20.1 privacyguides:v3.20 privacyguides:v3.19 privacyguides:v3.18 privacyguides:v3.17 privacyguides:v3.16 privacyguides:v3.15 privacyguides:v3.14 privacyguides:v3.13 privacyguides:v3.12.2 privacyguides:v3.12.1 privacyguides:v3.12 privacyguides:v3.11.1 privacyguides:v3.11 privacyguides:v3.10 privacyguides:v3.9.2 privacyguides:v3.9.1 privacyguides:v3.9 privacyguides:v3.8 privacyguides:v3.7 privacyguides:v3.6.1 privacyguides:v3.6 privacyguides:v3.5 privacyguides:v3.4 privacyguides:v3.3 privacyguides:v3.2 privacyguides:v3.1 privacyguides:v3.0 privacyguides:v2.33 privacyguides:v2.32 privacyguides:v2.31 privacyguides:v2.30 privacyguides:v2.29 privacyguides:v2.28 privacyguides:v2.27.1 privacyguides:v2.27 privacyguides:v2.26 privacyguides:v2.25 privacyguides:v2.24 privacyguides:v2.23.1 privacyguides:v2.23 privacyguides:v2.22 privacyguides:v2.21 privacyguides:v2.20 privacyguides:v2.19.3 privacyguides:v2.19.2 privacyguides:v2.19.1 privacyguides:v2.19 privacyguides:v2.18 privacyguides:v2.17.4 privacyguides:v2.17.3 privacyguides:v2.17.2 privacyguides:v2.17.1 privacyguides:v2.17 privacyguides:v2.16.1 privacyguides:v2.16 privacyguides:v2.15 privacyguides:v2.14.2 privacyguides:v2.14.1 privacyguides:v2.14.0 privacyguides:v2.13.0 privacyguides:v2.12.1 privacyguides:v2.12.0 privacyguides:v2.11.1 privacyguides:v2.11.0 privacyguides:v2.10.0 privacyguides:v2.9.1 privacyguides:v2.9.0 privacyguides:v2.8.0 privacyguides:v2.7.1 privacyguides:v2.7.0 privacyguides:v2.6.2 privacyguides:v2.6.1 privacyguides:v2.6.0 privacyguides:v2.5.2 privacyguides:v2.5.1 privacyguides:v2.5.0 privacyguides:v2.4.20 privacyguides:v2.4.19 privacyguides:v2.4.18 privacyguides:v2.4.17 privacyguides:v2.4.16 privacyguides:v2.4.15 privacyguides:v2.4.14 privacyguides:v2.4.13 privacyguides:v2.4.12 privacyguides:v2.4.11 privacyguides:v2.4.10 privacyguides:v2.4.9 privacyguides:v2.4.8 privacyguides:v2.4.7 privacyguides:v2.4.6 privacyguides:v2.4.5 privacyguides:v2.4.4 privacyguides:v2.4.3 privacyguides:v2.4.2 privacyguides:v2.4.1 privacyguides:v2.4.0 privacyguides:v2.3.5 privacyguides:v2.3.4 privacyguides:v2.3.3 privacyguides:v2.3.2 privacyguides:v2.3.1 privacyguides:v2.3.0 privacyguides:v2.2.0 privacyguides:v2.1.2 privacyguides:v2.1.1 privacyguides:v2.1.0 privacyguides:v2.0.2 privacyguides:v2.0.1 privacyguides:v2.0.0 privacyguides:v1.0.0
...
compare: privacyguides:2024.04.11
Branches Tags
privacyguides:main privacyguides:mullvad-leta privacyguides:peekyou-optout-link privacyguides:brave-v8-renamed privacyguides:self-hosting-pt-2 privacyguides:libretranslate privacyguides:send-and-instances privacyguides:EmAtPrivacyGuides-patch-1 privacyguides:ltex-vscode privacyguides:emphasize-docs privacyguides:kpham42-getting-started-publishing privacyguides:android-user-profiles privacyguides:kpham42-getting-started-targeted-attacks privacyguides:kpham42-getting-started-section-mass-surveillance privacyguides:kpham42-getting-started-big-tech-patch privacyguides:blacklight447-patch-2 privacyguides:recall privacyguides:revert-2790 privacyguides:brave-tor-windows privacyguides:getting-started-section privacyguides:ai-chat-cloud privacyguides:simplex-group privacyguides:pr-add_windscribe privacyguides:blacklight447-patch-1 privacyguides:volunteer-policies privacyguides:russian-service-providers privacyguides:signal-desktop privacyguides:jonaharagon/remove-nitrokey privacyguides:jonaharagon/security-keys privacyguides:jonaharagon/fingerprinting privacyguides:jonaharagon/remove-startpage privacyguides:all-contributors/add-lamtrinhdev privacyguides:magic privacyguides:pr-add_vanadium privacyguides:all-contributors/add-dzenan privacyguides:all-contributors/add-merlinscholz privacyguides:all-contributors/add-paulverbeke privacyguides:all-contributors/add-rollsicecream privacyguides:all-contributors/add-redoomed1 privacyguides:all-contributors/add-PoorPocketsMcNewHold privacyguides:all-contributors/add-r2fo privacyguides:all-contributors/add-dioxias privacyguides:all-contributors/add-ph00lt0 privacyguides:production privacyguides:jonaharagon/remove-standard-notes privacyguides:blacklight447-ptio-patch-5 privacyguides:mfmyfw-pr-info privacyguides:mfmyfw-pr-mac privacyguides:blacklight447-ptio-patch-4 privacyguides:blacklight447-ptio-patch-3 privacyguides:pr/1659 privacyguides:jonaharagon/voip privacyguides:pr-Revolut privacyguides:pr-libredirect privacyguides:health
privacyguides:2025.07.22 privacyguides:2025.06.03 privacyguides:2025.05.04 privacyguides:2025.04.15 privacyguides:2025.03.17 privacyguides:2025.03.13 privacyguides:2025.03.05 privacyguides:2025.02.14 privacyguides:2025.02.07 privacyguides:2025.01.25 privacyguides:2025.01.17 privacyguides:2024.12.25 privacyguides:2024.12.14 privacyguides:2024.11.30 privacyguides:2024.11.26 privacyguides:2024.11.17 privacyguides:2024.11.14 privacyguides:2024.11.11 privacyguides:2024.10.28-8f7de57 privacyguides:2024.10.28 privacyguides:2024.09.08 privacyguides:2024.08.21 privacyguides:2024.08.19 privacyguides:2024.08.05 privacyguides:2024.08.01 privacyguides:2024.07.29-a58f090 privacyguides:2024.07.29 privacyguides:2024.07.28 privacyguides:2024.07.21 privacyguides:2024.07.15 privacyguides:2024.07.14 privacyguides:2024.06.01 privacyguides:2024.05.31 privacyguides:2024.05.22 privacyguides:2024.05.20 privacyguides:2024.04.16 privacyguides:2024.04.14 privacyguides:2024.04.11 privacyguides:2024.04.10 privacyguides:2024.04.08-a1b01b8b privacyguides:2024.04.08 privacyguides:2024.04.02 privacyguides:2024.03.31-82ab189d privacyguides:2024.03.31 privacyguides:v3.22 privacyguides:v3.21 privacyguides:v3.20.1 privacyguides:v3.20 privacyguides:v3.19 privacyguides:v3.18 privacyguides:v3.17 privacyguides:v3.16 privacyguides:v3.15 privacyguides:v3.14 privacyguides:v3.13 privacyguides:v3.12.2 privacyguides:v3.12.1 privacyguides:v3.12 privacyguides:v3.11.1 privacyguides:v3.11 privacyguides:v3.10 privacyguides:v3.9.2 privacyguides:v3.9.1 privacyguides:v3.9 privacyguides:v3.8 privacyguides:v3.7 privacyguides:v3.6.1 privacyguides:v3.6 privacyguides:v3.5 privacyguides:v3.4 privacyguides:v3.3 privacyguides:v3.2 privacyguides:v3.1 privacyguides:v3.0 privacyguides:v2.33 privacyguides:v2.32 privacyguides:v2.31 privacyguides:v2.30 privacyguides:v2.29 privacyguides:v2.28 privacyguides:v2.27.1 privacyguides:v2.27 privacyguides:v2.26 privacyguides:v2.25 privacyguides:v2.24 privacyguides:v2.23.1 privacyguides:v2.23 privacyguides:v2.22 privacyguides:v2.21 privacyguides:v2.20 privacyguides:v2.19.3 privacyguides:v2.19.2 privacyguides:v2.19.1 privacyguides:v2.19 privacyguides:v2.18 privacyguides:v2.17.4 privacyguides:v2.17.3 privacyguides:v2.17.2 privacyguides:v2.17.1 privacyguides:v2.17 privacyguides:v2.16.1 privacyguides:v2.16 privacyguides:v2.15 privacyguides:v2.14.2 privacyguides:v2.14.1 privacyguides:v2.14.0 privacyguides:v2.13.0 privacyguides:v2.12.1 privacyguides:v2.12.0 privacyguides:v2.11.1 privacyguides:v2.11.0 privacyguides:v2.10.0 privacyguides:v2.9.1 privacyguides:v2.9.0 privacyguides:v2.8.0 privacyguides:v2.7.1 privacyguides:v2.7.0 privacyguides:v2.6.2 privacyguides:v2.6.1 privacyguides:v2.6.0 privacyguides:v2.5.2 privacyguides:v2.5.1 privacyguides:v2.5.0 privacyguides:v2.4.20 privacyguides:v2.4.19 privacyguides:v2.4.18 privacyguides:v2.4.17 privacyguides:v2.4.16 privacyguides:v2.4.15 privacyguides:v2.4.14 privacyguides:v2.4.13 privacyguides:v2.4.12 privacyguides:v2.4.11 privacyguides:v2.4.10 privacyguides:v2.4.9 privacyguides:v2.4.8 privacyguides:v2.4.7 privacyguides:v2.4.6 privacyguides:v2.4.5 privacyguides:v2.4.4 privacyguides:v2.4.3 privacyguides:v2.4.2 privacyguides:v2.4.1 privacyguides:v2.4.0 privacyguides:v2.3.5 privacyguides:v2.3.4 privacyguides:v2.3.3 privacyguides:v2.3.2 privacyguides:v2.3.1 privacyguides:v2.3.0 privacyguides:v2.2.0 privacyguides:v2.1.2 privacyguides:v2.1.1 privacyguides:v2.1.0 privacyguides:v2.0.2 privacyguides:v2.0.1 privacyguides:v2.0.0 privacyguides:v1.0.0

42 Commits
35dc235a9d ... 2024.04.11

Author SHA1 Message Date
Daniel Gray
a8a4adee73 Common Threats: Supply chain attacks (#2467) 
Signed-off-by: Jonah Aragon <jonah@triplebit.net>
 2024-04-11 13:07:26 -05:00
redoomed1
93136f2a0b Add search engine comparison table (#2505) 
Signed-off-by: Jonah Aragon <jonah@triplebit.net>
 2024-04-11 12:48:15 -05:00
redoomed1
5d405830df Update tools page with alt networks (#2516) 
Signed-off-by: Jonah Aragon <jonah@triplebit.net>
 2024-04-11 12:48:03 -05:00
Jonah Aragon
d80af3968f Fix broken PR builds 2024-04-11 12:36:39 -05:00
redoomed1
09d3669fcf Reapply: Update link to aliasing page (#2471) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-02 04:29:00 +00:00
Jonah Aragon
c4c68f7f7e Add run.sh script to project (#2517) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-11 16:11:22 +09:30
rollsicecream
a80653968e Email: Proton grammar, free accounts 1GB (#2512) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-11 14:55:22 +09:30
Jonah Aragon
775ff52b14 Remove per-language config files (#2513) 2024-04-10 17:52:14 -05:00
TechFanTheo
1acdf1748f Frontends: add Redlib, mention Reddit Onion (#2495) 
Co-authored-by: redoomed1 <161974310+redoomed1@users.noreply.github.com>
Signed-off-by: Freddy <freddy@privacyguides.org>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-11 01:16:39 +09:30
Daniel Gray
e88ee1a80e Email: Mention free Proton account deletion (#2510) 
Co-authored-by: redoomed1 <161974310+redoomed1@users.noreply.github.com>
Signed-off-by: Freddy <freddy@privacyguides.org>
 2024-04-11 01:12:43 +09:30
Jonah Aragon
662a3dfeb5 DNS: Add logging information/criteria (#2509) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-10 23:02:08 +09:30
Jonah Aragon
6458a05355 Link to mirrors in README (#2507) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-10 20:22:09 +09:30
Jonah Aragon
a57dc2cd78 Add alternative networks (#2506) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-10 20:17:00 +09:30
redoomed1
e8f12c1bdf Update docs: Remove redundant criterion & standardize (#2504) 
Signed-off-by: Jonah Aragon <jonah@triplebit.net>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-10 19:54:18 +09:30
TechFanTheo
2c623ce775 Criteria frontends updates (#2496) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Co-Authored-By: Jonah Aragon <jonah@triplebit.net>
 2024-04-10 00:58:06 -05:00
rollsicecream
65bc92af88 Update Password Management page (#2459) 
Signed-off-by: Jonah Aragon <jonah@privacyguides.org>
Signed-off-by: Freddy <freddy@privacyguides.org>
Co-Authored-By: redoomed1 <161974310+redoomed1@users.noreply.github.com>
 2024-04-10 00:51:41 -05:00
Jonah Aragon
5b41dec8b0 Mobile browser: Add Mull (#2460) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Signed-off-by: Freddy <freddy@privacyguides.org>
Co-Authored-By: redoomed1 <161974310+redoomed1@users.noreply.github.com>
 2024-04-10 00:45:47 -05:00
jermanuts
bad1370181 Encryption: Change Tomb steg link main site (#2503) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-09 16:19:02 +09:30
Jonah Aragon
a1b01b8b8c Deploy website to IPFS (#2502) 2024-04-08 15:21:32 -05:00
Jonah Aragon
9626aabea8 Asset cache-busting & i18n string additions (#2500) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-08 20:55:00 +09:30
redoomed1
a7a8817c21 Update docs links for various tools and make other changes (#2489) 
Co-authored-by: Jonah Aragon <jonah@triplebit.net>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-08 20:03:21 +09:30
TechFanTheo
d17adf0299 Fix Proton VPN free server count (#2501) 
Update proton free to 5 countries
Fix link separation

Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-08 17:54:52 +09:30
Jonah Aragon
dec6fbb64c Add Startpage hidden service address (#2499) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-08 15:29:11 +09:30
redoomed1
f35e64a4f4 Update Tuta links (#2494) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-06 17:39:42 +10:30
Jonah Aragon
af45bcc642 Enable website development (#2490) 2024-04-06 00:42:52 -05:00
elleybean
66225f2eff Fix typo on mobile browsers page (#2488) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-06 02:54:27 +10:30
Jonah Aragon
c2fce11a64 Add VPN comparison table (#2478) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-05 21:22:27 +10:30
Jonah Aragon
cf43545f57 Enable new mkdocs-material features (#2451) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-05 21:14:23 +10:30
redoomed1
cca4759612 Make grammar changes on CoC page (#2486) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-05 20:52:14 +10:30
kimg45
492facf194 Fix dead/outdated links (#2485) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-05 20:19:43 +10:30
redoomed1
472a3a5416 Update links on frontend page (#2483) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-05 03:38:35 +10:30
kimg45
3a8c0a9e66 Update VPN Countries and IPv6 support (#2454) 
Signed-off-by: Jonah Aragon <jonah@triplebit.net>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-04 03:56:57 +10:30
Jonah Aragon
0f17a9dce9 Replace MathJax with MathML (#2477) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-03 23:10:26 +10:30
Jonah Aragon
464d7ec3c6 Separate browser extensions page (#2461) 
Co-authored-by: redoomed1 <161974310+redoomed1@users.noreply.github.com>
Signed-off-by: Daniel Nathan Gray <dng@disroot.org>
 2024-04-03 22:55:49 +10:30
redoomed1
b6d2c6f113 fix: email aliasing, tools link and minor grammar (#2480) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-03 20:17:28 +10:30
Jonah Aragon
895a83b841 Bring back feedback buttons (#2481) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-03 20:08:06 +10:30
Jonah Aragon
ce7896c07f Remove server things from repo (#2475) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-03 17:36:38 +10:30
rollsicecream
04c37b9cdf Add Peergos to Cloud section (#2429) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Signed-off-by: Jonah Aragon <jonah@triplebit.net>
 2024-04-03 00:43:14 +10:30
dependabot[bot]
b12887310f Bump modules/mkdocs-material from 4ff6a57 to b248bcf 
Bumps [modules/mkdocs-material](https://github.com/privacyguides/mkdocs-material-insiders) from `4ff6a57` to `b248bcf`.
- [Commits](4ff6a57215...b248bcf9c3)

---
updated-dependencies:
- dependency-name: modules/mkdocs-material
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-02 23:56:21 +10:30
dependabot[bot]
ff0a5339a8 Bump crowdin/github-action from 1.20.1 to 1.20.2 
Bumps [crowdin/github-action](https://github.com/crowdin/github-action) from 1.20.1 to 1.20.2.
- [Release notes](https://github.com/crowdin/github-action/releases)
- [Commits](https://github.com/crowdin/github-action/compare/v1.20.1...v1.20.2)

---
updated-dependencies:
- dependency-name: crowdin/github-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-02 23:56:20 +10:30
Jonah Aragon
632761cae1 Automated PR Testing (#2469) 2024-04-02 23:56:20 +10:30
Jonah Aragon
b536928661 Stop using Netlify for production hosting (#2472) 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
 2024-04-02 23:56:14 +10:30
126 changed files with 2929 additions and 2581 deletions
Expand all files Collapse all files

1
.cache/plugin/social/fonts Symbolic link
View File

@@ -0,0 +1 @@
../../../theme/assets/brand/fonts

8
.devcontainer/devcontainer.json Normal file
View File

@@ -0,0 +1,8 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the
// README at: https://github.com/devcontainers/templates/tree/main/src/python
{
"name": "Privacy Guides",
"image": "ghcr.io/squidfunk/mkdocs-material:9.5.17",
"forwardPorts": [8000],
"postCreateCommand": "git submodule init; git submodule update theme/assets/brand; apk add bash; /bin/bash run.sh --cmd=mkdocs --cmd_flags=--dev-addr=0.0.0.0:8000"
}

8
.devcontainer/team/devcontainer.json Normal file
View File

@@ -0,0 +1,8 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the
// README at: https://github.com/devcontainers/templates/tree/main/src/python
{
"name": "Privacy Guides Team",
"image": "ghcr.io/privacyguides/privacyguides.org:main",
"forwardPorts": [8000],
"postCreateCommand": "git submodule init; git submodule update theme/assets/brand; ./run.sh --cmd=mkdocs --insiders --production --cmd_flags=--dev-addr=0.0.0.0:8000"
}

5
.editorconfig
View File

@@ -31,3 +31,8 @@ indent_size = 2
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
[{*.caddy,*.example-caddy,Caddyfile}]
charset = utf-8
indent_style = tab
tab_width = 4

25
.github/CODEOWNERS vendored
View File

@@ -1,27 +1,5 @@
# Copyright (c) 2019-2023 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# Additional Co-Owners are added to the TOP of this file
# High-traffic pages
/docs/index.en.md @jonaharagon @dngray
/docs/index.md @jonaharagon @dngray
/theme/overrides/ @jonaharagon
# Org
@@ -35,4 +13,3 @@ README.md @jonaharagon @dngray
/Pipfile @jonaharagon
/Pipfile.lock @jonaharagon
/.github/ @jonaharagon
/.well-known/ @jonaharagon

1
.github/ISSUE_TEMPLATE/1_Content_Correction.yml vendored
View File

@@ -22,7 +22,6 @@ name: "Content Correction"
description: Report any inaccurate, incorrect, or outdated information on the website.
labels: ["t:correction"]
body:
- type: markdown
attributes:
value: |

1
.github/ISSUE_TEMPLATE/2_Website_Issues.yml vendored
View File

@@ -24,7 +24,6 @@ labels: ["t:bug"]
assignees:
- jonaharagon
body:
- type: markdown
attributes:
value: |

11
.github/dependabot.yml vendored
View File

@@ -21,7 +21,6 @@
version: 2
registries:
github-privacyguides:
type: git
url: https://github.com
@@ -29,7 +28,6 @@ registries:
password: ${{secrets.REPO_PAT}}
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
@@ -52,6 +50,15 @@ updates:
labels:
- "fix:submodules"
- package-ecosystem: "devcontainers"
directory: "/"
schedule:
interval: weekly
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: weekly
# Disabled because some updates tend to remove needed dependencies for some reason
# # Maintain dependencies for pipenv

92
.github/workflows/build-container.yml vendored Normal file
View File

@@ -0,0 +1,92 @@
name: ☁️ Build Container
# Configures this workflow to run every time a change is pushed to the branch called `release`.
on:
push:
branches: ["main"]
release:
types: [published]
workflow_dispatch:
concurrency:
group: container-build
cancel-in-progress: true
permissions:
contents: read
packages: write
# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand]
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build-and-push-image:
needs: submodule
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rm -rf modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rm -rf theme/assets/brand
mv modules/repo-brand theme/assets/brand
# Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
- name: Log in to the Container registry
uses: docker/login-action@v3.1.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5.5.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha
flavor: |
latest=${{ github.event_name == 'release' }}
# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
- name: Build and push Docker image
uses: docker/build-push-action@v5.3.0
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cleanup:
if: ${{ always() }}
needs: build-and-push-image
uses: privacyguides/.github/.github/workflows/cleanup.yml@main

113
.github/workflows/build-offline.yml vendored
View File

@@ -1,113 +0,0 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Build Offline Website
on:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: 'false'
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Python setup
uses: actions/setup-python@v5
with:
cache: 'pipenv'
- uses: actions/cache/restore@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ github.repository }}-en-${{ github.ref }}-
site-cache-${{ github.repository }}-en-
- name: Install Python dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build website
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CARDS: false
run: |
pipenv run mkdocs build --config-file config/mkdocs-offline.yml
pipenv run mkdocs --version
- name: Package website
run: |
tar -czvf offline.tar.gz site
zip -r -q offline.zip site
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- name: Upload tar.gz file
uses: actions/upload-artifact@v4
with:
name: offline.tar.gz
path: offline.tar.gz
- name: Upload zip file
uses: actions/upload-artifact@v4
with:
name: offline.zip
path: offline.zip
- name: Create ZIM File
uses: addnab/docker-run-action@v3
with:
image: ghcr.io/openzim/zim-tools:3.1.3
options: -v ${{ github.workspace }}:/data
run: |
zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site /data/offline-privacy_guides.zim
- name: Upload ZIM file
uses: actions/upload-artifact@v4
with:
name: offline-privacy_guides.zim
path: offline-privacy_guides.zim

116
.github/workflows/build-pr.yml vendored Normal file
View File

@@ -0,0 +1,116 @@
name: 🛠️ Build PR Preview
on:
pull_request:
concurrency:
group: ${{github.event.pull_request.head.ref}}
cancel-in-progress: true
permissions:
contents: read
jobs:
metadata:
runs-on: ubuntu-latest
outputs:
submodules: ${{ steps.submodules-fork.outputs.submodules || steps.submodules-main.outputs.submodules }}
privileged: ${{ steps.submodules-fork.outputs.privileged || steps.submodules-main.outputs.privileged }}
env:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
steps:
- name: Set submodules for fork
if: env.ACTIONS_SSH_KEY == ''
id: submodules-fork
run: |
echo 'submodules={"repo":["brand","i18n"]}' >> "$GITHUB_OUTPUT"
echo "privileged=false" >> "$GITHUB_OUTPUT"
- name: Set submodules for main repo
if: env.ACTIONS_SSH_KEY != ''
id: submodules-main
run: |
echo 'submodules={"repo":["brand","i18n","mkdocs-material-insiders"]}' >> "$GITHUB_OUTPUT"
echo "privileged=true" >> "$GITHUB_OUTPUT"
- name: Save PR metadata
run: |
mkdir -p ./metadata
echo ${{ github.event.number }} > ./metadata/NR
echo ${{ github.event.pull_request.head.sha }} > ./metadata/SHA
- name: Upload metadata as artifact
uses: actions/upload-artifact@v4
with:
name: metadata
path: metadata
submodule:
needs: metadata
strategy:
matrix: ${{ fromJson(needs.metadata.outputs.submodules) }}
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build_english:
needs: [submodule, metadata]
strategy:
matrix:
lang: [en]
fail-fast: true
uses: ./.github/workflows/build.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
lang: en
continue-on-error: false
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
build_i18n:
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build i18n') }}
needs: [submodule, metadata]
strategy:
matrix:
lang: [es, fr, he, it, nl, ru, zh-Hant]
fail-fast: false
uses: ./.github/workflows/build.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
lang: ${{ matrix.lang }}
continue-on-error: true
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
combine_build:
needs: [build_english, build_i18n]
if: |
(always() && !cancelled() && !failure()) &&
needs.build_english.result == 'success' &&
(needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped')
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
- name: Upload Site
uses: actions/upload-artifact@v4
with:
name: site-build-combined
path: site
retention-days: 5
cleanup:
if: ${{ always() }}
needs: [build_english, build_i18n]
uses: privacyguides/.github/.github/workflows/cleanup.yml@main

267
.github/workflows/build.yml vendored
View File

@@ -1,28 +1,11 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Build Website
name: 🛠️ Build Website
on:
workflow_call:
inputs:
config:
type: string
default: build
ref:
required: true
type: string
@@ -38,6 +21,9 @@ on:
continue-on-error:
type: boolean
default: true
privileged:
type: boolean
default: true
permissions:
contents: read
@@ -50,87 +36,232 @@ jobs:
contents: read
steps:
- uses: actions/checkout@v4
- name: Add GitHub Token to Environment
run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- name: Set Metadata
if: inputs.config == 'build'
run: |
{
echo "BUILD_CONTEXT=${{ inputs.context }}"
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --production""
} >> "$GITHUB_ENV"
- name: Set Metadata for Privileged Builds
if: inputs.privileged
run: |
echo "BUILD_INSIDERS=true" >> "$GITHUB_ENV"
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --insiders"" >> "$GITHUB_ENV"
- name: Set Metadata for Offline Mode
if: inputs.config == 'offline'
run: |
{
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --offline""
} >> "$GITHUB_ENV"
- name: Download Repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: 'false'
persist-credentials: "false"
fetch-depth: 0
- uses: actions/download-artifact@v4
- name: Download Submodules
uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
- name: Move mkdocs-material-insiders to mkdocs-material
if: inputs.privileged
run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
- name: Move brand submodule to theme/assets/brand
run: |
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- if: inputs.lang != 'en'
- name: Copy Translation Files
if: inputs.lang != 'en'
run: |
cp -rl modules/repo-i18n/i18n .
cp -rl modules/repo-i18n/includes .
cp -rl modules/repo-i18n/theme .
- uses: actions/setup-python@v5
- name: Install Python (pipenv)
if: inputs.privileged
uses: actions/setup-python@v5
with:
cache: 'pipenv'
cache: "pipenv"
- uses: actions/cache/restore@v4.0.2
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ inputs.repo }}-${{ inputs.ref }}-
site-cache-${{ inputs.repo }}-
- name: Install Python (no pipenv)
if: ${{ !inputs.privileged }}
uses: actions/setup-python@v5
- uses: actions/cache/restore@v4.0.2
- name: Restore Privacy Plugin Cache
uses: actions/cache/restore@v4.0.2
id: privacy_cache_restore
with:
key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }}
path: |
config/.cache/plugin/social/manifest.json
config/.cache/plugin/social/assets
.cache/plugin/privacy
restore-keys: |
card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-
card-cache-${{ inputs.repo }}-${{ inputs.lang }}-
privacy-cache-${{ inputs.repo }}-
privacy-cache-privacyguides/privacyguides.org-
privacy-cache-
- run: |
- name: Restore Social Plugin Cache
uses: actions/cache/restore@v4.0.2
id: social_cache_restore
with:
key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }}
path: |
.cache/plugin/social/manifest.json
.cache/plugin/social/assets
restore-keys: |
social-cache-${{ inputs.repo }}-${{ inputs.lang }}-
social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-
- name: Restore Optimize Plugin Cache
uses: actions/cache/restore@v4.0.2
id: optimize_cache_restore
with:
key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
path: |
.cache/plugin/optimize
restore-keys: |
optimize-cache-${{ inputs.repo }}-
optimize-cache-privacyguides/privacyguides.org-
optimize-cache-
- name: Install Python Dependencies
if: inputs.privileged
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- if: inputs.lang != 'en'
uses: falti/dotenv-action@v1.1
with:
path: includes/strings.${{ inputs.lang }}.env
export-variables: true
keys-case: bypass
- env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CONTEXT: ${{ inputs.context }}
PRODUCTION: true
- name: Install Python Dependencies (Unprivileged)
if: ${{ !inputs.privileged }}
run: |
pipenv run mkdocs build --config-file config/mkdocs.${{ inputs.lang }}.yml
cp -r static/* site/
pipenv run mkdocs --version
tar -czvf site-build-${{ inputs.lang }}.tar.gz site
pip install mkdocs-material
sudo apt install pngquant
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --cmd=mkdocs"" >> "$GITHUB_ENV"
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- name: Build Website
run: |
eval ./run.sh --build --lang=${{ inputs.lang }} "$EXTRA_FLAGS"
- uses: actions/cache/save@v4.0.2
- name: Package Website
run: |
tar -czf site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz site
- name: Find Privacy Plugin Cache
uses: actions/cache/restore@v4.0.2
if: steps.privacy_cache_restore.outputs.cache-hit != 'true'
id: privacy_cache_test
with:
key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
key: privacy-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/privacy/**') }}
lookup-only: true
path: |
config/.cache/plugin/social/manifest.json
config/.cache/plugin/social/assets
.cache/plugin/privacy
- uses: actions/upload-artifact@v4
- name: Find Social Plugin Cache
uses: actions/cache/restore@v4.0.2
if: steps.social_cache_restore.outputs.cache-hit != 'true'
id: social_cache_test
with:
name: site-build-${{ inputs.lang }}.tar.gz
path: site-build-${{ inputs.lang }}.tar.gz
key: social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }}
lookup-only: true
path: |
.cache/plugin/social/manifest.json
.cache/plugin/social/assets
- name: Find Optimize Plugin Cache
uses: actions/cache/restore@v4.0.2
if: steps.optimize_cache_restore.outputs.cache-hit != 'true'
id: optimize_cache_test
with:
key: optimize-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
lookup-only: true
path: |
.cache/plugin/optimize
- name: Save Privacy Plugin Cache
uses: actions/cache/save@v4.0.2
if: steps.privacy_cache_test.outputs.cache-hit != 'true'
with:
key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }}
path: .cache/plugin/privacy
- name: Save Social Plugin Cache
uses: actions/cache/save@v4.0.2
if: steps.social_cache_test.outputs.cache-hit != 'true'
with:
key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }}
path: |
.cache/plugin/social/manifest.json
.cache/plugin/social/assets
- name: Save Optimize Plugin Cache
uses: actions/cache/save@v4.0.2
if: steps.optimize_cache_test.outputs.cache-hit != 'true'
with:
key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
path: .cache/plugin/optimize
- name: Upload Site
uses: actions/upload-artifact@v4
with:
name: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz
path: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz
retention-days: 1
offline_package:
if: inputs.config == 'offline' && inputs.lang == 'en'
needs: build
runs-on: ubuntu-latest
continue-on-error: ${{ inputs.continue-on-error }}
permissions:
contents: read
steps:
- uses: actions/download-artifact@v4
with:
name: site-offline-en.tar.gz
- run: |
tar -xzf site-offline-en.tar.gz
tar -czf offline.tar.gz site/en
zip -r -q offline.zip site/en
- name: Upload tar.gz file
uses: actions/upload-artifact@v4
with:
name: offline.tar.gz
path: offline.tar.gz
- name: Upload zip file
uses: actions/upload-artifact@v4
with:
name: offline.zip
path: offline.zip
- name: Create ZIM File
uses: addnab/docker-run-action@v3
with:
image: ghcr.io/openzim/zim-tools:3.1.3
options: -v ${{ github.workspace }}:/data
run: |
zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site/en /data/offline-privacy_guides.zim
- name: Upload ZIM file
uses: actions/upload-artifact@v4
with:
name: offline-privacy_guides.zim
path: offline-privacy_guides.zim

33
.github/workflows/cleanup.yml vendored
View File

@@ -1,33 +0,0 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Cleanup Artifacts
on:
workflow_call:
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- uses: geekyeggo/delete-artifact@v5
with:
name: repo-*
failOnError: false

237
.github/workflows/deploy.yml vendored
View File

@@ -1,237 +0,0 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Deploy Website Build
on:
workflow_call:
inputs:
netlify_preview:
type: boolean
netlify_alias:
type: string
netlify_production:
type: boolean
github_pages:
type: boolean
bunnycdn_production:
type: boolean
minio_production:
type: boolean
outputs:
netlify_preview_address:
value: ${{ jobs.netlify_preview.outputs.address }}
secrets:
NETLIFY_TOKEN:
PROD_BUNNYCDN_API_KEY:
PROD_BUNNYCDN_PASSWORD:
PROD_MINIO_KEY_ID:
PROD_MINIO_SECRET_KEY:
jobs:
netlify_preview:
if: inputs.netlify_preview
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
address: ${{ steps.address.outputs.address }}
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml
ls -la site/
- uses: actions/setup-node@v4
- run: |
npm install netlify-cli -g
- if: inputs.netlify_preview
name: Limit length of Netlify alias to 12
run: echo "SHORT_ALIAS=`echo ${{ inputs.netlify_alias }} | cut -c1-12`" >> $GITHUB_ENV
- if: inputs.netlify_preview
id: deployment
env:
NETLIFY_SITE_ID: ${{ vars.NETLIFY_SITE }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
run: |
netlify deploy --dir=site --alias=${{ env.SHORT_ALIAS }}
echo "DEPLOYED_ADDRESS=https://${{ env.SHORT_ALIAS }}--${{ vars.NETLIFY_SITE }}.netlify.app/" >> "$GITHUB_ENV"
- id: address
run: |
echo "address=$DEPLOYED_ADDRESS" >> "$GITHUB_OUTPUT"
netlify_production:
if: inputs.netlify_production
runs-on: ubuntu-latest
permissions:
contents: read
environment:
name: production
url: https://illustrious-bavarois-56cf30.netlify.app/
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
wget https://raw.githubusercontent.com/privacyguides/privacyguides.org/main/netlify.toml
ls -la site/
- uses: actions/setup-node@v4
- run: |
npm install netlify-cli -g
- id: prod_deployment
env:
NETLIFY_SITE_ID: ${{ vars.PROD_NETLIFY_SITE }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
run: |
netlify deploy --dir=site --prod-if-unlocked
github_pages:
if: inputs.github_pages
runs-on: ubuntu-latest
concurrency:
group: "pages"
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
permissions:
contents: read
pages: write # to deploy to Pages
id-token: write # to verify the deployment originates from an appropriate source
steps:
- uses: actions/configure-pages@v5
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
- uses: 1arp/create-a-file-action@0.4.4
with:
path: site
file: index.html
content: |
<html lang="en">
<head>
<title>Redirecting to English site...</title>
<meta
http-equiv="refresh"
content="0; URL=./en/"
/>
</head>
</html>
- uses: actions/upload-pages-artifact@v3
with:
path: site
- id: deployment
uses: actions/deploy-pages@main
bunnycdn_production:
if: inputs.bunnycdn_production
runs-on: ubuntu-latest
permissions:
contents: read
environment:
name: production
url: https://privacyguides-org-production.b-cdn.net
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
- uses: own3d/bunny-action@bfaa5c6bc8b7a7ebd599ddd4912347d7c3847e78
env:
BUNNY_API_ACCESS_KEY: ${{ secrets.PROD_BUNNYCDN_API_KEY }}
BUNNY_STORAGE_HOSTNAME: storage.bunnycdn.com
BUNNY_STORAGE_USERNAME: ${{ vars.PROD_BUNNYCDN_USER }}
BUNNY_STORAGE_PASSWORD: ${{ secrets.PROD_BUNNYCDN_PASSWORD }}
BUNNY_PULL_ZONE_ID: 2117106
with:
args: deploy --dir=site
minio_production:
if: inputs.minio_production
runs-on: ubuntu-latest
permissions:
contents: read
environment:
name: production
url: https://privacyguides-org-production.stor1-minio.jonaharagon.net
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
- uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --delete
env:
SOURCE_DIR: "site/"
AWS_S3_BUCKET: ${{ vars.PROD_MINIO_BUCKET }}
AWS_S3_ENDPOINT: ${{ vars.PROD_MINIO_HOSTNAME }}
AWS_ACCESS_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}

48
.github/workflows/download-repo.yml vendored
View File

@@ -1,48 +0,0 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: Download Repository
on:
workflow_call:
inputs:
repo:
required: true
type: string
secrets:
ACTIONS_SSH_KEY:
required: true
jobs:
download:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: 'privacyguides/${{ inputs.repo }}'
path: repo-${{ inputs.repo }}
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
- uses: actions/upload-artifact@v4
with:
name: repo-${{ inputs.repo }}
path: repo-${{ inputs.repo }}
retention-days: 1

5
.github/workflows/publish-mirror.yml vendored
View File

@@ -20,7 +20,10 @@
name: 🪞 Push to Mirrors
on: [ push, delete, create ]
permissions:
contents: read
on: [push, delete, create]
# Ensures that only one mirror task will run at a time.
concurrency:

160
.github/workflows/publish-pr.yml vendored
View File

@@ -1,102 +1,120 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 Publish Pull Request Preview
name: 📦 PR Preview
on:
pull_request_target:
concurrency:
group: ${{github.event.pull_request.head.ref}}
cancel-in-progress: true
workflow_run:
workflows: [🛠️ Build PR Preview]
types:
- completed
permissions:
pull-requests: write
actions: read
contents: read
pages: write
id-token: write
pull-requests: write
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
uses: ./.github/workflows/download-repo.yml
with:
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
metadata:
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
build:
needs: submodule
strategy:
matrix:
lang: [es, fr, he, it, nl, ru, zh-Hant]
allow-error: [true]
include:
- lang: en
allow-error: false
fail-fast: false
permissions:
contents: read
uses: ./.github/workflows/build.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
lang: ${{ matrix.lang }}
continue-on-error: ${{ matrix.allow-error }}
runs-on: ubuntu-latest
outputs:
pr_number: ${{ steps.metadata.outputs.pr_number }}
sha: ${{ steps.metadata.outputs.sha }}
steps:
- name: Download Website Build Artifact
uses: actions/github-script@v7.0.1
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "site-build-combined"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/site-build-combined.zip', Buffer.from(download.data));
- name: Unpack Website
run: |
mkdir -p site
unzip site-build-combined.zip -d site
tar -czvf site-build-combined.tar.gz site
- name: Upload Combined Build Artifact
uses: actions/upload-artifact@v4
with:
name: site-build-combined.tar.gz
path: site-build-combined.tar.gz
retention-days: 5
- name: Download Metadata Artifact
uses: actions/github-script@v7.0.1
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "metadata"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/metadata.zip', Buffer.from(download.data));
- name: Set Metadata
id: metadata
run: |
mkdir -p metadata
unzip metadata.zip -d metadata
echo "pr_number=$(cat metadata/NR)" >> "$GITHUB_OUTPUT"
echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
deploy:
needs: build
needs: metadata
permissions:
contents: read
pages: write
id-token: write
uses: ./.github/workflows/deploy.yml
uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main
with:
netlify_preview: true
netlify_alias: ${{ github.event.pull_request.head.sha }}
netlify_alias: ${{ needs.metadata.outputs.pr_number }}
netlify_site_id: ${{ vars.NETLIFY_SITE }}
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
comment:
permissions:
pull-requests: write
needs: deploy
needs: [deploy, metadata]
runs-on: ubuntu-latest
env:
address: ${{ needs.deploy.outputs.netlify_preview_address }}
address: ${{ needs.deploy.outputs.address }}
steps:
- uses: thollander/actions-comment-pull-request@v2.5.0
with:
pr_number: ${{ needs.metadata.outputs.pr_number }}
message: |
### <span aria-hidden="true">✅</span> Your preview is ready!
| Name | Link |
| :---: | ---- |
| <span aria-hidden="true">🔨</span> Latest commit | ${{ github.event.pull_request.head.sha }} |
| <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
| <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
comment_tag: deployment
cleanup:
if: ${{ always() }}
needs: build
uses: ./.github/workflows/cleanup.yml

40
.github/workflows/publish-release.yml vendored
View File

@@ -18,24 +18,29 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 Publish Release
name: 📦 Release
on:
push:
tags:
- '*'
- "*"
concurrency:
group: release-deployment
cancel-in-progress: true
permissions:
contents: write
pages: write
id-token: write
deployments: write
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
uses: ./.github/workflows/download-repo.yml
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
secrets:
@@ -46,25 +51,21 @@ jobs:
strategy:
matrix:
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
build: [build, offline]
permissions:
contents: read
uses: ./.github/workflows/build.yml
with:
config: ${{ matrix.build }}
ref: ${{ github.ref }}
repo: ${{ github.repository }}
lang: ${{ matrix.lang }}
context: production
continue-on-error: false
buildoffline:
needs: submodule
permissions:
contents: read
uses: ./.github/workflows/build-offline.yml
release:
name: Create release notes
needs: buildoffline
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
@@ -84,20 +85,19 @@ jobs:
deploy:
needs: build
uses: ./.github/workflows/deploy.yml
with:
netlify_production: true
github_pages: true
bunnycdn_production: true
minio_production: true
uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
PROD_BUNNYCDN_API_KEY: ${{ secrets.PROD_BUNNYCDN_API_KEY }}
PROD_BUNNYCDN_PASSWORD: ${{ secrets.PROD_BUNNYCDN_PASSWORD }}
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
CLUSTER_USERNAME: ${{ secrets.CLUSTER_USERNAME }}
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
cleanup:
if: ${{ always() }}
needs: [build, buildoffline]
uses: ./.github/workflows/cleanup.yml
needs: build
uses: privacyguides/.github/.github/workflows/cleanup.yml@main

16
.github/workflows/test-build.yml vendored
View File

@@ -31,7 +31,7 @@ jobs:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
uses: ./.github/workflows/download-repo.yml
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
secrets:
@@ -41,24 +41,20 @@ jobs:
needs: submodule
strategy:
matrix:
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
lang: [en, fr, he]
build: [build, offline]
fail-fast: false
permissions:
contents: read
uses: ./.github/workflows/build.yml
with:
config: ${{ matrix.build }}
ref: ${{ github.ref }}
repo: ${{ github.repository }}
lang: ${{ matrix.lang }}
continue-on-error: true
buildoffline:
needs: submodule
permissions:
contents: read
uses: ./.github/workflows/build-offline.yml
cleanup:
if: ${{ always() }}
needs: [build, buildoffline]
uses: ./.github/workflows/cleanup.yml
needs: build
uses: privacyguides/.github/.github/workflows/cleanup.yml@main

131
.github/workflows/test-lint.yml vendored Normal file
View File

@@ -0,0 +1,131 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 🤖 Linting
permissions:
contents: read
on:
workflow_dispatch:
pull_request:
branches:
- main
push:
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
env:
MAIN_BRANCH: ${{ github.event_name == 'push' }}
jobs:
megalinter:
name: MegaLinter
runs-on: ubuntu-latest
steps:
- if: ${{ env.MAIN_BRANCH }}
uses: actions/checkout@v4
- if: ${{ env.MAIN_BRANCH == 0 }}
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure markdown-link-check
run: |
cat <<EOT >> .markdown-link-check.json
{
"ignorePatterns": [
{
"pattern": "^https://twitter.com"
},
{
"pattern": "^https://reddit.com"
},
{
"pattern": "^#_"
},
{
"pattern": ".onion"
},
{
"pattern": "^https://en.opensuse.org"
},
{
"pattern": "^https://quad9.net"
},
{
"pattern": "^https://dnscrypt.info"
},
{
"pattern": "^https://pipewire.org"
}
],
"replacementPatterns": [
{
"pattern": "^assets/",
"replacement": "https://www.privacyguides.org/en/assets/"
},
{
"pattern": "^(../)*assets/",
"replacement": "https://www.privacyguides.org/en/assets/"
},
{
"pattern": "^/",
"replacement": "https://www.privacyguides.org/"
}
],
"retryOn429": true,
"retryCount": 5,
"aliveStatusCodes": [200, 206, 403]
}
EOT
- id: ml
# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.io/flavors/
uses: oxsecurity/megalinter/flavors/documentation@v7.10.0
env:
# All available variables are described in documentation
# https://megalinter.io/configuration/
# Validates all source when push on main, else just the git diff with main.
VALIDATE_ALL_CODEBASE: ${{ env.MAIN_BRANCH }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
DISABLE: COPYPASTE,SPELL,HTML
DISABLE_LINTERS: JSON_JSONLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER
DISABLE_ERRORS_LINTERS: CSS_STYLELINT,MARKDOWN_MARKDOWN_LINK_CHECK,YAML_YAMLLINT,DOCKERFILE_HADOLINT,REPOSITORY_TRIVY,REPOSITORY_CHECKOV
EDITORCONFIG_EDITORCONFIG_CHECKER_ARGUMENTS: -disable-indentation
ENV_DOTENV_LINTER_ARGUMENTS: "--skip QuoteCharacter"
MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_INCLUDE: (docs)
MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml
MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: (PULL_REQUEST_TEMPLATE\.md)
# Upload MegaLinter artifacts
- name: Archive production artifacts
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log

32
.github/workflows/upload-crowdin.yml vendored
View File

@@ -20,10 +20,13 @@
name: 💬 Crowdin Upload
permissions:
contents: read
on:
workflow_dispatch:
push:
branches: [ main ]
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
@@ -34,18 +37,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Checkout
uses: actions/checkout@v4
- name: crowdin action
uses: crowdin/github-action@v1.20.1
with:
upload_sources: true
upload_sources_args: '--auto-update --delete-obsolete'
download_translations: false
config: crowdin.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
- name: crowdin action
uses: crowdin/github-action@v1.20.2
with:
upload_sources: true
upload_sources_args: "--auto-update --delete-obsolete"
download_translations: false
config: crowdin.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

29
.gitignore vendored
View File

@@ -2,27 +2,24 @@ site
/i18n/
/includes/*
!/includes/*.en.*
/static/i18n/*
!/static/i18n/*.en.*
/theme/overrides/*
!/theme/overrides/*.en.*
/static/i18n/
/theme/overrides/*.*.*
# commit social card fonts to repo
# see: https://github.com/squidfunk/mkdocs-material/issues/6983
# ridiculous hide-and-seek https://stackoverflow.com/a/72380673
.cache/*
!/config/.cache
/config/.cache/*
!/config/.cache/plugin
/config/.cache/plugin/*
!/config/.cache/plugin/social
/config/.cache/plugin/social/*
!/config/.cache/plugin/social/fonts
# Editor settings
.vscode/*
!.vscode/extensions.json
!.vscode/settings.json
!.cache/plugin
/.cache/plugin/*
!.cache/plugin/social
/.cache/plugin/social/*
!.cache/plugin/social/fonts
# Local Netlify folder
.netlify
node_modules
# Python
.venv
.env
.mkdocs-insiders-*

16
.mailmap Normal file
View File

@@ -0,0 +1,16 @@
Daniel Gray <dngray@privacyguides.org> <dng@disroot.org>
Daniel Gray <dngray@privacyguides.org> <48640805+dngray@users.noreply.github.com>
Daniel Gray <dngray@privacyguides.org> <dngray@privacytools.io>
Daniel Gray <dngray@privacyguides.org>
Jonah Aragon <jonah@privacyguides.org> <jonah@triplebit.net>
Jonah Aragon <jonah@privacyguides.org> <jonah@privacytools.io>
Jonah Aragon <jonah@privacyguides.org> <github@aragon.science>
mfwmyfacewhen <mfw@privacyguides.org> <94880365+mfwmyfacewhen@users.noreply.github.com>
mbananasynergy <mbananasynergy@privacyguides.org> <>
mbananasynergy <mbananasynergy@privacyguides.org> <107055883+matchboxbananasynergy@users.noreply.github.com>
rollsicecream <rollsicecream@proton.me> <153316540+rollsicecream@users.noreply.github.com>
rollsicecream <rollsicecream@proton.me> <waterfallnet@proton.me>
Freddy <freddy@privacyguides.org> <freddy@decypher.pw>
Freddy <freddy@privacyguides.org> <freddy@privacytools.io>
Niek de Wilde <niek@privacyguides.org> <github.ef27z@simplelogin.com>
Niek de Wilde <niek@privacyguides.org> <blacklight447@privacytools.io>

3
.markdownlint.yml
View File

@@ -24,8 +24,7 @@ ul-indent:
indent: 4
no-inline-html: false
code-block-style: false
no-hard-tabs:
spaces-per-tab: 4
no-hard-tabs: true
emphasis-style:
style: "asterisk"
no-duplicate-header: false

1
.vscode/.empty-schema.json vendored Normal file
View File

@@ -0,0 +1 @@
{}

5
.vscode/extensions.json vendored
View File

@@ -23,6 +23,9 @@
"EditorConfig.EditorConfig",
"DavidAnson.vscode-markdownlint",
"wholroyd.jinja",
"mikestead.dotenv"
"mikestead.dotenv",
"redhat.vscode-yaml",
"ecmel.vscode-html-css",
"yzhang.markdown-all-in-one"
]
}

30
.vscode/settings.json vendored
View File

@@ -20,8 +20,32 @@
{
"git.ignoreLimitWarning": true,
"[markdown]": {
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true
"ltex.diagnosticSeverity": "hint",
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true,
"editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
"[yaml]": {
"editor.defaultFormatter": "redhat.vscode-yaml",
"editor.quickSuggestions": {
"other": true,
"comments": false,
"strings": true
}
},
"yaml.schemas": {
"https://raw.githubusercontent.com/DavidAnson/markdownlint/main/schema/markdownlint-config-schema.json": ".markdownlint.yml",
"https://json.schemastore.org/github-issue-config.json": ".github/ISSUE_TEMPLATE/config.yml",
".vscode/.empty-schema.json": "config/*.yml"
},
"yaml.customTags": [
"!ENV sequence",
"!ENV",
"tag:yaml.org,2002:python/name:pymdownx.superfences.fence_code_format",
"tag:yaml.org,2002:python/name:material.extensions.emoji.twemoji",
"tag:yaml.org,2002:python/name:material.extensions.emoji.to_svg"
],
"editor.formatOnSave": true,
"[github-actions-workflow]": {
"editor.defaultFormatter": "esbenp.prettier-vscode"
}
}

72
Dockerfile Normal file
View File

@@ -0,0 +1,72 @@
FROM python:3.12-alpine as base
LABEL org.opencontainers.image.source="https://github.com/privacyguides/privacyguides.org"
# Setup env
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONFAULTHANDLER 1
FROM base AS python-deps
# Install pipenv and compilation dependencies
RUN pip install pipenv
RUN \
apk upgrade --update-cache -a \
&& \
apk add --no-cache \
gcc \
libffi-dev \
musl-dev
# Install python dependencies in /.venv
COPY modules/mkdocs-material ./modules/mkdocs-material
COPY Pipfile .
COPY Pipfile.lock .
RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy
FROM base AS runtime
# Install runtime dependencies
RUN \
apk upgrade --update-cache -a \
&& \
apk add --no-cache \
cairo \
freetype-dev \
git \
git-fast-import \
jpeg-dev \
openssh \
pngquant \
tini \
zlib-dev \
libffi-dev \
musl-dev \
bash
# Copy virtual env from python-deps stage
COPY --from=python-deps /.venv /.venv
COPY --from=python-deps /modules/mkdocs-material /modules/mkdocs-material
ENV PATH="/.venv/bin:$PATH"
# Create and switch to a new user
RUN mkdir /site
WORKDIR /site
COPY docs docs
COPY theme theme
COPY includes includes
COPY *.yml .
COPY .cache/plugin/social/fonts .cache/plugin/social/fonts
COPY run.sh .
EXPOSE 8000
ENV MKDOCS_INHERIT mkdocs-production.yml
HEALTHCHECK NONE
ENTRYPOINT ["./run.sh"]
CMD ["--cmd=mkdocs", "--insiders", "--cmd_flags=--dev-addr=0.0.0.0:8000"]

2
Pipfile
View File

@@ -26,7 +26,7 @@ name = "pypi"
[packages]
mkdocs-material = {extras = ["imaging"], path = "./modules/mkdocs-material"}
mkdocs-git-revision-date-localized-plugin = "~=1.2"
mkdocs-git-committers-plugin-2 = "~=1.1"
mkdocs-git-authors-plugin = "~=0.8"
mkdocs-macros-plugin = "~=1.0"
jieba = "~=0.42"

289
Pipfile.lock generated
View File

@@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
"sha256": "93ebf65ff6386809b3bea7cadd6e1eb71f8b0bb066846d81ec8d95422d32af64"
"sha256": "ea18b0cfbbad56281087e2422684e4943753ad503e1319ef1f2f054b7a05f608"
},
"pipfile-spec": 6,
"requires": {
@@ -24,14 +24,6 @@
"markers": "python_version >= '3.7'",
"version": "==2.14.0"
},
"beautifulsoup4": {
"hashes": [
"sha256:74e3d1928edc070d21748185c46e3fb33490f22f52a3addee9aee0f4f7781051",
"sha256:b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
],
"markers": "python_full_version >= '3.6.0'",
"version": "==4.12.3"
},
"cairocffi": {
"hashes": [
"sha256:78e6bbe47357640c453d0be929fa49cd05cce2e1286f3d2a1ca9cbda7efdb8b7",
@@ -45,7 +37,6 @@
"sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0",
"sha256:8a5222d4e6c3f86f1f7046b63246877a63b49923a1cd202184c3a634ef546b3b"
],
"markers": "python_version >= '3.5'",
"version": "==2.7.1"
},
"certifi": {
@@ -288,125 +279,6 @@
"markers": "python_version >= '3.7'",
"version": "==3.1.3"
},
"lxml": {
"hashes": [
"sha256:0382e6a3eefa3f6699b14fa77c2eb32af2ada261b75120eaf4fc028a20394975",
"sha256:03e3962d6ad13a862dacd5b3a3ea60b4d092a550f36465234b8639311fd60989",
"sha256:05fc3720250d221792b6e0d150afc92d20cb10c9cdaa8c8f93c2a00fbdd16015",
"sha256:06036d60fccb21e22dd167f6d0e422b9cbdf3588a7e999a33799f9cbf01e41a5",
"sha256:0947d1114e337dc2aae2fa14bbc9ed5d9ca1a0acd6d2f948df9926aef65305e9",
"sha256:0e95ae029396382a0d2e8174e4077f96befcd4a2184678db363ddc074eb4d3b2",
"sha256:11acfcdf5a38cf89c48662123a5d02ae0a7d99142c7ee14ad90de5c96a9b6f06",
"sha256:11e41ffd3cd27b0ca1c76073b27bd860f96431d9b70f383990f1827ca19f2f52",
"sha256:1459a998c10a99711ac532abe5cc24ba354e4396dafef741c7797f8830712d56",
"sha256:16e65223f34fd3d65259b174f0f75a4bb3d9893698e5e7d01e54cd8c5eb98d85",
"sha256:1cce2eaad7e38b985b0f91f18468dda0d6b91862d32bec945b0e46e2ffe7222e",
"sha256:1eace37a9f4a1bef0bb5c849434933fd6213008ec583c8e31ee5b8e99c7c8500",
"sha256:1ede2a7a86a977b0c741654efaeca0af7860a9b1ae39f9268f0936246a977ee0",
"sha256:1effc10bf782f0696e76ecfeba0720ea02c0c31d5bffb7b29ba10debd57d1c3d",
"sha256:200f70b5d95fc79eb9ed7f8c4888eef4e274b9bf380b829d3d52e9ed962e9231",
"sha256:21dc490cdb33047bc7f7ad76384f3366fa8f5146b86cc04c4af45de901393b90",
"sha256:246c93e2503c710cf02c7e9869dc0258223cbefe5e8f9ecded0ac0aa07fd2bf8",
"sha256:25fef8794f0dc89f01bdd02df6a7fec4bcb2fbbe661d571e898167a83480185e",
"sha256:27877732946843f4b6bfc56eb40d865653eef34ad2edeed16b015d5c29c248df",
"sha256:281ee1ffeb0ab06204dfcd22a90e9003f0bb2dab04101ad983d0b1773bc10588",
"sha256:2a34e74ffe92c413f197ff4967fb1611d938ee0691b762d062ef0f73814f3aa4",
"sha256:2ad364026c2cebacd7e01d1138bd53639822fefa8f7da90fc38cd0e6319a2699",
"sha256:2bbe335f0d1a86391671d975a1b5e9b08bb72fba6b567c43bdc2e55ca6e6c086",
"sha256:32d44af078485c4da9a7ec460162392d49d996caf89516fa0b75ad0838047122",
"sha256:347ec08250d5950f5b016caa3e2e13fb2cb9714fe6041d52e3716fb33c208663",
"sha256:356f8873b1e27b81793e30144229adf70f6d3e36e5cb7b6d289da690f4398953",
"sha256:35e39c6fd089ad6674eb52d93aa874d6027b3ae44d2381cca6e9e4c2e102c9c8",
"sha256:3603a8a41097daf7672cae22cc4a860ab9ea5597f1c5371cb21beca3398b8d6a",
"sha256:371aab9a397dcc76625ad3b02fa9b21be63406d69237b773156e7d1fc2ce0cae",
"sha256:3ac7c8a60b8ad51fe7bca99a634dd625d66492c502fd548dc6dc769ce7d94b6a",
"sha256:3cefb133c859f06dab2ae63885d9f405000c4031ec516e0ed4f9d779f690d8e3",
"sha256:3f06e4460e76468d99cc36d5b9bc6fc5f43e6662af44960e13e3f4e040aacb35",
"sha256:4add722393c99da4d51c8d9f3e1ddf435b30677f2d9ba9aeaa656f23c1b7b580",
"sha256:4c232726f7b6df5143415a06323faaa998ef8abbe1c0ed00d718755231d76f08",
"sha256:4d16b44ad0dd8c948129639e34c8d301ad87ebc852568ace6fe9a5ad9ce67ee1",
"sha256:50a26f68d090594477df8572babac64575cd5c07373f7a8319c527c8e56c0f99",
"sha256:5188f22c00381cb44283ecb28c8d85c2db4a3035774dd851876c8647cb809c27",
"sha256:5261c858c390ae9a19aba96796948b6a2d56649cbd572968970dc8da2b2b2a42",
"sha256:52d6cdea438eb7282c41c5ac00bd6d47d14bebb6e8a8d2a1c168ed9e0cacfbab",
"sha256:53c0e56f41ef68c1ce4e96f27ecdc2df389730391a2fd45439eb3facb02d36c8",
"sha256:56591e477bea531e5e1854f5dfb59309d5708669bc921562a35fd9ca5182bdcd",
"sha256:56835b9e9a7767202fae06310c6b67478963e535fe185bed3bf9af5b18d2b67e",
"sha256:57402d6cdd8a897ce21cf8d1ff36683583c17a16322a321184766c89a1980600",
"sha256:57cbadf028727705086047994d2e50124650e63ce5a035b0aa79ab50f001989f",
"sha256:5810fa80e64a0c689262a71af999c5735f48c0da0affcbc9041d1ef5ef3920be",
"sha256:59ec2948385336e9901008fdf765780fe30f03e7fdba8090aafdbe5d1b7ea0cd",
"sha256:5f6e4e5a62114ae76690c4a04c5108d067442d0a41fd092e8abd25af1288c450",
"sha256:60847dfbdfddf08a56c4eefe48234e8c1ab756c7eda4a2a7c1042666a5516564",
"sha256:60a3983d32f722a8422c01e4dc4badc7a307ca55c59e2485d0e14244a52c482f",
"sha256:641a8da145aca67671205f3e89bfec9815138cf2fe06653c909eab42e486d373",
"sha256:6a7e0935f05e1cf1a3aa1d49a87505773b04f128660eac2a24a5594ea6b1baa7",
"sha256:6e45fd5213e5587a610b7e7c8c5319a77591ab21ead42df46bb342e21bc1418d",
"sha256:6f0d2b97a5a06c00c963d4542793f3e486b1ed3a957f8c19f6006ed39d104bb0",
"sha256:703d60e59ab45c17485c2c14b11880e4f7f0eab07134afa9007573fa5a779a5a",
"sha256:7250030a7835bfd5ba6ca7d1ad483ec90f9cbc29978c5e75c1cc3e031d3c4160",
"sha256:73e69762cf740ac3ae81137ef9d6f15f93095f50854e233d50b29e7b8a91dbc6",
"sha256:75a4117b43694c72a0d89f6c18a28dc57407bde4650927d4ef5fd384bdf6dcc7",
"sha256:7a1611fb9de0a269c05575c024e6d8cdf2186e3fa52b364e3b03dcad82514d57",
"sha256:7c556bbf88a8b667c849d326dd4dd9c6290ede5a33383ffc12b0ed17777f909d",
"sha256:7c61ce3cdd6e6c9f4003ac118be7eb3036d0ce2afdf23929e533e54482780f74",
"sha256:7efbce96719aa275d49ad5357886845561328bf07e1d5ab998f4e3066c5ccf15",
"sha256:7fac15090bb966719df06f0c4f8139783746d1e60e71016d8a65db2031ca41b8",
"sha256:80cc2b55bb6e35d3cb40936b658837eb131e9f16357241cd9ba106ae1e9c5ecb",
"sha256:883e382695f346c2ea3ad96bdbdf4ca531788fbeedb4352be3a8fcd169fc387d",
"sha256:8aa11638902ac23f944f16ce45c9f04c9d5d57bb2da66822abb721f4efe5fdbb",
"sha256:92bb37c96215c4b2eb26f3c791c0bf02c64dd251effa532b43ca5049000c4478",
"sha256:931a3a13e0f574abce8f3152b207938a54304ccf7a6fd7dff1fdb2f6691d08af",
"sha256:93eede9bcc842f891b2267c7f0984d811940d1bc18472898a1187fe560907a99",
"sha256:947fa8bf15d1c62c6db36c6ede9389cac54f59af27010251747f05bddc227745",
"sha256:a00f5931b7cccea775123c3c0a2513aee58afdad8728550cc970bff32280bdd2",
"sha256:a3c39def0965e8fb5c8d50973e0c7b4ce429a2fa730f3f9068a7f4f9ce78410b",
"sha256:a9b67b850ab1d304cb706cf71814b0e0c3875287083d7ec55ee69504a9c48180",
"sha256:ada8ce9e6e1d126ef60d215baaa0c81381ba5841c25f1d00a71cdafdc038bd27",
"sha256:ae550cbd7f229cdf2841d9b01406bcca379a5fb327b9efb53ba620a10452e835",
"sha256:ae69524fd6a68b288574013f8fadac23cacf089c75cd3fc5b216277a445eb736",
"sha256:af64df85fecd3cf3b2e792f0b5b4d92740905adfa8ce3b24977a55415f1a0c40",
"sha256:b0181c22fdb89cc19e70240a850e5480817c3e815b1eceb171b3d7a3aa3e596a",
"sha256:b03531f6cd6ce4b511dcece060ca20aa5412f8db449274b44f4003f282e6272f",
"sha256:b3b4bb89a785f4fd60e05f3c3a526c07d0d68e3536f17f169ca13bf5b5dd75a5",
"sha256:b7150e630b879390e02121e71ceb1807f682b88342e2ea2082e2c8716cf8bd93",
"sha256:b8f842df9ba26135c5414e93214e04fe0af259bb4f96a32f756f89467f7f3b45",
"sha256:ba3a86b0d5a5c93104cb899dff291e3ae13729c389725a876d00ef9696de5425",
"sha256:ba4d02aed47c25be6775a40d55c5774327fdedba79871b7c2485e80e45750cb2",
"sha256:bc2259243ee734cc736e237719037efb86603c891fd363cc7973a2d0ac8a0e3f",
"sha256:be5c8e776ecbcf8c1bce71a7d90e3a3680c9ceae516cac0be08b47e9fac0ca43",
"sha256:be5faa2d5c8c8294d770cfd09d119fb27b5589acc59635b0cf90f145dbe81dca",
"sha256:c53164f29ed3c3868787144e8ea8a399ffd7d8215f59500a20173593c19e96eb",
"sha256:c54f8d6160080831a76780d850302fdeb0e8d0806f661777b0714dfb55d9a08a",
"sha256:c74e77df9e36c8c91157853e6cd400f6f9ca7a803ba89981bfe3f3fc7e5651ef",
"sha256:c84dce8fb2e900d4fb094e76fdad34a5fd06de53e41bddc1502c146eb11abd74",
"sha256:ca3236f31d565555139d5b00b790ed2a98ac6f0c4470c4032f8b5e5a5dba3c1a",
"sha256:d2b339fb790fc923ae2e9345c8633e3d0064d37ea7920c027f20c8ae6f65a91f",
"sha256:d46df6f0b1a0cda39d12c5c4615a7d92f40342deb8001c7b434d7c8c78352e58",
"sha256:da12b4efc93d53068888cb3b58e355b31839f2428b8f13654bd25d68b201c240",
"sha256:dc7b630c4fb428b8a40ddd0bfc4bc19de11bb3c9b031154f77360e48fe8b4451",
"sha256:dd0f25a431cd16f70ec1c47c10b413e7ddfe1ccaaddd1a7abd181e507c012374",
"sha256:ddbea6e58cce1a640d9d65947f1e259423fc201c9cf9761782f355f53b7f3097",
"sha256:ddda5ba8831f258ac7e6364be03cb27aa62f50c67fd94bc1c3b6247959cc0369",
"sha256:df7dfbdef11702fd22c2eaf042d7098d17edbc62d73f2199386ad06cbe466f6d",
"sha256:e08784288a179b59115b5e57abf6d387528b39abb61105fe17510a199a277a40",
"sha256:e283b24c14361fe9e04026a1d06c924450415491b83089951d469509900d9f32",
"sha256:e4366e58c0508da4dee4c7c70cee657e38553d73abdffa53abbd7d743711ee11",
"sha256:e6cb8f7a332eaa2d876b649a748a445a38522e12f2168e5e838d1505a91cdbb7",
"sha256:e8359fb610c8c444ac473cfd82dae465f405ff807cabb98a9b9712bbd0028751",
"sha256:eaf5e308a5e50bc0548c4fdca0117a31ec9596f8cfc96592db170bcecc71a957",
"sha256:ed1fe80e1fcdd1205a443bddb1ad3c3135bb1cd3f36cc996a1f4aed35960fbe8",
"sha256:f1f164e4cc6bc646b1fc86664c3543bf4a941d45235797279b120dc740ee7af5",
"sha256:f2cb157e279d28c66b1c27e0948687dc31dc47d1ab10ce0cd292a8334b7de3d5",
"sha256:f354d62345acdf22aa3e171bd9723790324a66fafe61bfe3873b86724cf6daaa",
"sha256:f46f8033da364bacc74aca5e319509a20bb711c8a133680ca5f35020f9eaf025",
"sha256:f90c36ca95a44d2636bbf55a51ca30583b59b71b6547b88d954e029598043551",
"sha256:f9e27841cddfaebc4e3ffbe5dbdff42891051acf5befc9f5323944b2c61cef16",
"sha256:fadda215e32fe375d65e560b7f7e2a37c7f9c4ecee5315bb1225ca6ac9bf5838"
],
"markers": "python_version >= '3.6'",
"version": "==5.2.0"
},
"markdown": {
"hashes": [
"sha256:48f276f4d8cfb8ce6527c8f79e2ee29708508bf4d40aa410fbc3b4ee832c850f",
@@ -497,14 +369,14 @@
"markers": "python_version >= '3.7'",
"version": "==1.5.3"
},
"mkdocs-git-committers-plugin-2": {
"mkdocs-git-authors-plugin": {
"hashes": [
"sha256:0bb5d71cdd9d43fec0dec16e52a9aad2784256b0fa6ef9bb0cceffc36c081ab3",
"sha256:921da26b3f4393e6c170279ac34089151dfc22cd29ec4fbce3506218541685c8"
"sha256:0614f4f87d31eabd0a0d607c9e0532608fc593997ebee282ec564ee6dc1c041e",
"sha256:10dfc57fb10d5c3aceb0e5cdea199ac3a7588979f26484eba46d935dc1044c26"
],
"index": "pypi",
"markers": "python_version >= '3.8' and python_version < '4'",
"version": "==1.2.0"
"markers": "python_version >= '3.7'",
"version": "==0.8.0"
},
"mkdocs-git-revision-date-localized-plugin": {
"hashes": [
@@ -528,6 +400,7 @@
"extras": [
"imaging"
],
"markers": "python_version >= '3.8'",
"path": "./modules/mkdocs-material"
},
"mkdocs-material-extensions": {
@@ -562,77 +435,77 @@
},
"pillow": {
"hashes": [
"sha256:0304004f8067386b477d20a518b50f3fa658a28d44e4116970abfcd94fac34a8",
"sha256:0689b5a8c5288bc0504d9fcee48f61a6a586b9b98514d7d29b840143d6734f39",
"sha256:0eae2073305f451d8ecacb5474997c08569fb4eb4ac231ffa4ad7d342fdc25ac",
"sha256:0fb3e7fc88a14eacd303e90481ad983fd5b69c761e9e6ef94c983f91025da869",
"sha256:11fa2e5984b949b0dd6d7a94d967743d87c577ff0b83392f17cb3990d0d2fd6e",
"sha256:127cee571038f252a552760076407f9cff79761c3d436a12af6000cd182a9d04",
"sha256:154e939c5f0053a383de4fd3d3da48d9427a7e985f58af8e94d0b3c9fcfcf4f9",
"sha256:15587643b9e5eb26c48e49a7b33659790d28f190fc514a322d55da2fb5c2950e",
"sha256:170aeb00224ab3dc54230c797f8404507240dd868cf52066f66a41b33169bdbe",
"sha256:1b5e1b74d1bd1b78bc3477528919414874748dd363e6272efd5abf7654e68bef",
"sha256:1da3b2703afd040cf65ec97efea81cfba59cdbed9c11d8efc5ab09df9509fc56",
"sha256:1e23412b5c41e58cec602f1135c57dfcf15482013ce6e5f093a86db69646a5aa",
"sha256:2247178effb34a77c11c0e8ac355c7a741ceca0a732b27bf11e747bbc950722f",
"sha256:257d8788df5ca62c980314053197f4d46eefedf4e6175bc9412f14412ec4ea2f",
"sha256:3031709084b6e7852d00479fd1d310b07d0ba82765f973b543c8af5061cf990e",
"sha256:322209c642aabdd6207517e9739c704dc9f9db943015535783239022002f054a",
"sha256:322bdf3c9b556e9ffb18f93462e5f749d3444ce081290352c6070d014c93feb2",
"sha256:33870dc4653c5017bf4c8873e5488d8f8d5f8935e2f1fb9a2208c47cdd66efd2",
"sha256:35bb52c37f256f662abdfa49d2dfa6ce5d93281d323a9af377a120e89a9eafb5",
"sha256:3c31822339516fb3c82d03f30e22b1d038da87ef27b6a78c9549888f8ceda39a",
"sha256:3eedd52442c0a5ff4f887fab0c1c0bb164d8635b32c894bc1faf4c618dd89df2",
"sha256:3ff074fc97dd4e80543a3e91f69d58889baf2002b6be64347ea8cf5533188213",
"sha256:47c0995fc4e7f79b5cfcab1fc437ff2890b770440f7696a3ba065ee0fd496563",
"sha256:49d9ba1ed0ef3e061088cd1e7538a0759aab559e2e0a80a36f9fd9d8c0c21591",
"sha256:51f1a1bffc50e2e9492e87d8e09a17c5eea8409cda8d3f277eb6edc82813c17c",
"sha256:52a50aa3fb3acb9cf7213573ef55d31d6eca37f5709c69e6858fe3bc04a5c2a2",
"sha256:54f1852cd531aa981bc0965b7d609f5f6cc8ce8c41b1139f6ed6b3c54ab82bfb",
"sha256:609448742444d9290fd687940ac0b57fb35e6fd92bdb65386e08e99af60bf757",
"sha256:69ffdd6120a4737710a9eee73e1d2e37db89b620f702754b8f6e62594471dee0",
"sha256:6fad5ff2f13d69b7e74ce5b4ecd12cc0ec530fcee76356cac6742785ff71c452",
"sha256:7049e301399273a0136ff39b84c3678e314f2158f50f517bc50285fb5ec847ad",
"sha256:70c61d4c475835a19b3a5aa42492409878bbca7438554a1f89d20d58a7c75c01",
"sha256:716d30ed977be8b37d3ef185fecb9e5a1d62d110dfbdcd1e2a122ab46fddb03f",
"sha256:753cd8f2086b2b80180d9b3010dd4ed147efc167c90d3bf593fe2af21265e5a5",
"sha256:773efe0603db30c281521a7c0214cad7836c03b8ccff897beae9b47c0b657d61",
"sha256:7823bdd049099efa16e4246bdf15e5a13dbb18a51b68fa06d6c1d4d8b99a796e",
"sha256:7c8f97e8e7a9009bcacbe3766a36175056c12f9a44e6e6f2d5caad06dcfbf03b",
"sha256:823ef7a27cf86df6597fa0671066c1b596f69eba53efa3d1e1cb8b30f3533068",
"sha256:8373c6c251f7ef8bda6675dd6d2b3a0fcc31edf1201266b5cf608b62a37407f9",
"sha256:83b2021f2ade7d1ed556bc50a399127d7fb245e725aa0113ebd05cfe88aaf588",
"sha256:870ea1ada0899fd0b79643990809323b389d4d1d46c192f97342eeb6ee0b8483",
"sha256:8d12251f02d69d8310b046e82572ed486685c38f02176bd08baf216746eb947f",
"sha256:9c23f307202661071d94b5e384e1e1dc7dfb972a28a2310e4ee16103e66ddb67",
"sha256:9d189550615b4948f45252d7f005e53c2040cea1af5b60d6f79491a6e147eef7",
"sha256:a086c2af425c5f62a65e12fbf385f7c9fcb8f107d0849dba5839461a129cf311",
"sha256:a2b56ba36e05f973d450582fb015594aaa78834fefe8dfb8fcd79b93e64ba4c6",
"sha256:aebb6044806f2e16ecc07b2a2637ee1ef67a11840a66752751714a0d924adf72",
"sha256:b1b3020d90c2d8e1dae29cf3ce54f8094f7938460fb5ce8bc5c01450b01fbaf6",
"sha256:b4b6b1e20608493548b1f32bce8cca185bf0480983890403d3b8753e44077129",
"sha256:b6f491cdf80ae540738859d9766783e3b3c8e5bd37f5dfa0b76abdecc5081f13",
"sha256:b792a349405fbc0163190fde0dc7b3fef3c9268292586cf5645598b48e63dc67",
"sha256:b7c2286c23cd350b80d2fc9d424fc797575fb16f854b831d16fd47ceec078f2c",
"sha256:babf5acfede515f176833ed6028754cbcd0d206f7f614ea3447d67c33be12516",
"sha256:c365fd1703040de1ec284b176d6af5abe21b427cb3a5ff68e0759e1e313a5e7e",
"sha256:c4225f5220f46b2fde568c74fca27ae9771536c2e29d7c04f4fb62c83275ac4e",
"sha256:c570f24be1e468e3f0ce7ef56a89a60f0e05b30a3669a459e419c6eac2c35364",
"sha256:c6dafac9e0f2b3c78df97e79af707cdc5ef8e88208d686a4847bab8266870023",
"sha256:c8de2789052ed501dd829e9cae8d3dcce7acb4777ea4a479c14521c942d395b1",
"sha256:cb28c753fd5eb3dd859b4ee95de66cc62af91bcff5db5f2571d32a520baf1f04",
"sha256:cb4c38abeef13c61d6916f264d4845fab99d7b711be96c326b84df9e3e0ff62d",
"sha256:d1b35bcd6c5543b9cb547dee3150c93008f8dd0f1fef78fc0cd2b141c5baf58a",
"sha256:d8e6aeb9201e655354b3ad049cb77d19813ad4ece0df1249d3c793de3774f8c7",
"sha256:d8ecd059fdaf60c1963c58ceb8997b32e9dc1b911f5da5307aab614f1ce5c2fb",
"sha256:da2b52b37dad6d9ec64e653637a096905b258d2fc2b984c41ae7d08b938a67e4",
"sha256:e87f0b2c78157e12d7686b27d63c070fd65d994e8ddae6f328e0dcf4a0cd007e",
"sha256:edca80cbfb2b68d7b56930b84a0e45ae1694aeba0541f798e908a49d66b837f1",
"sha256:f379abd2f1e3dddb2b61bc67977a6b5a0a3f7485538bcc6f39ec76163891ee48",
"sha256:fe4c15f6c9285dc54ce6553a3ce908ed37c8f3825b5a51a15c91442bb955b868"
"sha256:048ad577748b9fa4a99a0548c64f2cb8d672d5bf2e643a739ac8faff1164238c",
"sha256:048eeade4c33fdf7e08da40ef402e748df113fd0b4584e32c4af74fe78baaeb2",
"sha256:0ba26351b137ca4e0db0342d5d00d2e355eb29372c05afd544ebf47c0956ffeb",
"sha256:0ea2a783a2bdf2a561808fe4a7a12e9aa3799b701ba305de596bc48b8bdfce9d",
"sha256:1530e8f3a4b965eb6a7785cf17a426c779333eb62c9a7d1bbcf3ffd5bf77a4aa",
"sha256:16563993329b79513f59142a6b02055e10514c1a8e86dca8b48a893e33cf91e3",
"sha256:19aeb96d43902f0a783946a0a87dbdad5c84c936025b8419da0a0cd7724356b1",
"sha256:1a1d1915db1a4fdb2754b9de292642a39a7fb28f1736699527bb649484fb966a",
"sha256:1b87bd9d81d179bd8ab871603bd80d8645729939f90b71e62914e816a76fc6bd",
"sha256:1dfc94946bc60ea375cc39cff0b8da6c7e5f8fcdc1d946beb8da5c216156ddd8",
"sha256:2034f6759a722da3a3dbd91a81148cf884e91d1b747992ca288ab88c1de15999",
"sha256:261ddb7ca91fcf71757979534fb4c128448b5b4c55cb6152d280312062f69599",
"sha256:2ed854e716a89b1afcedea551cd85f2eb2a807613752ab997b9974aaa0d56936",
"sha256:3102045a10945173d38336f6e71a8dc71bcaeed55c3123ad4af82c52807b9375",
"sha256:339894035d0ede518b16073bdc2feef4c991ee991a29774b33e515f1d308e08d",
"sha256:412444afb8c4c7a6cc11a47dade32982439925537e483be7c0ae0cf96c4f6a0b",
"sha256:4203efca580f0dd6f882ca211f923168548f7ba334c189e9eab1178ab840bf60",
"sha256:45ebc7b45406febf07fef35d856f0293a92e7417ae7933207e90bf9090b70572",
"sha256:4b5ec25d8b17217d635f8935dbc1b9aa5907962fae29dff220f2659487891cd3",
"sha256:4c8e73e99da7db1b4cad7f8d682cf6abad7844da39834c288fbfa394a47bbced",
"sha256:4e6f7d1c414191c1199f8996d3f2282b9ebea0945693fb67392c75a3a320941f",
"sha256:4eaa22f0d22b1a7e93ff0a596d57fdede2e550aecffb5a1ef1106aaece48e96b",
"sha256:50b8eae8f7334ec826d6eeffaeeb00e36b5e24aa0b9df322c247539714c6df19",
"sha256:50fd3f6b26e3441ae07b7c979309638b72abc1a25da31a81a7fbd9495713ef4f",
"sha256:51243f1ed5161b9945011a7360e997729776f6e5d7005ba0c6879267d4c5139d",
"sha256:5d512aafa1d32efa014fa041d38868fda85028e3f930a96f85d49c7d8ddc0383",
"sha256:5f77cf66e96ae734717d341c145c5949c63180842a545c47a0ce7ae52ca83795",
"sha256:6b02471b72526ab8a18c39cb7967b72d194ec53c1fd0a70b050565a0f366d355",
"sha256:6fb1b30043271ec92dc65f6d9f0b7a830c210b8a96423074b15c7bc999975f57",
"sha256:7161ec49ef0800947dc5570f86568a7bb36fa97dd09e9827dc02b718c5643f09",
"sha256:72d622d262e463dfb7595202d229f5f3ab4b852289a1cd09650362db23b9eb0b",
"sha256:74d28c17412d9caa1066f7a31df8403ec23d5268ba46cd0ad2c50fb82ae40462",
"sha256:78618cdbccaa74d3f88d0ad6cb8ac3007f1a6fa5c6f19af64b55ca170bfa1edf",
"sha256:793b4e24db2e8742ca6423d3fde8396db336698c55cd34b660663ee9e45ed37f",
"sha256:798232c92e7665fe82ac085f9d8e8ca98826f8e27859d9a96b41d519ecd2e49a",
"sha256:81d09caa7b27ef4e61cb7d8fbf1714f5aec1c6b6c5270ee53504981e6e9121ad",
"sha256:8ab74c06ffdab957d7670c2a5a6e1a70181cd10b727cd788c4dd9005b6a8acd9",
"sha256:8eb0908e954d093b02a543dc963984d6e99ad2b5e36503d8a0aaf040505f747d",
"sha256:90b9e29824800e90c84e4022dd5cc16eb2d9605ee13f05d47641eb183cd73d45",
"sha256:9797a6c8fe16f25749b371c02e2ade0efb51155e767a971c61734b1bf6293994",
"sha256:9d2455fbf44c914840c793e89aa82d0e1763a14253a000743719ae5946814b2d",
"sha256:9d3bea1c75f8c53ee4d505c3e67d8c158ad4df0d83170605b50b64025917f338",
"sha256:9e2ec1e921fd07c7cda7962bad283acc2f2a9ccc1b971ee4b216b75fad6f0463",
"sha256:9e91179a242bbc99be65e139e30690e081fe6cb91a8e77faf4c409653de39451",
"sha256:a0eaa93d054751ee9964afa21c06247779b90440ca41d184aeb5d410f20ff591",
"sha256:a2c405445c79c3f5a124573a051062300936b0281fee57637e706453e452746c",
"sha256:aa7e402ce11f0885305bfb6afb3434b3cd8f53b563ac065452d9d5654c7b86fd",
"sha256:aff76a55a8aa8364d25400a210a65ff59d0168e0b4285ba6bf2bd83cf675ba32",
"sha256:b09b86b27a064c9624d0a6c54da01c1beaf5b6cadfa609cf63789b1d08a797b9",
"sha256:b14f16f94cbc61215115b9b1236f9c18403c15dd3c52cf629072afa9d54c1cbf",
"sha256:b50811d664d392f02f7761621303eba9d1b056fb1868c8cdf4231279645c25f5",
"sha256:b7bc2176354defba3edc2b9a777744462da2f8e921fbaf61e52acb95bafa9828",
"sha256:c78e1b00a87ce43bb37642c0812315b411e856a905d58d597750eb79802aaaa3",
"sha256:c83341b89884e2b2e55886e8fbbf37c3fa5efd6c8907124aeb72f285ae5696e5",
"sha256:ca2870d5d10d8726a27396d3ca4cf7976cec0f3cb706debe88e3a5bd4610f7d2",
"sha256:ccce24b7ad89adb5a1e34a6ba96ac2530046763912806ad4c247356a8f33a67b",
"sha256:cd5e14fbf22a87321b24c88669aad3a51ec052eb145315b3da3b7e3cc105b9a2",
"sha256:ce49c67f4ea0609933d01c0731b34b8695a7a748d6c8d186f95e7d085d2fe475",
"sha256:d33891be6df59d93df4d846640f0e46f1a807339f09e79a8040bc887bdcd7ed3",
"sha256:d3b2348a78bc939b4fed6552abfd2e7988e0f81443ef3911a4b8498ca084f6eb",
"sha256:d886f5d353333b4771d21267c7ecc75b710f1a73d72d03ca06df49b09015a9ef",
"sha256:d93480005693d247f8346bc8ee28c72a2191bdf1f6b5db469c096c0c867ac015",
"sha256:dc1a390a82755a8c26c9964d457d4c9cbec5405896cba94cf51f36ea0d855002",
"sha256:dd78700f5788ae180b5ee8902c6aea5a5726bac7c364b202b4b3e3ba2d293170",
"sha256:e46f38133e5a060d46bd630faa4d9fa0202377495df1f068a8299fd78c84de84",
"sha256:e4b878386c4bf293578b48fc570b84ecfe477d3b77ba39a6e87150af77f40c57",
"sha256:f0d0591a0aeaefdaf9a5e545e7485f89910c977087e7de2b6c388aec32011e9f",
"sha256:fdcbb4068117dfd9ce0138d068ac512843c52295ed996ae6dd1faf537b6dbc27",
"sha256:ff61bfd9253c3915e6d41c651d5f962da23eda633cf02262990094a18a55371a"
],
"markers": "python_version >= '3.8'",
"version": "==10.2.0"
"version": "==10.3.0"
},
"platformdirs": {
"hashes": [
@@ -870,14 +743,6 @@
"markers": "python_version >= '3.7'",
"version": "==5.0.1"
},
"soupsieve": {
"hashes": [
"sha256:5663d5a7b3bfaeee0bc4372e7fc48f9cff4940b3eec54a6451cc5299f1097690",
"sha256:eaa337ff55a1579b6549dc679565eac1e3d000563bcb1c8ab0d0fefbc0c2cdc7"
],
"markers": "python_version >= '3.8'",
"version": "==2.5"
},
"termcolor": {
"hashes": [
"sha256:9297c0df9c99445c2412e832e882a7884038a25617c60cea2ad69488d4040d63",

52
README.md
View File

@@ -1,4 +1,4 @@
<!-- markdownlint-disable MD041 -->
<!-- markdownlint-disable MD041 MD045 -->
<div align="center">
<a href="https://www.privacyguides.org">
<picture>
@@ -50,22 +50,46 @@ The current list of team members can be found [here](https://www.privacyguides.o
- 💖 [Sponsor the project](https://github.com/sponsors/privacyguides)
- 🈴 [Help translate the site](https://crowdin.com/project/privacyguides) [[Matrix chat](https://matrix.to/#/#pg-i18n:aragon.sh)]
- 📝 Edit the site, everything's accessible in this repo
- Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
- View the list of [approved topics waiting for a PR](https://discuss.privacyguides.net/tag/approved)
- Read some writing tips in our [style guide](https://www.privacyguides.org/en/meta/writing-style)
- Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
- View the list of [approved topics waiting for a PR](https://discuss.privacyguides.net/tag/approved)
- Read some writing tips in our [style guide](https://www.privacyguides.org/en/meta/writing-style)
All contributors to the site are listed [here](https://github.com/privacyguides/privacyguides.org/graphs/contributors). If you make a substantial (i.e. copyright eligible) contribution to the project and would like to be formally credited, you are welcome to include your information in the appropriate `authors` section in [`CITATION.cff`](/CITATION.cff) as well, just submit a PR or ask @jonaharagon to make the change.
## Mirrors
- **GitHub Pages:** [privacyguides.github.io/privacyguides.org](https://privacyguides.github.io/privacyguides.org/en/)
- **Netlify (AWS):** [illustrious-bavarois-56cf30.netlify.app](https://illustrious-bavarois-56cf30.netlify.app/en/)
- **BunnyCDN:** [privacyguides-org-production.b-cdn.net](https://privacyguides-org-production.b-cdn.net/en/)
- **Hetzner:** [direct.privacyguides.org](https://direct.privacyguides.org/en/) (discouraged!)
### Alternative Networks
> [!NOTE]
> Most hidden service providers are not very extensively used or tested, [which is why we strongly recommend Tor](https://www.privacyguides.org/en/tor/). Using other networks could be more likely to endanger your anonymity, so make sure you know what you're doing.
- **Tor/onion:** [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion)
- **IPFS:** `/ipns/ipfs.privacyguides.org` (**not** anonymous)
- Please help us out by pinning a copy: [Learn more](https://github.com/privacyguides/webserver/blob/main/ipfs/README.md)
- via Cloudflare: [cloudflare-ipfs.com/ipns/ipfs.privacyguides.org](https://cloudflare-ipfs.com/ipns/ipfs.privacyguides.org/en/)
- via 4everland: [ipfs-privacyguides-org.ipns.4everland.io](https://ipfs-privacyguides-org.ipns.4everland.io/)
- via [@jonaharagon](https://github.com/jonaharagon): [ipfs.jonaharagon.net/ipns/ipfs.privacyguides.org](https://ipfs.jonaharagon.net/ipns/ipfs.privacyguides.org/en/)
- via [peer](https://docs.ipfs.tech/how-to/peering-with-content-providers/): `/dnsaddr/node-1.ipfs.jonaharagon.net/p2p/12D3KooWMwqzuApCKxYfo66zq5BrTjCoz9naJ1rrMEBCnwuGGqWB`
- **I2P:** [privacyguides.i2p](http://privacyguides.i2p/?i2paddresshelper=fvbkmooriuqgssrjvbxu7nrwms5zyhf34r3uuppoakwwsm7ysv6q.b32.i2p)
- **Yggdrasil:** [http://[200:f3a6:4922:e067:770d:ac57:fcb1:8dbf]](http://[200:f3a6:4922:e067:770d:ac57:fcb1:8dbf]/en/) (**not** anonymous)
- via public peer: `tcp://5.161.245.8:45454`
### Git Mirrors
[![GitHub](https://img.shields.io/static/v1?logo=github&label=&message=GitHub&color=000&style=for-the-badge)](https://github.com/privacyguides/privacyguides.org)
[![GitLab](https://img.shields.io/static/v1?logo=gitlab&label=&message=GitLab&color=000&style=for-the-badge)](https://gitlab.com/privacyguides/privacyguides.org)
[![Codeberg](https://img.shields.io/static/v1?logo=codeberg&label=&message=Codeberg&color=000&style=for-the-badge)](https://codeberg.org/privacyguides/privacyguides.org)
[![Gitea](https://img.shields.io/static/v1?logo=gitea&label=&message=Gitea&color=000&style=for-the-badge)](https://code.privacyguides.dev/privacyguides/privacyguides.org)
[![Forgejo](https://img.shields.io/static/v1?logo=forgejo&label=&message=Forgejo&color=000&style=for-the-badge)](https://git.jonaharagon.net/privacyguides/privacyguides.org)
**Hidden service (Tor/onion):** [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion)
## License
Copyright &copy; 2019 - 2024 [Privacy Guides contributors](https://github.com/privacyguides/privacyguides.org/graphs/contributors).
@@ -86,7 +110,14 @@ When you contribute to this repository you are doing so under the above licenses
Committing to this repository requires [signing your commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) (`git config commit.gpgsign true`) unless you are making edits via the GitHub.com text editor interface. As of August 2022 the preferred signing method is [SSH commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification), but GPG signing is also acceptable. You should add your signing key to your GitHub profile.
This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. Running this website locally without access to insiders is unsupported. If you are submitting a PR, please ensure the automatic preview generated for your PR looks correct, as that site will be built with the production insiders build.
### With `mkdocs-material`
1. Install required packages: `pip install mkdocs-material`
2. Run a local preview of the English site: `./run.sh --cmd=mkdocs`
### With `mkdocs-material-insiders`
This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository.
**Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
@@ -95,9 +126,9 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
3. Install Python **3.12**.
4. Install **pipenv**: `pip install pipenv`
5. Install dependencies: `pipenv install --dev` (install [Pillow and CairoSVG](https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#dependencies) as well to generate social cards)
6. Serve the site locally: `pipenv run mkdocs serve --config-file config/mkdocs.en.yml` (set `CARDS=true` to generate social cards)
6. Serve the site locally: `./run.sh --insiders` (set `CARDS=true` to generate social cards)
- The site will be available at `http://localhost:8000`
- You can build the site locally with `pipenv run mkdocs build --config-file config/mkdocs.en.yml`
- You can build the site locally with `./run.sh --insiders --build`
- This version of the site should be identical to the live, production version
If you commit to `main` with commits signed with your SSH key, you should add your SSH key to [`.allowed_signers`](/.allowed_signers) in this repo.
@@ -107,8 +138,7 @@ If you commit to `main` with commits signed with your SSH key, you should add yo
1. Install the [Crowdin CLI Tool](https://developer.crowdin.com/cli-tool) (`brew install crowdin`)
2. Set the `CROWDIN_PERSONAL_TOKEN` environment variable to your Crowdin personal access token
3. Run `crowdin download` in the root of this repo
4. Import the language's environment variables: `set -a; source includes/strings.fr.env; set +a` (replacing fr with the appropriate language)
5. Serve the site locally: `pipenv run mkdocs serve --config-file config/mkdocs.fr.yml` (replacing fr with the appropriate language in [/config](/config))
4. Serve the site locally: `./run.sh --insiders --lang=fr` (replacing fr with the appropriate language in [/config](/config))
Translations downloaded from Crowdin are [.gitignore](/.gitignore)'d, so any local changes to the translated site cannot be committed to this repo. Actual modifications need to be made on Crowdin. As an alternative to steps 1-3, you can copy the folders from [privacyguides/i18n](https://github.com/privacyguides/i18n) to the root of this repo to obtain the translated files.

1
config/.cache/plugin/social/fonts
View File

@@ -1 +0,0 @@
../../../../theme/assets/brand/fonts

289
config/mkdocs-common.yml
View File

@@ -1,289 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
docs_dir: '../docs'
site_url: "https://www.privacyguides.org/"
site_dir: '../site'
site_name: Privacy Guides
site_description: !ENV [SITE_DESCRIPTION, "Privacy Guides is your central privacy and security resource to protect yourself online."]
copyright: !ENV [FOOTER_COPYRIGHT, "&copy; 2019 Privacy Guides and contributors."]
edit_uri: edit/main/docs/
extra:
generator: false
context: !ENV [CONTEXT, "production"]
deploy: !ENV DEPLOY_ID
homepage_description: !ENV [DESCRIPTION_HOMEPAGE, "A socially motivated website which provides information about protecting your online data privacy and security."]
translation_notice: !ENV DESCRIPTION_TRANSLATION
translation_notice_cta: !ENV [DESCRIPTION_TRANSLATION_CTA, "Visit Crowdin"]
translation_notice_language: !ENV LANG_ENGLISH
social:
- icon: simple/mastodon
link: https://mastodon.neat.computer/@privacyguides
name: !ENV [SOCIAL_MASTODON, "Mastodon"]
- icon: simple/matrix
link: https://matrix.to/#/#privacyguides:matrix.org
name: !ENV [SOCIAL_MATRIX, "Matrix"]
- icon: simple/discourse
link: https://discuss.privacyguides.net/
name: !ENV [SOCIAL_FORUM, "Forum"]
- icon: simple/github
link: https://github.com/privacyguides
name: !ENV [SOCIAL_GITHUB, "GitHub"]
- icon: simple/torbrowser
link: http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/
name: !ENV [SOCIAL_TOR_SITE, "Hidden service"]
alternate:
- name: English
link: /en/
lang: en
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1fa-1f1f8.svg
- name: Español
link: /es/
lang: es
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ea-1f1f8.svg
- name: Français
link: /fr/
lang: fr
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1eb-1f1f7.svg
- name: עִברִית
link: /he/
lang: he
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ee-1f1f1.svg
- name: Italiano
link: /it/
lang: it
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ee-1f1f9.svg
- name: Nederlands
link: /nl/
lang: nl
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f3-1f1f1.svg
- name: 正體中文
link: /zh-hant/
lang: zh-Hant
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ed-1f1f0.svg
- name: русский
link: /ru/
lang: ru
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f7-1f1fa.svg
repo_url: https://github.com/privacyguides/privacyguides.org
repo_name: ""
edit_uri: edit/main/docs/
theme:
name: material
language: en
custom_dir: ../theme
logo: ../../theme/assets/brand/logos/svg/logo/privacy-guides-logo-notext-colorbg.svg
font:
text: Public Sans
code: DM Mono
palette:
- media: "(prefers-color-scheme)"
scheme: default
accent: deep purple
toggle:
icon: material/brightness-auto
name: !ENV [THEME_DARK, "Switch to dark mode"]
- media: "(prefers-color-scheme: dark)"
scheme: slate
accent: amber
toggle:
icon: material/brightness-2
name: !ENV [THEME_LIGHT, "Switch to light mode"]
- media: "(prefers-color-scheme: light)"
scheme: default
accent: deep purple
toggle:
icon: material/brightness-5
name: !ENV [THEME_AUTO, "Switch to system theme"]
favicon: assets/brand/logos/png/favicon-32x32.png
icon:
repo: simple/github
features:
- navigation.tracking
- navigation.tabs
- navigation.sections
- navigation.expand
- navigation.path
- navigation.indexes
- content.tabs.link
- content.tooltips
- search.highlight
extra_css:
- assets/stylesheets/extra.css?v=3.17.0
extra_javascript:
- assets/javascripts/mathjax.js
- assets/javascripts/randomize-element.js
watch:
- ../theme
- ../includes
- mkdocs-common.yml
plugins:
tags: {}
search: {}
macros: {}
meta: {}
git-committers:
enabled: !ENV [GITCOMMITTERS, PRODUCTION, NETLIFY, false]
repository: privacyguides/privacyguides.org
branch: main
git-revision-date-localized:
enabled: !ENV [GITREVISIONDATE, PRODUCTION, NETLIFY, false]
exclude:
- index.md
fallback_to_build_date: true
privacy:
assets_exclude:
- cdn.jsdelivr.net/npm/mathjax@3/*
optimize:
enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false]
typeset: {}
social:
cards: !ENV [CARDS, PRODUCTION, NETLIFY, true]
cards_dir: assets/img/social
cards_layout_dir: config/layouts
cards_layout: page
# cards_layout: pride
markdown_extensions:
admonition: {}
pymdownx.details: {}
pymdownx.superfences:
custom_fences:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format
pymdownx.tabbed:
alternate_style: true
pymdownx.arithmatex:
generic: true
pymdownx.critic: {}
pymdownx.caret: {}
pymdownx.keys: {}
pymdownx.mark: {}
pymdownx.tilde: {}
pymdownx.snippets:
auto_append:
- includes/abbreviations.en.txt
pymdownx.tasklist:
custom_checkbox: true
attr_list: {}
def_list: {}
md_in_html: {}
meta: {}
abbr: {}
pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
tables: {}
footnotes: {}
toc:
permalink: true
toc_depth: 4
nav:
- !ENV [NAV_HOME, 'Home']: 'index.md'
- !ENV [NAV_KNOWLEDGE_BASE, 'Knowledge Base']:
- 'basics/why-privacy-matters.md'
- 'basics/threat-modeling.md'
- 'basics/common-threats.md'
- 'basics/common-misconceptions.md'
- 'basics/account-creation.md'
- 'basics/account-deletion.md'
- !ENV [NAV_TECHNOLOGY_ESSENTIALS, 'Technology Essentials']:
- 'basics/passwords-overview.md'
- 'basics/multi-factor-authentication.md'
- 'basics/email-security.md'
- 'basics/vpn-overview.md'
- !ENV [NAV_ADVANCED_TOPICS, 'Advanced Topics']:
- 'advanced/dns-overview.md'
- 'advanced/tor-overview.md'
- 'advanced/payments.md'
- 'advanced/communication-network-types.md'
- !ENV [NAV_OPERATING_SYSTEMS, 'Operating Systems']:
- 'os/android-overview.md'
- 'os/ios-overview.md'
- 'os/linux-overview.md'
- 'os/macos-overview.md'
- 'os/qubes-overview.md'
- kb-archive.md
- !ENV [NAV_RECOMMENDATIONS, 'Recommendations']:
- 'tools.md'
- !ENV [NAV_INTERNET_BROWSING, 'Internet Browsing']:
- 'tor.md'
- 'desktop-browsers.md'
- 'mobile-browsers.md'
- !ENV [NAV_PROVIDERS, 'Providers']:
- 'cloud.md'
- 'dns.md'
- 'email-aliasing.md'
- 'email.md'
- 'financial-services.md'
- 'photo-management.md'
- 'search-engines.md'
- 'vpn.md'
- !ENV [NAV_SOFTWARE, 'Software']:
- 'calendar.md'
- 'cryptocurrency.md'
- 'data-redaction.md'
- 'email-clients.md'
- 'encryption.md'
- 'file-sharing.md'
- 'frontends.md'
- 'multi-factor-authentication.md'
- 'news-aggregators.md'
- 'notebooks.md'
- 'passwords.md'
- 'productivity.md'
- 'real-time-communication.md'
- !ENV [NAV_OPERATING_SYSTEMS, 'Operating Systems']:
- 'android.md'
- 'desktop.md'
- 'router.md'
- !ENV [NAV_ADVANCED, 'Advanced']:
- 'device-integrity.md'
- !ENV [NAV_ABOUT, 'About']:
- 'about/index.md'
- 'about/criteria.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- !ENV [NAV_COMMUNITY, 'Community']:
- 'about/donate.md'
- !ENV [NAV_ONLINE_SERVICES, 'Online Services']: 'about/services.md'
- !ENV [NAV_CODE_OF_CONDUCT, 'Code of Conduct']: 'CODE_OF_CONDUCT.md'
- 'about/privacytools.md'
- !ENV [NAV_CONTRIBUTING, 'Contributing']:
- !ENV [NAV_WRITING_GUIDE, 'Writing Guide']:
- 'meta/writing-style.md'
- 'meta/admonitions.md'
- 'meta/brand.md'
- 'meta/translations.md'
- !ENV [NAV_TECHNICAL_GUIDES, 'Technical Guides']:
- 'meta/uploading-images.md'
- 'meta/git-recommendations.md'
- !ENV [NAV_CHANGELOG, 'Changelog']: 'https://github.com/privacyguides/privacyguides.org/releases'
- !ENV [NAV_FORUM, 'Forum']: 'https://discuss.privacyguides.net/'
- !ENV [NAV_BLOG, 'Blog']: 'https://blog.privacyguides.org/'

48
config/mkdocs-offline.yml
View File

@@ -1,48 +0,0 @@
# Copyright (c) 2023-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
# Disable any GitHub integrations
repo_url: ""
extra:
# Disable language switcher
alternate: false
offline: true
theme:
# OFFLINE ONLY: this logo needs to be set separately because the relative path is different
logo: ../theme/assets/brand/logos/svg/logo/privacy-guides-logo-notext-colorbg.svg
features:
- navigation.tabs
- navigation.sections
- navigation.indexes
- content.tabs.link
- content.tooltips
- search.highlight
plugins:
offline:
enabled: true
social:
enabled: false
# Edit the offline-mode navbar in mkdocs-common.yml

27
config/mkdocs.en.yml
View File

@@ -1,27 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
site_url: "https://www.privacyguides.org/en/"
site_dir: '../site/en'
theme:
# ENGLISH ONLY: this logo needs to be set separately because the relative path is different
logo: ../theme/assets/brand/logos/svg/logo/privacy-guides-logo-notext-colorbg.svg

34
config/mkdocs.es.yml
View File

@@ -1,34 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/es'
site_url: "https://www.privacyguides.org/es/"
site_dir: '../site/es'
edit_uri: edit/main/i18n/es/
theme:
language: es
markdown_extensions:
pymdownx.snippets:
auto_append:
- includes/abbreviations.es.txt

34
config/mkdocs.fr.yml
View File

@@ -1,34 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/fr'
site_url: "https://www.privacyguides.org/fr/"
site_dir: '../site/fr'
edit_uri: edit/main/i18n/fr/
theme:
language: fr
markdown_extensions:
pymdownx.snippets:
auto_append:
- includes/abbreviations.fr.txt

41
config/mkdocs.he.yml
View File

@@ -1,41 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/he'
site_url: "https://www.privacyguides.org/he/"
site_dir: '../site/he'
edit_uri: edit/main/i18n/he/
extra_css:
- assets/stylesheets/extra.css?v=3.2.0
- assets/stylesheets/lang-he.css?v=3.4.0
theme:
language: he
font:
text: Open Sans
code: Cousine
markdown_extensions:
pymdownx.snippets:
auto_append:
- includes/abbreviations.he.txt

34
config/mkdocs.it.yml
View File

@@ -1,34 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/it'
site_url: "https://www.privacyguides.org/it/"
site_dir: '../site/it'
edit_uri: edit/main/i18n/it/
theme:
language: it
markdown_extensions:
pymdownx.snippets:
auto_append:
- includes/abbreviations.it.txt

34
config/mkdocs.nl.yml
View File

@@ -1,34 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/nl'
site_url: "https://www.privacyguides.org/nl/"
site_dir: '../site/nl'
edit_uri: edit/main/i18n/nl/
theme:
language: nl
markdown_extensions:
pymdownx.snippets:
auto_append:
- includes/abbreviations.nl.txt

38
config/mkdocs.ru.yml
View File

@@ -1,38 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/ru'
site_url: "https://www.privacyguides.org/ru/"
site_dir: '../site/ru'
edit_uri: edit/main/docs/
extra_css:
- assets/stylesheets/extra.css?v=3.2.0
- assets/stylesheets/lang-ru.css?v=3.13.0
theme:
language: ru
markdown_extensions:
pymdownx.snippets:
auto_append:
- includes/abbreviations.ru.txt

41
config/mkdocs.zh-Hant.yml
View File

@@ -1,41 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/zh-Hant'
site_url: "https://www.privacyguides.org/zh-Hant/"
site_dir: '../site/zh-Hant'
edit_uri: edit/main/i18n/zh-Hant/
extra_css:
- assets/stylesheets/extra.css?v=3.2.0
- assets/stylesheets/lang-zh-Hant.css?v=3.13.0
theme:
language: zh-Hant
font:
text: Noto Sans TC
code: Noto Sans TC
markdown_extensions:
pymdownx.snippets:
auto_append:
- includes/abbreviations.zh-Hant.txt

27
crowdin.yml
View File

@@ -18,25 +18,16 @@
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
#checkov:skip=CKV_SECRET_6:obviously a variable name and not a secret
api_token_env: CROWDIN_PERSONAL_TOKEN
project_id: "509862"
"preserve_hierarchy": true
files:
- source: "/docs/**/*.*"
translation: "/i18n/%two_letters_code%/**/%file_name%.%file_extension%"
skip_untranslated_files: false
- source: "/theme/overrides/*.en.html"
translation: "/theme/overrides/%file_name%.%two_letters_code%.html"
translation_replace:
"en.": ""
skip_untranslated_files: false
- source: "/includes/*.en.*"
translation: "/includes/%file_name%.%two_letters_code%.%file_extension%"
translation_replace:
"en.": ""
skip_untranslated_files: false
- source: "/static/i18n/*.en.*"
translation: "/static/i18n/%file_name%.%two_letters_code%.%file_extension%"
translation_replace:
"en.": ""
skip_untranslated_files: false
- source: "/docs/**/*.*"
translation: "/i18n/%two_letters_code%/**/%file_name%.%file_extension%"
skip_untranslated_files: false
- source: "/includes/*.en.*"
translation: "/includes/%file_name%.%two_letters_code%.%file_extension%"
translation_replace:
"en.": ""
skip_untranslated_files: false

8
docs/CODE_OF_CONDUCT.md
View File

@@ -12,11 +12,11 @@ What we expect from members of our communities:
1. **Do not spread misinformation**
We are creating an evidence-based educational community around information privacy and security, not an information home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive; explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
We are creating an evidence-based educational community around information privacy and security, not an information home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
2. **Do not abuse our willingness to help**
Our community members are not free tech support. We are happy to help with specific steps for individual's, privacy journey, if they are willing to put in effort. We are not obligated to answer endless, repetitive questions, about general computer problems solvable with a simple internet search. **Do not** become a [help vampire](https://slash7.com/2006/12/22/vampires).
Our community members are not free tech support. We are happy to help with specific steps for your privacy journey, if you are willing to put in effort. We are not obligated to answer endless, repetitive questions about general computer problems solvable with a simple internet search. **Do not** become a [help vampire](https://slash7.com/2006/12/22/vampires).
3. **Behave in a positive and constructive manner**
@@ -25,7 +25,7 @@ What we expect from members of our communities:
- Being respectful of differing opinions, viewpoints, and experiences.
- Demonstrating empathy and kindness toward others.
- Focusing on what is best not just for us as overseers, but for the overall community.
- Giving and gracefully accepting constructive feedback within' our community while growing and improving.
- Giving and gracefully accepting constructive feedback within our community while growing and improving.
- Operating with a communal mindset at all times.
## Unacceptable Behavior
@@ -34,7 +34,7 @@ The following behaviors are considered harassment and are unacceptable within ou
- Any other conduct which would reasonably be considered inappropriate in a professional setting.
- Public and/or private harassment of any kind.
- Publishing others' private information, such as a physical address and/or email address, without a persons explicit permission.
- Publishing others' private information, such as a physical address and/or an email address, without their explicit permission.
- The use of sexualized language or imagery, and sexual attention or advances of any kind.
- Trolling, insulting and/or derogatory comments, including personal or political attacks.

25
docs/about/criteria.md
View File

@@ -2,30 +2,19 @@
title: General Criteria
---
<div class="admonition example" markdown>
<p class="admonition-title">Work in Progress</p>
Below are some general priorities we consider for all submissions to Privacy Guides. Each category will have additional requirements for inclusion.
The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24)
</div>
Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion.
- **Security**: Tools should follow security best-practices wherever applicable.
- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
- **Cross-Platform Availability**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in.
- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases.
- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required.
- **Documentation**: Tools should have clear and extensive documentation for use.
## Financial Disclosure
We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors.
## General Guidelines
We apply these priorities when considering new recommendations:
- **Secure**: Tools should follow security best-practices wherever applicable.
- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
- **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in.
- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases.
- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required.
- **Documented**: Tools should have clear and extensive documentation for use.
## Developer Self-Submissions
We have these requirements in regard to developers which wish to submit their project or software for consideration.

12
docs/about/index.md
View File

@@ -48,12 +48,12 @@ So far in 2023 we've launched international translations of our website in [Fren
<!-- markdownlint-disable MD030 -->
<div class="grid cards" markdown>
<!-- Every team member should have a unique emoji.
Team member cards should include ONLY the following links:
- Discourse Profile
- ONE Link of team member's choice
- Email if applicable
This is to keep it fair and not spammy, especially as we grow.
<!-- Every team member should have a unique emoji.
Team member cards should include ONLY the following links:
- Discourse Profile
- ONE Link of team member's choice
- Email if applicable
This is to keep it fair and not spammy, especially as we grow.
-->
- :robot:{ .lg .middle } **@jonah**

7
docs/about/notices.md
View File

@@ -24,10 +24,9 @@ Unless otherwise noted, all **content** on this website is made available under
This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive:
* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/theme/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt).
* The [Bagnard](https://github.com/privacyguides/brand/tree/main/WOFF/bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/bagnard/LICENSE.txt).
* The [Public Sans](https://github.com/privacyguides/brand/tree/main/WOFF/public_sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/main/WOFF/public_sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/main/WOFF/dm_mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/dm_mono/LICENSE.txt).
* The [Bagnard](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Bagnard/LICENSE.txt).
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo.

9
docs/about/privacy-policy.md
View File

@@ -7,13 +7,18 @@ Privacy Guides is a community project operated by a number of active volunteer c
The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website:
- No personal information is collected
- No information such as cookies are stored in the browser
- No personal information is stored
- No information is shared with, sent to or sold to third-parties
- No information is shared with advertising companies
- No information is mined and harvested for personal and behavioral trends
- No information is monetized
You can view the data we collect on our [statistics](statistics.md) page.
We run a self-hosted installation of [Umami](https://umami.is) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only, and no personal data is stored.
The only data which is collected is data sent in a standard web request, which includes referral sources, the page you're visiting, your user agent, your IP address, and your screen resolution. The raw data is immediately discarded after statistics have been generated, for example if we collect your screen resolution as `1125x2436`, the only data we retain is "mobile device" and not your specific resolution.
## Data We Collect From Account Holders
If you register for an account on one of our services, we may collect any information you provide us (such as your email, password, profile information, etc.) and use that information to provide you with the service. We never share or sell this data.

12
docs/about/privacytools.md
View File

@@ -1,8 +1,6 @@
---
title: "PrivacyTools FAQ"
---
# Why we moved on from PrivacyTools
In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools founder and controller of the domain name had disappeared for an extended period of time and could not be contacted.
Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition.
@@ -49,11 +47,11 @@ Reddit requires that subreddits have active moderators. If the primary moderator
On September 14th, 2021, we [announced](https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides) the beginning of our migration to this new domain:
> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to `www.privacyguides.org`, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org).
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
- Posting announcements to our subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
@@ -64,7 +62,7 @@ Things appeared to be going smoothly, and most of our active community made the
Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://reddit.com/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project.
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
@@ -84,7 +82,7 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. Its not a task for dilettantes or commitment-challenged people. It cant thrive under a gardener who abandons it for several years, then shows up demanding this years harvest as their tribute. Its unfair to the team formed years ago. Its unfair to you. [...]
> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It's not a task for dilettantes or commitment-challenged people. It cant thrive under a gardener who abandons it for several years, then shows up demanding this years harvest as their tribute. It's unfair to the team formed years ago. Its unfair to you. [...]
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
@@ -100,7 +98,7 @@ Our fundraising platform, OpenCollective, is another source of contention. Our p
Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer:
> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net.
> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing `jonah@triplebit.net`.
## Further Reading

6
docs/about/services.md
View File

@@ -13,14 +13,14 @@ We run a number of web services to test out features and promote cool decentrali
## Gitea
- Domain: [code.privacyguides.dev](https://code.privacyguides.dev)
- Availability: Invite-Only
- Availability: Invite-Only
Access may be granted upon request to any team working on *Privacy Guides*-related development or content.
- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea)
## Matrix
- Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org)
- Availability: Invite-Only
- Availability: Invite-Only
Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence.
- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)
@@ -33,6 +33,6 @@ Access may be granted upon request to Privacy Guides team members, Matrix modera
## Invidious
- Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net)
- Availability: Semi-Public
- Availability: Semi-Public
We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)

14
docs/about/statistics.md Normal file
View File

@@ -0,0 +1,14 @@
---
title: Traffic Statistics
---
<!-- markdownlint-disable MD051 -->
We self-host [Umami](https://umami.is) to create a nice visualization of our traffic statistics, which are public at the link below. With this process:
- Your information is never shared with a third-party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is required
Because of these facts, keep in mind our statistics may be inaccurate. It is a useful tool to compare different dates with each other and analyze overall trends, but the actual numbers may be far off from reality. They're *precise* statistics, but not *accurate* statistics.
[View Statistics](https://stats.privacyguides.net/share/nVWjyd2QfgOPBhMF/www.privacyguides.org){ .md-button .md-button--primary }
[Opt-Out](#__consent){ .md-button }

4
docs/advanced/dns-overview.md
View File

@@ -354,8 +354,8 @@ dig +nocmd @9.9.9.11 -t txt o-o.myaddr.l.google.com +nocomments +noall +answer +
If the results include a second edns0-client-subnet TXT record (like shown below), then your DNS server is passing along EDNS information. The IP or network shown after is the precise information which was shared with Google by your DNS provider.
```text
o-o.myaddr.l.google.com. 60 IN TXT "198.51.100.32"
o-o.myaddr.l.google.com. 60 IN TXT "edns0-client-subnet 198.51.100.0/24"
o-o.myaddr.l.google.com. 60 IN TXT "198.51.100.32"
o-o.myaddr.l.google.com. 60 IN TXT "edns0-client-subnet 198.51.100.0/24"
;; Query time: 64 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Wed Mar 13 10:23:08 CDT 2024

14
docs/advanced/tor-overview.md
View File

@@ -4,11 +4,21 @@ icon: 'simple/torproject'
description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible.
---
Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications.
![Tor logo](../assets/img/self-contained-networks/tor.svg){ align=right }
[**Tor**](../alternative-networks.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
Tor works by routing your internet traffic through volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
[:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/core/tor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
## Safely Connecting to Tor
Before connecting to [Tor](../tor.md), you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.

107
docs/alternative-networks.md Normal file
View File

@@ -0,0 +1,107 @@
---
title: "Alternative Networks"
icon: material/vector-polygon
description: These tools allow you to access networks other than the World Wide Web.
cover: alternative-networks.webp
---
## Anonymizing Networks
When it comes to anonymizing networks, we want to specially note that [Tor](advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your anonymity, unless you know what you're doing.
### Tor
<div class="admonition recommendation" markdown>
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
[:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/core/tor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
</div>
The recommended way to access the Tor network is via the official Tor Browser, which we have covered in more detail on a dedicated page:
[Tor Browser Info :material-arrow-right-drop-circle:](tor.md){ .md-button .md-button--primary } [Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md){ .md-button }
<div class="admonition example" markdown>
<p class="admonition-title">Try it out!</p>
You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion).
</div>
#### Snowflake
<div class="admonition recommendation" markdown>
![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
[:octicons-home-16: Homepage](https://snowflake.torproject.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
</details>
</div>
You can enable Snowflake in your browser by opening it in another tab and turning the switch on. You can leave it running in the background while you browse to contribute your connection. We don't recommend installing Snowflake as a browser extension, because adding third-party extensions can increase your attack surface.
[Run Snowflake in your Browser :material-arrow-right-drop-circle:](https://snowflake.torproject.org/embed.html){ .md-button }
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
<div class="admonition recommendation" markdown>
![I2P logo](assets/img/self-contained-networks/i2p.svg#only-light){ align=right }
![I2P logo](assets/img/self-contained-networks/i2p-dark.svg#only-dark){ align=right }
**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
[:octicons-code-16:](https://github.com/i2p/i2p.i2p){ .card-link title="Source Code" }
[:octicons-heart-16:](https://geti2p.net/en/get-involved){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
- [:simple-android: Android](https://geti2p.net/en/download#android)
- [:simple-windows11: Windows](https://geti2p.net/en/download#windows)
- [:simple-apple: macOS](https://geti2p.net/en/download#mac)
- [:simple-linux: Linux](https://geti2p.net/en/download#unix)
</details>
</div>
Unlike Tor, all I2P traffic is internal to the I2P network, which means regular internet websites are **not** directly accessible from I2P. Instead, you can connect to websites which are hosted anonymously and directly on the I2P network, which are called "eepsites" and have domains which end in `.i2p`.
<div class="admonition example" markdown>
<p class="admonition-title">Try it out!</p>
You can try connecting to *Privacy Guides* via I2P at [privacyguides.i2p](http://privacyguides.i2p/?i2paddresshelper=fvbkmooriuqgssrjvbxu7nrwms5zyhf34r3uuppoakwwsm7ysv6q.b32.i2p).
</div>
Also unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users, there's no "crowd" to blend in with in that regard.
Tor is likely to be more resistant to censorship, due to their robust network of bridges and varying [pluggable transports](https://tb-manual.torproject.org/circumvention), but on the other hand I2P uses directory servers for the initial connection which are varying/untrusted and run by volunteers, compared to the hard-coded/trusted ones Tor uses which are likely easier to block.

22
docs/android.md
View File

@@ -123,7 +123,7 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos){ .md-button }
@@ -202,7 +202,18 @@ A few more tips for purchasing a Google Pixel:
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
- Consider price beating options and specials offered at physical stores.
- Look at online community bargain sites in your country. These can alert you to good sales.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as:
<math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;">
<mfrac>
<mtext>Cost</mtext>
<mrow>
<mtext>End of Life Date</mtext>
<mo></mo>
<mtext>Current Date</mtext>
</mrow>
</mfrac>
</math>
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
## General Apps
@@ -270,7 +281,7 @@ Main privacy features include:
Metadata is not currently deleted from video files but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser).
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
</div>
@@ -311,6 +322,7 @@ The image orientation metadata is not deleted. If you enable location (in Secure
**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
@@ -352,7 +364,7 @@ The Google Play Store requires a Google account to login which is not great for
</div>
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
### Manually with RSS Notifications
@@ -418,7 +430,7 @@ That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](http
<div class="admonition note" markdown>
<p class="admonition-title">F-Droid Basic</p>
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic can do unattended updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
</div>

2
docs/basics/account-creation.md
View File

@@ -46,7 +46,7 @@ If you don't want to give your real email address to a service, you have the opt
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
[Recommended email aliasing services](../email.md#email-aliasing-services){ .md-button }
[Recommended email aliasing services](../email-aliasing.md){ .md-button }
### "Sign in with..." (OAuth)

4
docs/basics/account-deletion.md
View File

@@ -39,13 +39,13 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
### Overwriting Account information
In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information.
For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email-aliasing.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
### Delete

18
docs/basics/common-misconceptions.md
View File

@@ -42,7 +42,7 @@ schema:
These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis.
Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1]
Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as <span class="pg-viridian">:material-package-variant-closed-remove: Supply Chain Attacks</span>, which are discussed further in our [Common Threats](common-threats.md) page.[^1]
On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering.
@@ -77,21 +77,21 @@ One of the clearest threat models is one where people *know who you are* and one
1. **Known identity** - A known identity is used for things where you must declare your name. There are many legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, customs declarations when importing items, or otherwise dealing with your government. These things will usually lead to credentials such as credit cards, credit rating checks, account numbers, and possibly physical addresses.
We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
</div>
</div>
2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc.
You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://getmonero.org). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://getmonero.org). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly.
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://www.cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.

28
docs/basics/common-threats.md
View File

@@ -9,13 +9,14 @@ Broadly speaking, we categorize our recommendations into the [threats](threat-mo
- <span class="pg-purple">:material-incognito: Anonymity</span> - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically.
- <span class="pg-red">:material-target-account: Targeted Attacks</span> - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically.
- <span class="pg-orange">:material-bug-outline: Passive Attacks</span> - Being protected from things like malware, data breaches, and other attacks that are made against many people at once.
- <span class="pg-viridian">:material-package-variant-closed-remove: Supply Chain Attacks</span> - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
- <span class="pg-teal">:material-server-network: Service Providers</span> - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server).
- <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> - Protection from government agencies, organizations, websites, and services which work together to track your activities.
- <span class="pg-brown">:material-account-cash: Surveillance Capitalism</span> - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors.
- <span class="pg-green">:material-account-search: Public Exposure</span> - Limiting the information about you that is accessible online—to search engines or the general public.
- <span class="pg-blue-gray">:material-close-outline: Censorship</span> - Avoiding censored access to information or being censored yourself when speaking online.
Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with <span class="pg-red">:material-target-account: Targeted Attacks</span>, but they probably still want to protect their personal data from being swept up in <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> programs. Similarly, many people may be primarily concerned with <span class="pg-green">:material-account-search: Public Exposure</span> of their personal data, but they should still be wary of security-focused issues, such as <span class="pg-orange">:material-bug-outline: Passive Attacks</span>—like malware affecting their devices.
Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with <span class="pg-viridian">:material-package-variant-closed-remove: Supply Chain Attacks</span> and <span class="pg-red">:material-target-account: Targeted Attacks</span>. They will likely still want to protect their personal data from being swept up in <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> programs. Similarly, many people may be primarily concerned with <span class="pg-green">:material-account-search: Public Exposure</span> of their personal data, but they should still be wary of security-focused issues, such as <span class="pg-orange">:material-bug-outline: Passive Attacks</span>—like malware affecting their devices.
## Anonymity vs. Privacy
@@ -57,6 +58,31 @@ By design, **web browsers**, **email clients**, and **office applications** typi
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user.
<span class="pg-viridian">:material-package-variant-closed-remove: Supply Chain Attacks</span>
Supply chain attacks are frequently a form of <span class="pg-red">:material-target-account: Targeted Attack</span> towards businesses, governments, and activists, although they can end up compromising the public at large as well.
<div class="admonition example" markdown>
<p class="admonition-title">Example</p>
A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network.
</div>
There are few ways in which this type of attack might be carried out:
1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
2. A developer may be coerced by an outside party to add malicious code.
3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
## Privacy From Service Providers
<span class="pg-teal">:material-server-network: Service Providers</span>

2
docs/basics/multi-factor-authentication.md
View File

@@ -158,7 +158,7 @@ Qubes OS has support for Challenge-Response authentication with YubiKeys. If you
SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH) on how to set this up.
#### Time-based One-time Password (TOTP)
#### TOTP
SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.

57
docs/basics/passwords-overview.md
View File

@@ -82,11 +82,62 @@ We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_l
To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as $\text{log}_2(\text{WordsInList})$ and the overall entropy of the passphrase is calculated as $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as <math>
<mrow>
<msub>
<mtext>log</mtext>
<mn>2</mn>
</msub>
<mo form="prefix" stretchy="false">(</mo>
<mtext>WordsInList</mtext>
<mo form="postfix" stretchy="false">)</mo>
</mrow>
</math> and the overall entropy of the passphrase is calculated as: <math>
<mrow>
<msub>
<mtext>log</mtext>
<mn>2</mn>
</msub>
<mo form="prefix" stretchy="false">(</mo>
<msup>
<mtext>WordsInList</mtext>
<mtext>WordsInPhrase</mtext>
</msup>
<mo form="postfix" stretchy="false">)</mo>
</mrow>
</math>
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy ($\text{log}_2(7776)$), and a seven word passphrase derived from it has ~90.47 bits of entropy ($\text{log}_2(7776^7)$).
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (<math>
<mrow>
<msub>
<mtext>log</mtext>
<mn>2</mn>
</msub>
<mo form="prefix" stretchy="false">(</mo>
<mn>7776</mn>
<mo form="postfix" stretchy="false">)</mo>
</mrow>
</math>), and a seven word passphrase derived from it has ~90.47 bits of entropy (<math>
<mrow>
<msub>
<mtext>log</mtext>
<mn>2</mn>
</msub>
<mo form="prefix" stretchy="false">(</mo>
<msup>
<mn>7776</mn>
<mn>7</mn>
</msup>
<mo form="postfix" stretchy="false">)</mo>
</mrow>
</math>).
The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is $\text{WordsInList}^\text{WordsInPhrase}$, or in our case, $7776^7$.
The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is <math>
<msup>
<mtext>WordsInList</mtext>
<mtext>WordsInPhrase</mtext>
</msup>
</math>, or in our case, <math><msup><mn>7776</mn><mn>7</mn></msup></math>.
Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.

3
docs/basics/why-privacy-matters.md
View File

@@ -10,16 +10,19 @@ Privacy is ultimately about human information, and this is important because we
Many people get the concepts of **privacy**, **security**, and **anonymity** confused. You'll see people criticize various products as "not private" when really they mean it doesn't provide anonymity, for example. On this website, we cover all three of these topics, but it is important you understand the difference between them, and when each one comes into play.
<!-- markdownlint-disable-next-line -->
**Privacy**
: ==Privacy is the assurance that your data is only seen by the parties you intend to view it.== In the context of an instant messenger, for example, end-to-end encryption provides privacy by keeping your message visible only to yourself and the recipient.
<!-- markdownlint-disable-next-line -->
**Security**
: Security is the ability to trust the applications you use—that the parties involved are who they say they are—and keep those applications safe. In the context of browsing the web, for example, security can be provided by HTTPS certificates.
: Certificates prove you are talking directly to the website you're visiting, and keep attackers on your network from reading or modifying the data sent to or from the website.
<!-- markdownlint-disable-next-line -->
**Anonymity**
: Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../tor.md), which allows you to browse the internet with a random IP address and network connection instead of your own.

115
docs/browser-extensions.md Normal file
View File

@@ -0,0 +1,115 @@
---
title: Browser Extensions
icon: material/puzzle-outline
description: These browser extensions can enhance your browsing experience and protect your privacy.
cover: browser-extensions.webp
---
In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface. They have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
However, some provide functionality which can outweigh these downsides in certain situations, particularly when it comes to [content blocking](basics/common-threats.md#mass-surveillance-programs).
Don't install extensions which you don't immediately have a need for, or ones that duplicate the functionality of your browser. For example, [Brave](desktop-browsers.md#brave) users don't need to install uBlock Origin, because Brave Shields already provides the same functionality.
## Content Blockers
### uBlock Origin
<div class="admonition recommendation" markdown>
![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right }
**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
</details>
</div>
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding:
- [x] Check **Privacy** > **AdGuard URL Tracking Protection**
- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt)
### uBlock Origin Lite
uBlock Origin also has a "Lite" version of their extension, which offers a very limited feature-set compared to the original extension. However, it has a few distinct advantages over its full-fledged sibling, so you may want to consider it if...
- ...you don't want to grant full "read/modify website data" permissions to any extensions (even a trusted one like uBlock Origin)
- ...you want a more resource (memory/CPU) efficient content blocker[^1]
- ...your browser only supports Manifest V3 extensions
<div class="admonition recommendation" markdown>
![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ align=right }
**uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function.
[:octicons-repo-16: Repository](https://github.com/uBlockOrigin/uBOL-home#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/uBlockOrigin/uBOL-home/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/uBlockOrigin/uBOL-home/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock/tree/master/platform/mv3){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/addon/ublock-origin-lite)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
</details>
</div>
We only recommend this version of uBlock Origin if you never want to make any changes to your filter lists, because it only supports a few pre-selected lists and offers no additional customization options, including the ability to select elements to block manually. These restrictions are due to limitations in Manifest V3's design.
This version offers three levels of blocking: "Basic" works without requiring any special privileges to view and modify site content, while the "Optimal" and "Complete" levels do require that broad permission, but offer a better filtering experience with additional cosmetic rules and scriptlet injections.
If you set the default filtering mode to "Optimal" or "Complete" the extension will request read/modify access to **all** websites you visit. However, you also have the option to change the setting to "Optimal" or "Complete" on a **per-site** basis by adjusting the slider in the extension's pop-up panel on any given site. When you do so, the extension will request read/modify access to that site only. Therefore, if you want to take advantage of uBlock Origin Lite's "permission-less" configuration, you should probably leave the default setting as "Basic" and only adjust it higher on sites where that level is not adequate.
uBlock Origin Lite only receives block list updates whenever the extension is updated from your browser's extension marketplace, as opposed to on demand. This means that you may miss out on new threats being blocked for weeks until a full extension release is published.
### AdGuard
We recommend [Safari](mobile-browsers.md#safari) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
<div class="admonition recommendation" markdown>
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/app/id1047223162)
</details>
</div>
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
## Criteria
- Must not replicate built-in browser or OS functionality.
- Must directly impact user privacy, i.e. must not simply provide information.
[^1]: uBlock Origin Lite *itself* will consume no resources, because it uses newer APIs which make the browser process the filter lists natively, instead of running JavaScript code within the extension to handle the filtering. However, this resource advantage is only [theoretical](https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#is-ubol-more-efficient-cpu--and-memory-wise-than-ubo), because it's possible that standard uBlock Origin's filtering code is more efficient than your browser's native filtering code. This has not yet been benchmarked.

6
docs/calendar.md
View File

@@ -18,7 +18,7 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
[:octicons-home-16: Homepage](https://tuta.com/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tuta.com/faq){ .card-link title=Documentation}
[:octicons-info-16:](https://tuta.com/support){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tuta.com/community){ .card-link title=Contribute }
@@ -43,11 +43,11 @@ Multiple calendars and extended sharing functionality is limited to paid subscri
![Proton](assets/img/calendar/proton-calendar.svg){ align=right }
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier gain access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation}
[:octicons-info-16:](https://proton.me/support/calendar){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
<details class="downloads" markdown>

35
docs/cloud.md
View File

@@ -45,7 +45,7 @@ The Proton Drive web application has been independently audited by Securitum in
> Auditors identified two low-severity vulnerabilities. Additionally, five general recommendations were reported. At the same time, we confirm that no important security issues were identified during the pentest.
Proton Drive's brand new mobile clients have not yet been publicly audited by a third-party.
Proton Drive's brand new mobile clients have not yet been publicly audited by a third party.
## Tresorit
@@ -86,6 +86,39 @@ Tresorit has received a number of independent security audits:
They have also received the Digital Trust Label, a certification from the [Swiss Digital Initiative](https://www.efd.admin.ch/efd/en/home/digitalisierung/swiss-digital-initiative.html) which requires passing [35 criteria](https://digitaltrust-label.swiss/criteria) related to security, privacy, and reliability.
## Peergos
<div class="admonition recommendation" markdown>
![Peergos logo](assets/img/cloud/peergos.svg){ align=right }
**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. It is built on top of [IPFS (InterPlanetary File System)](https://ipfs.tech).
[:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://book.peergos.org){ .card-link title="Documentation" }
[:octicons-code-16:](https://github.com/Peergos/Peergos){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:octicons-globe-16: Web](https://peergos.net)
- [:simple-windows11: Windows](https://github.com/Peergos/web-ui/releases)
- [:simple-apple: macOS](https://github.com/Peergos/web-ui/releases)
- [:simple-linux: Linux](https://github.com/Peergos/web-ui/releases)
</details>
</div>
Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server negating the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
Peergos was [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in September 2019, and all found issues were subsequently fixed.
Also, the Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

114
docs/desktop-browsers.md
View File

@@ -94,7 +94,7 @@ Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprintin
Note that while you can use Mullvad Browser with any VPN provider, other people on that VPN must also be using Mullvad Browser for this "crowd" to exist, something which is more likely on Mullvad VPN compared to other providers, particularly this close to the launch of Mullvad Browser. Mullvad Browser does not have built-in VPN connectivity, nor does it check whether you are using a VPN before browsing; your VPN connection has to be configured and managed separately.
Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically [don't recommend](#extensions) adding *additional* browser extensions, these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically discourage adding *additional* [browser extensions](browser-extensions.md), these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
### Private Browsing Mode
@@ -104,7 +104,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly (which is why it is limited to paying subscribers), however because of this limitation it is possible for Mullvad to correlate search queries and Mullvad VPN accounts. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -116,7 +116,7 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-
[:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mozilla.org/privacy/firefox){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://firefox-source-docs.mozilla.org){ .card-link title=Documentation}
[:octicons-info-16:](https://support.mozilla.org/products/firefox){ .card-link title=Documentation}
[:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.mozilla.org){ .card-link title=Contribute }
@@ -135,22 +135,29 @@ Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases).
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
</div>
### Recommended Configuration
### Recommended Firefox Configuration
These options can be found in :material-menu: → **Settings**
#### Search
- [ ] Uncheck **Provide search suggestions**
- [ ] Uncheck **Show search suggestions**
Search suggestion features may not be available in your region.
Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider.
##### Firefox Suggest (US only)
[Firefox Suggest](https://support.mozilla.org/kb/firefox-suggest) is a feature similar to search suggestions which is only available in the US. We recommend disabling it for the same reason we recommend disabling search suggestions. If you don't see these options under the **Address Bar** header, you do not have the new experience and can ignore these changes.
- [ ] Uncheck **Suggestions from Firefox**
- [ ] Uncheck **Suggestions from sponsors**
#### Privacy & Security
##### Enhanced Tracking Protection
@@ -159,13 +166,6 @@ Search suggestions send everything you type in the address bar to the default se
This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from *all* fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability.
##### Firefox Suggest (US only)
[Firefox Suggest](https://support.mozilla.org/kb/firefox-suggest) is a feature similar to search suggestions which is only available in the US. We recommend disabling it for the same reason we recommend disabling search suggestions. If you don't see these options under the **Address Bar** header, you do not have the new experience and can ignore these changes.
- [ ] Uncheck **Suggestions from the web**
- [ ] Uncheck **Suggestions from sponsors**
##### Sanitize on Close
If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data****Manage Exceptions...**
@@ -182,7 +182,7 @@ This protects you from persistent cookies, but does not protect you against cook
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
Additionally, the Firefox Accounts service collects [some technical data](https://mozilla.org/privacy/firefox/#firefox-accounts). If you use a Firefox Account you can opt-out:
Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -256,7 +256,7 @@ Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave%
</div>
### Recommended Configuration
### Recommended Brave Configuration
These options can be found in :material-menu: → **Settings**.
@@ -288,7 +288,7 @@ Brave allows you to select additional content filters within the internal `brave
</div>
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net) extension.
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode).
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar.
##### Privacy and security
@@ -339,7 +339,7 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
1. This option is not present on all platforms.
#### Sync
#### Brave Sync
[Brave Sync](https://support.brave.com/hc/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.
@@ -351,76 +351,6 @@ Brave's Web3 features can potentially add to your browser fingerprint and attack
## Additional Resources
In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. However, uBlock Origin may prove useful if you value content blocking functionality.
### uBlock Origin
<div class="admonition recommendation" markdown>
![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right }
**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
</details>
</div>
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding:
- [x] Check **Privacy** > **AdGuard URL Tracking Protection**
- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt)
### uBlock Origin Lite
uBlock Origin also has a "Lite" version of their extension, which offers a very limited feature-set compared to the original extension. However, it has a few distinct advantages over its full-fledged sibling, so you may want to consider it if...
- ...you don't want to grant full "read/modify website data" permissions to any extensions (even a trusted one like uBlock Origin)
- ...you want a more resource (memory/CPU) efficient content blocker[^1]
- ...your browser only supports Manifest V3 extensions
<div class="admonition recommendation" markdown>
![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ align=right }
**uBlock Origin Lite** is a Manifest V3 compatible content blocker. Compared to the original *uBlock Origin*, this extension does not require broad "read/modify data" permissions to function.
[:octicons-repo-16: Repository](https://github.com/uBlockOrigin/uBOL-home#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/uBlockOrigin/uBOL-home/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock/tree/master/platform/mv3){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/addon/ublock-origin-lite)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
</details>
</div>
We only recommend this version of uBlock Origin if you never want to make any changes to your filter lists, because it only supports a few pre-selected lists and offers no additional customization options, including the ability to select elements to block manually. These restrictions are due to limitations in Manifest V3's design.
This version offers three levels of blocking: "Basic" works without requiring any special privileges to view and modify site content, while the "Optimal" and "Complete" levels do require that broad permission, but offer a better filtering experience with additional cosmetic rules and scriptlet injections.
If you set the default filtering mode to "Optimal" or "Complete" the extension will request read/modify access to **all** websites you visit. However, you also have the option to change the setting to "Optimal" or "Complete" on a **per-site** basis by adjusting the slider in the extension's pop-up panel on any given site. When you do so, the extension will request read/modify access to that site only. Therefore, if you want to take advantage of uBlock Origin Lite's "permission-less" configuration, you should probably leave the default setting as "Basic" and only adjust it higher on sites where that level is not adequate.
uBlock Origin Lite only receives block list updates whenever the extension is updated from your browser's extension marketplace, as opposed to on demand. This means that you may miss out on new threats being blocked for weeks until a full extension release is published.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -433,7 +363,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
- Available on Linux, macOS, and Windows.
- Any changes required to make the browser more privacy-respecting should not negatively impact user experience.
- Blocks third-party cookies by default.
- Supports [state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^2]
- Supports [state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1]
### Best-Case
@@ -448,10 +378,4 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Provides open-source sync server implementation.
- Defaults to a [private search engine](search-engines.md).
### Extension Criteria
- Must not replicate built-in browser or OS functionality.
- Must directly impact user privacy, i.e. must not simply provide information.
[^1]: uBlock Origin Lite *itself* will consume no resources, because it uses newer APIs which make the browser process the filter lists natively, instead of running JavaScript code within the extension to handle the filtering. However, this resource advantage is only [theoretical](https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-asked-questions-(FAQ)#is-ubol-more-efficient-cpu--and-memory-wise-than-ubo), because it's possible that standard uBlock Origin's filtering code is more efficient than your browser's native filtering code. This has not yet been benchmarked.
[^2]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state).
[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state).

3
docs/desktop.md
View File

@@ -83,6 +83,7 @@ A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org)
**Fedora Atomic Desktops** are variants of Fedora which use the `rpm-ostree` package manager and have a strong focus on containerized workflows and Flatpak for desktop applications. All of these variants follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
[:octicons-home-16: Homepage](https://fedoraproject.org/atomic-desktops){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/emerging){ .card-link title=Documentation}
[:octicons-heart-16:](https://whatcanidoforfedora.org){ .card-link title=Contribute }
</details>
@@ -175,7 +176,7 @@ Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) t
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
Tails includes [uBlock Origin](desktop-browsers.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
Tails includes [uBlock Origin](browser-extensions.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.net/doc/persistent_storage/index.en.html) can be configured to store some data between reboots.

2
docs/device-integrity.md
View File

@@ -206,7 +206,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner)
- [:simple-fdroid: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner)
</details>

39
docs/dns.md
View File

@@ -15,20 +15,21 @@ Encrypted DNS with third-party servers should only be used to get around basic [
These are our favorite public DNS resolvers based on their privacy and security characteristics, and their worldwide performance. Some of these services offer basic DNS-level blocking of malware or trackers depending on the server you choose, but if you want to be able to see and customize what is blocked you should use a dedicated DNS filtering product instead.
| DNS Provider | Privacy Policy | Protocols | Logging | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile |
|---|---|---|---|---|---|---|
| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext DoH/3 DoT DoQ DNSCrypt | Some[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard.com/en/blog/encrypted-dns-ios-14.html) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver) | Cleartext DoH/3 DoT | Some[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
| [**Control D Free DNS**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext DoH/3 DoT DoQ | Optional[^3] | No | Based on server choice. | Yes [:octicons-link-external-24:](https://docs.controld.com/docs/macos-platform) |
| [**dns0.eu**](https://dns0.eu) | [:octicons-link-external-24:](https://dns0.eu/privacy) | Cleartext DoH/3 DoH DoT DoQ | No | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://www.dns0.eu/zero.dns0.eu.mobileconfig) |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy) | DoH DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://mullvad.net/en/blog/profiles-to-configure-our-encrypted-dns-on-apple-devices) |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy) | Cleartext DoH DoT DNSCrypt | Some[^5] | Optional | Based on server choice, malware blocking by default. | Yes [:octicons-link-external-24:](https://quad9.net/news/blog/ios-mobile-provisioning-profiles) |
| DNS Provider | Protocols | Logging / Privacy Policy | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile |
|---|---|---|---|---|---|
| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext DoH/3 DoT DoQ DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard.com/en/blog/encrypted-dns-ios-14.html) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext DoH/3 DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
| [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext DoH/3 DoT DoQ | No[^3] | No | Based on server choice. | Yes [:octicons-link-external-24:](https://docs.controld.com/docs/macos-platform) |
| [**dns0.eu**](https://dns0.eu) | Cleartext DoH/3 DoH DoT DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH DoT | No[^5] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://mullvad.net/en/blog/profiles-to-configure-our-encrypted-dns-on-apple-devices) |
| [**Quad9**](https://quad9.net) | Cleartext DoH DoT DNSCrypt | Anonymized[^6] | Optional | Based on server choice, malware blocking by default. | Yes [:octicons-link-external-24:](https://quad9.net/news/blog/ios-mobile-provisioning-profiles) |
[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver)
[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy)
[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy)
[^5]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://quad9.net/privacy/policy](https://quad9.net/privacy/policy)
[^4]: dns0.eu collects some data for their threat intelligence feeds, to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some [partners](https://docs.dns0.eu/data-feeds/introduction) for e.g. security research. They do not collect any Personally Identifiable Information. [https://dns0.eu/privacy](https://dns0.eu/privacy)
[^5]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy)
[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://quad9.net/privacy/policy](https://quad9.net/privacy/policy)
## Self-Hosted DNS Filtering
@@ -172,10 +173,6 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
<div class="admonition warning" markdown>
<p class="admonition-title">The anonymized DNS feature does <a href="advanced/dns-overview.md#why-shouldnt-i0-use-encrypted-dns"><strong>not</strong></a> anonymize other network traffic.</p>
</div>
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
@@ -192,13 +189,25 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
The anonymized DNS feature does [not](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic.
</div>
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
All DNS products must support:
- [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
- Anonymize [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) or disable it by default.
Additionally, all public providers:
- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support.
- Must not log any personal data to disk
- As noted in our footnotes, some providers collect query information for example, for purposes like security research, but in that case that data must not be associated with any PII such as IP address, etc.

12
docs/email-aliasing.md
View File

@@ -8,8 +8,8 @@ An email aliasing service allows you to easily generate a new email address for
<div class="grid cards" markdown>
- ![addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji } [addy.io](email.md#addyio)
- ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
- ![addy.io logo](assets/img/email-aliasing/addy.svg){ .twemoji } [addy.io](email-aliasing.md#addyio)
- ![SimpleLogin logo](assets/img/email-aliasing/simplelogin.svg){ .twemoji } [SimpleLogin](email-aliasing.md#simplelogin)
</div>
@@ -24,7 +24,7 @@ They also have a number of benefits over "temporary email" services:
- Aliases are permanent and can be turned on again if you need to receive something like a password reset.
- Emails are sent to your trusted mailbox rather than stored by the alias provider.
- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you.
- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, while aliases are private to you.
Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.
@@ -40,7 +40,7 @@ Using an aliasing service requires trusting both your email provider and your al
[:octicons-home-16: Homepage](https://addy.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://addy.io/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://app.addy.io/docs){ .card-link title=Documentation}
[:octicons-info-16:](https://addy.io/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://addy.io/donate){ .card-link title=Contribute }
@@ -56,7 +56,7 @@ Using an aliasing service requires trusting both your email provider and your al
</div>
The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can create unlimited standard aliases (which end in a domain like @[username].addy.io or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit) addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can create unlimited standard aliases which end in a domain like @[username].addy.io or a custom domain on paid plans. However, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit) addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
Notable free features:
@@ -88,7 +88,7 @@ Notable free features:
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/simplelogin)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
- [:simple-safari: Safari](https://apps.apple.com/app/id1494051017)
- [:simple-safari: Safari](https://apps.apple.com/app/id6475835429)
</details>

6
docs/email-clients.md
View File

@@ -9,7 +9,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
<details class="warning" markdown>
<summary>Email does not provide forward secrecy</summary>
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email.
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](basics/email-security.md#email-metadata-overview) that is not encrypted in the header of the email.
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](basics/email-security.md) Consider using a medium that provides forward secrecy:
@@ -61,7 +61,7 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
#### Thunderbird-user.js (advanced)
[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js), is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce surface area and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js).
[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js) is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js).
## Platform Specific
@@ -93,7 +93,7 @@ Apple Mail has the ability to load remote content in the background or block it
[:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://canarymail.zendesk.com){ .card-link title=Documentation}
[:octicons-info-16:](https://canarymail.io/help){ .card-link title=Documentation}
<details class="downloads" markdown>
<summary>Downloads</summary>

33
docs/email.md
View File

@@ -5,6 +5,7 @@ icon: material/email
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
cover: email.webp
---
<!-- markdownlint-disable MD024 -->
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
[Recommended Instant Messengers](real-time-communication.md){ .md-button }
@@ -45,7 +46,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
![Proton Mail logo](assets/img/email/protonmail.svg){ align=right }
**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with up to 1GB storage with the free plan.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -70,9 +71,9 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
If you have the Proton Unlimited, Business, Family, or Visionary Plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
Proton Mail has internal crash reports that are **not** shared with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
#### :material-check:{ .pg-green } Custom Domains and Aliases
@@ -100,7 +101,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } Account Termination
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. Proton will [delete inactive free accounts](https://proton.me/support/inactive-accounts) after one year. You **cannot** reuse the email address on a deactivated account.
#### :material-information-outline:{ .pg-blue } Additional Functionality
@@ -114,7 +115,7 @@ Proton Mail doesn't offer a digital legacy feature.
![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right }
**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.
**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -135,7 +136,7 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
@@ -155,7 +156,7 @@ Mailbox.org also supports the discovery of public keys via HTTP from their [Web
#### :material-information-outline:{ .pg-blue } Account Termination
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
Your account will be set to a restricted user account when your contract ends. It will be irrevocably deleted after [30 days](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
#### :material-information-outline:{ .pg-blue } Additional Functionality
@@ -181,11 +182,11 @@ These providers store your emails with zero-knowledge encryption, making them gr
![Tuta logo](assets/img/email/tuta.svg){ align=right }
**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan.
**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Accounts start with up to 1GB storage with the free plan.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tuta.com/faq){ .card-link title=Documentation}
[:octicons-info-16:](https://tuta.com/support){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tuta.com/community){ .card-link title=Contribute }
@@ -204,11 +205,11 @@ These providers store your emails with zero-knowledge encryption, making them gr
</div>
Tuta doesn't support the [IMAP protocol](https://tuta.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
Tuta doesn't support the [IMAP protocol](https://tuta.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and unlimited aliases on [custom domains](https://tuta.com/faq#custom-domain). Tuta doesn't allow for [sub-addressing (plus addresses)](https://tuta.com/faq#plus), but you can use a [catch-all](https://tuta.com/howto#settings-global) with a custom domain.
Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and unlimited aliases on [custom domains](https://tuta.com/support#custom-domain). Tuta doesn't allow for [sub-addressing (plus addresses)](https://tuta.com/support#plus), but you can use a [catch-all](https://tuta.com/support#settings-global) with a custom domain.
#### :material-information-outline:{ .pg-blue } Private Payment Methods
@@ -216,11 +217,11 @@ Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cry
#### :material-check:{ .pg-green } Account Security
Tuta supports [two factor authentication](https://tuta.com/faq#2fa) with either TOTP or U2F.
Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
Tuta has [zero access encryption at rest](https://tuta.com/faq#what-encrypted) for your emails, [address book contacts](https://tuta.com/faq#encrypted-address-book), and [calendars](https://tuta.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
Tuta has [zero access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -228,14 +229,12 @@ Tuta [does not use OpenPGP](https://tuta.com/support/#pgp). Tuta accounts can on
#### :material-information-outline:{ .pg-blue } Account Termination
Tuta will [delete inactive free accounts](https://tuta.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
Tuta will [delete inactive free accounts](https://tuta.com/support#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
#### :material-information-outline:{ .pg-blue } Additional Functionality
Tuta offers the business version of [Tuta to non-profit organizations](https://tuta.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
Tuta also has a business feature called [Secure Connect](https://tuta.com/secure-connect). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
Tuta doesn't offer a digital legacy feature.
## Self-Hosting Email
@@ -276,7 +275,7 @@ For a more manual approach we've picked out these two articles:
## Criteria
**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an email provider, and conduct your own research to ensure the email provider you choose is the right choice for you.
### Technology

34
docs/encryption.md
View File

@@ -126,28 +126,32 @@ BitLocker is [only supported](https://support.microsoft.com/windows/turn-on-devi
To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
```powershell
powershell Get-Disk
```
```powershell
powershell Get-Disk
```
2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
```powershell
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
```
```powershell
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
```
3. Access [Advanced Startup Options](https://support.microsoft.com/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
4. Login with your admin account and type this in the command prompt to start encryption:
```powershell
manage-bde -on c: -used
```
```powershell
manage-bde -on c: -used
```
5. Close the command prompt and continue booting to regular Windows.
6. Open an admin command prompt and run the following commands:
```powershell
manage-bde c: -protectors -add -rp -tpm
manage-bde -protectors -enable c:
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
```
```powershell
manage-bde c: -protectors -add -rp -tpm
manage-bde -protectors -enable c:
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
```
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
@@ -255,7 +259,7 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
![Tomb logo](assets/img/encryption-software/tomb.png){ align=right }
**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://dyne.org/software/tomb/#advanced-usage).
[:octicons-home-16: Homepage](https://dyne.org/software/tomb){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}

3
docs/file-sharing.md
View File

@@ -14,7 +14,7 @@ Discover how to privately share your files between your devices, with your frien
![Send logo](assets/img/file-sharing-sync/send.svg){ align=right }
**Send** is a fork of Mozillas discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
**Send** is a fork of Mozilla's discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee). You can use other public instances, or you can host Send yourself.
[:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
@@ -144,6 +144,7 @@ We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_e
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

3
docs/financial-services.md
View File

@@ -45,7 +45,7 @@ Privacy.com gives information about the merchants you purchase from to your bank
![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right }
![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right }
**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use.
**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email-aliasing.md) for extensive email aliasing use.
[:octicons-home-16: Homepage](https://mysudo.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonyome.com/privacy-policy){ .card-link title="Privacy Policy" }
@@ -84,6 +84,7 @@ These services allow you to purchase gift cards for a variety of merchants onlin
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

51
docs/frontends.md
View File

@@ -11,6 +11,38 @@ If you choose to self-host these frontends, it is important that you have other
When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance. They can be modified by their owners and therefore may not reflect the default policy. Some instances have [Tor](tor.md) .onion addresses which may grant some privacy as long as your search queries don't contain PII.
## Reddit
### Redlib
<div class="admonition recommendation" markdown>
![Redlib logo](assets/img/frontends/redlib.svg){ align=right }
**Redlib** is an open-source frontend to the [Reddit](https://www.reddit.com) website that is also self-hostable.
There are a number of public instances, with some instances having [Tor](tor.md) onion services support.
[:octicons-repo-16: Repository](https://github.com/redlib-org/redlib){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/redlib-org/redlib-instances/blob/main/instances.md){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/redlib-org/redlib?tab=readme-ov-file#table-of-contents){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/redlib-org/redlib){ .card-link title="Source Code" }
</div>
<div class="admonition note" markdown>
<p class="admonition-title">Note</p>
The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](tor.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
</div>
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level.
</div>
## TikTok
### ProxiTok
@@ -122,10 +154,11 @@ By default, Yattee blocks all YouTube advertisements. In addition, Yattee option
LibreTube allows you to store your subscription list and playlists locally on your Android device, or to an account on your Piped instance of choice, which allows you to access them seamlessly on other devices as well.
[:octicons-home-16: Homepage](https://libre-tube.github.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/libre-tube/LibreTube#privacy-policy-and-disclaimer){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/libre-tube/LibreTube#readme){ .card-link title=Documentation}
[:octicons-home-16: Homepage](https://libretube.dev){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/libre-tube/LibreTube/blob/master/PRIVACY_POLICY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://libretube.dev/#faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/libre-tube/LibreTube#donate){ .card-link title=Contribute }
<details class="downloads" markdown>
<summary>Downloads</summary>
@@ -143,7 +176,7 @@ When using LibreTube, your IP address will be visible to the [Piped](https://git
</div>
By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
### NewPipe (Android)
@@ -157,7 +190,7 @@ Your subscription list and playlists are saved locally on your Android device.
[:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://teamnewpipe.github.io/documentation){ .card-link title=Documentation}
[:octicons-info-16:](https://newpipe.net/FAQ){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
[:octicons-heart-16:](https://newpipe.net/donate){ .card-link title=Contribute }
@@ -225,8 +258,8 @@ Invidious is useful if you want to disable JavaScript in your browser, such as [
Piped requires JavaScript in order to function and there are a number of public instances.
[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
[:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
[:octicons-info-16:](https://piped-docs.kavin.rocks){ .card-link title=Documentation}
[:octicons-server-16:](https://github.com/TeamPiped/Piped/wiki/Instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://docs.piped.video/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
@@ -251,6 +284,8 @@ Recommended frontends...
- Must be self-hostable.
- Must provide all basic website functionality available to anonymous users.
We only consider frontends for websites which are...
We only consider frontends if one of the following is true for a platform:
- Normally only accessible with JavaScript enabled.
- Normally only accessible with an account.
- Blocks access from commercial [VPNs](vpn.md).

18
docs/index.md
View File

@@ -1,6 +1,6 @@
---
meta_title: "Privacy Guides: Your Independent Privacy and Security Resource"
template: overrides/home.en.html
template: home.html
social:
cards_layout: home
hide:
@@ -36,7 +36,7 @@ schema:
urlTemplate: "https://www.privacyguides.org/?q={search_term_string}"
query-input: required name=search_term_string
---
<!-- markdownlint-disable-next-line -->
<!-- markdownlint-disable -->
## Why should I care?
##### “I have nothing to hide. Why should I care about my privacy?”
@@ -56,17 +56,3 @@ Trying to protect all your data from everyone all the time is impractical, expen
==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan.
[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md){ class="md-button md-button--primary" }
---
## We need you! Here's how to get involved:
[:simple-discourse:](https://discuss.privacyguides.net){ title="Join our Forum" }
[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" }
[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" }
[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" }
[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" }
[:material-information-outline:](about/index.md){ title="Learn more about us" }
[:material-hand-coin-outline:](about/donate.md){ title="Support the project" }
It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.

2
docs/kb-archive.md
View File

@@ -3,8 +3,6 @@ title: KB Archive
icon: material/archive
description: Some pages that used to be in our knowledge base can now be found on our blog.
---
# Pages Moved to Blog
Some pages that used to be in our knowledge base can now be found on our blog:
- [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos)

2
docs/meta/brand.md
View File

@@ -19,4 +19,4 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand](
"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at `jonah@privacyguides.org`. Consult your legal counsel if you have questions.

23
docs/meta/git-recommendations.md
View File

@@ -8,15 +8,18 @@ If you make changes to this website on GitHub.com's web editor directly, you sho
You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo):
```
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global tag.gpgSign true
```
```bash
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global tag.gpgSign true
```
2. Set your SSH key for signing in Git with the following command, substituting `/PATH/TO/.SSH/KEY.PUB` with the path to the public key you'd like to use, e.g. `/home/user/.ssh/id_ed25519.pub`:
```
git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
```
```bash
git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
```
Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).
@@ -26,7 +29,7 @@ Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHu
You can set this to be the default behavior:
```
```bash
git config --global pull.rebase true
```
@@ -34,7 +37,7 @@ git config --global pull.rebase true
If you are working on your own branch, run these commands before submitting a PR:
```
```bash
git fetch origin
git rebase origin/main
```

86
docs/mobile-browsers.md
View File

@@ -40,8 +40,6 @@ These are our currently recommended mobile web browsers and configurations for s
## Android
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
### Brave
<div class="admonition recommendation" markdown>
@@ -68,7 +66,7 @@ Brave is built upon the Chromium web browser project, so it should feel familiar
</div>
#### Recommended Configuration
#### Recommended Brave Configuration
Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another.
@@ -130,6 +128,45 @@ Brave allows you to select additional content filters within the internal `brave
[Brave Sync](https://support.brave.com/hc/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.
### Mull
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
Firefox (Gecko)-based browsers on Android [lack per-site process isolation](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196), a powerful security feature that offers additional protection against a malicious website exploiting a security vulnerability. Missing this feature likely won't pose an issue for low-risk web browsers who keep their browser up-to-date, but those visiting higher-risk sites or at risk of targeted/0-day attacks should strongly consider a Chromium-based browser like [Brave](#brave) instead.
</div>
<div class="admonition recommendation" markdown>
![Mull logo](assets/img/browsers/mull.svg){ align=right }
**Mull** is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references.
[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#mull){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://divestos.org/pages/browsers#tuningFenix){ .card-link title=Documentation }
[:octicons-code-16:](https://codeberg.org/divested-mobile/mull-fenix){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-fdroid: F-Droid](https://f-droid.org/en/packages/us.spotco.fennec_dos)
</details>
</div>
Enable DivestOS's [F-Droid Repo](https://divestos.org/fdroid/official) to receive updates directly from the developer. Downloading Mull from the default F-Droid repo will mean your updates could be delayed by a few days or longer.
Mull enables many features upstreamed by the [Tor uplift project](https://wiki.mozilla.org/Security/Tor_Uplift) using preferences from [Arkenfox](desktop-browsers.md#arkenfox-advanced). Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.
#### Recommended Mull Configuration
We would suggest installing [uBlock Origin](browser-extensions.md#ublock-origin) as a content blocker if you want to block trackers within Mull.
Mull comes with privacy protecting settings configured by default. You might consider configuring the **Delete browsing data on quit** options in Mull's settings if you want to close all your open tabs when quitting the app automatically, or clear other data such as browsing history and cookies automatically.
## iOS
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
@@ -150,9 +187,11 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
</div>
#### Recommended Configuration
#### Recommended Safari Configuration
These options can be found in :gear: **Settings****Safari**
We would suggest installing [AdGuard](browser-extensions.md#adguard) as a content blocker if you want to block trackers within Safari.
The following privacy/security-related options can be found in the :gear: **Settings** app → **Safari**
##### Profiles
@@ -208,32 +247,6 @@ You can enable E2EE for your Safari bookmarks and downloads by enabling [Advance
If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings****Safari****General****Downloads**.
### AdGuard
<div class="admonition recommendation" markdown>
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/app/id1047223162)
</details>
</div>
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
@@ -241,13 +254,6 @@ Additional filter lists do slow things down and may increase your attack surface
### Minimum Requirements
- Must support automatic updates.
- Must receive engine updates in 0-1 days from upstream release.
- Must receive engine updates from upstream releases quickly.
- Must support content blocking.
- Any changes required to make the browser more privacy-respecting should not negatively impact user experience.
- Android browsers must use the Chromium engine.
- Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android.
- iOS browsers are limited to WebKit.
### Extension Criteria
- Must not replicate built-in browser or OS functionality.
- Must directly impact user privacy, i.e. must not simply provide information.

1
docs/multi-factor-authentication.md
View File

@@ -151,6 +151,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

2
docs/os/ios-overview.md
View File

@@ -39,7 +39,7 @@ You can also protect your data by limiting what you sync to iCloud in the first
#### iCloud+
A paid **iCloud+** subscription (with any iCloud storage plan) comes with some privacy-protecting functionality. While these may provide adequate service for current iCloud customers, we wouldn't recommend purchasing an iCloud+ plan over a [VPN](../vpn.md) and [standalone email aliasing service](../email.md#email-aliasing-services) just for these features alone.
A paid **iCloud+** subscription (with any iCloud storage plan) comes with some privacy-protecting functionality. While these may provide adequate service for current iCloud customers, we wouldn't recommend purchasing an iCloud+ plan over a [VPN](../vpn.md) and [standalone email aliasing service](../email-aliasing.md) just for these features alone.
**Private Relay** is a proxy service which relays your Safari traffic through two servers: one owned by Apple and one owned by a third-party provider (including Akamai, Cloudflare, and Fastly). In theory this should prevent any single provider in the chain—including Apple—from having full visibility into which websites you visit while connected. Unlike a full VPN, Private Relay does not protect traffic from your apps outside of Safari.

71
docs/passwords.md
View File

@@ -46,6 +46,20 @@ schema:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Proton Pass
image: /assets/img/password-management/protonpass.svg
url: https://proton.me/pass
applicationCategory: Password Manager
operatingSystem:
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
@@ -140,7 +154,7 @@ These password managers sync your passwords to a cloud server for easy accessibi
![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right }
**Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.
**Bitwarden** is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.
[:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" }
@@ -159,6 +173,7 @@ These password managers sync your passwords to a cloud server for easy accessibi
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
- [:simple-safari: Safari](https://apps.apple.com/us/app/bitwarden/id1352778147)
</details>
@@ -177,13 +192,51 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute }
### Proton Pass
<div class="admonition recommendation" markdown>
![Proton Pass logo](assets/img/password-management/protonpass.svg){ align=right }
Proton Pass is an open-source, end-to-end encrypted password manager developed by Proton, the team behind [Proton Mail](email.md#proton-mail). It securely stores your login credentials, generates unique email aliases, supports and stores passkeys, and offers a community-funded, Swiss-based service with strict data privacy laws.
[:octicons-home-16: Homepage](https://proton.me/pass){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/pass/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/pass){ .card-link title="Documentation"}
[:octicons-code-16:](https://github.com/protonpass){ .card-link title="Source Code" }
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=proton.android.pass)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/proton-pass-password-manager/id6443490629)
- [:simple-windows11: Windows](https://proton.me/pass/download)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/proton-pass)
- [:simple-googlechrome: Chrome](https://chromewebstore.google.com/detail/proton-pass-free-password/ghmbeldphafepmbegfdlkpapadhbakde)
- [:simple-microsoftedge: Edge](https://chromewebstore.google.com/detail/proton-pass-free-password/ghmbeldphafepmbegfdlkpapadhbakde)
- [:octicons-globe-16: Web](https://pass.proton.me)
</details>
</div>
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
Proton Pass currently doesn't have any "master password" functionality, which means that your vault is protected with the password for your Proton account and any of their supported [two factor authentication](basics/multi-factor-authentication.md) methods.
The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
All issues were addressed and fixed shortly after the [report](https://res.cloudinary.com/dbulfrlrz/images/v1707561557/wp-pme/Cure53-proton-pass-20230717/Cure53-proton-pass-20230717.pdf).
### 1Password
<div class="admonition recommendation" markdown>
![1Password logo](assets/img/password-management/1password.svg){ align=right }
**1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up). 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
**1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up). 1Password is [audited](https://support.1password.com/security-assessments) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
[:octicons-home-16: Homepage](https://1password.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://1password.com/legal/privacy){ .card-link title="Privacy Policy" }
@@ -197,6 +250,11 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
- [:simple-windows11: Windows](https://1password.com/downloads/windows)
- [:simple-apple: macOS](https://1password.com/downloads/mac)
- [:simple-linux: Linux](https://1password.com/downloads/linux)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/1password-x-password-manager)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/1password-%E2%80%93-password-mana/aeblfdkhhhdcdjpifhhbdiojplfjncoa)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/dppgmdbiimibapkepcbdbmkaabgiofem)
- [:simple-safari: Safari](https://apps.apple.com/us/app/1password-for-safari/id1569813296)
- [:octicons-globe-16: Web](https://my.1password.com/signin)
</details>
@@ -337,17 +395,13 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/id1581589638). This version is stripped down in an attempt to reduce attack surface.
### Command-line
These products are minimal password managers that can be used within scripting applications.
#### gopass
### gopass (CLI)
<div class="admonition recommendation" markdown>
![gopass logo](assets/img/password-management/gopass.svg){ align=right }
**gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
**gopass** is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
[:octicons-home-16: Homepage](https://gopass.pw){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation}
@@ -366,6 +420,7 @@ These products are minimal password managers that can be used within scripting a
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

1
docs/productivity.md
View File

@@ -4,6 +4,7 @@ icon: material/file-sign
description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
cover: productivity.webp
---
<!-- markdownlint-disable MD024 -->
Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints.
## Collaboration Platforms

94
docs/search-engines.md
View File

@@ -4,24 +4,36 @@ title: "Search Engines"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
cover: search-engines.webp
global:
- [randomize-element, "table tbody"]
---
Use a search engine that doesn't build an advertising profile based on your searches.
The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
## Recommended Providers
The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
## Brave Search
| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
|---|---|---|---|---|
| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence/) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
### Brave Search
<div class="admonition recommendation" markdown>
![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right }
**Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -32,17 +44,17 @@ We recommend you disable [Anonymous usage metrics](https://search.brave.com/help
</div>
Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
## DuckDuckGo
### DuckDuckGo
<div class="admonition recommendation" markdown>
![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ align=right }
**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources) for instant answers and other non-primary results.
**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apples Safari browser.
DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apples [Safari](mobile-browsers.md#safari) browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
@@ -53,17 +65,41 @@ DuckDuckGo is the default search engine for the Tor Browser and is one of the fe
</div>
DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
### Startpage
## SearXNG
<div class="admonition recommendation" markdown>
![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right }
![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
</details>
</div>
Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
## Metasearch Engines
A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) allows you to aggregate the results of other search engines, such as the ones recommended above, while not storing any information itself.
### SearXNG
<div class="admonition recommendation" markdown>
![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right }
**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
**SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -79,41 +115,13 @@ When self-hosting, it is important that you have other people using your instanc
When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
## Startpage
<div class="admonition recommendation" markdown>
![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right }
![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider.
</div>
Startpage is based in the Netherlands. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
- Must not collect personally identifiable information per their privacy policy.
- Must not collect PII per their privacy policy.
- Must not allow users to create an account with them.
### Best-Case

45
docs/tools.md
View File

@@ -13,19 +13,16 @@ If you want assistance figuring out the best privacy tools and alternative progr
For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page.
## Tor Network
## Tor Browser
<div class="grid cards annotate" markdown>
<div class="grid cards" markdown>
- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](tor.md#tor-browser)
- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- ![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](tor.md#snowflake) (1)
</div>
1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
[Learn more :material-arrow-right-drop-circle:](tor.md)
## Desktop Web Browsers
@@ -40,37 +37,29 @@ For more details about each project, why they were chosen, and additional tips o
[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md)
### Additional Resources
<div class="grid cards" markdown>
- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
- ![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ .twemoji } [uBlock Origin Lite](desktop-browsers.md#ublock-origin-lite)
</div>
[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources)
## Mobile Web Browsers
<div class="grid cards" markdown>
- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Android)](mobile-browsers.md#brave)
- ![Mull logo](assets/img/browsers/mull.svg){ .twemoji } [Mull (Android)](mobile-browsers.md#mull)
- ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](mobile-browsers.md#safari)
</div>
[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md)
### Additional Resources
## Browser Extensions
<div class="grid cards annotate" markdown>
<div class="grid cards" markdown>
- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard)
- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](browser-extensions.md#ublock-origin)
- ![uBlock Origin Lite logo](assets/img/browsers/ublock_origin_lite.svg){ .twemoji } [uBlock Origin Lite](browser-extensions.md#ublock-origin-lite)
- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](browser-extensions.md#adguard)
</div>
[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md#adguard)
[Learn more :material-arrow-right-drop-circle:](browser-extensions.md)
## Service Providers
@@ -80,6 +69,7 @@ For more details about each project, why they were chosen, and additional tips o
- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
- ![Tresorit logo](assets/img/cloud/tresorit.svg){ .twemoji } [Tresorit](cloud.md#tresorit)
- ![Peergos logo](assets/img/cloud/peergos.svg){ .twemoji } [Peergos](cloud.md#peergos)
</div>
@@ -390,12 +380,13 @@ For encrypting your operating system drive, we typically recommend using whichev
<div class="grid cards" markdown>
- ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](passwords.md#bitwarden)
- ![Proton Pass logo](assets/img/password-management/protonpass.svg){ .twemoji } [Proton Pass](passwords.md#proton-pass)
- ![1Password logo](assets/img/password-management/1password.svg){ .twemoji } [1Password](passwords.md#1password)
- ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono)
- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc)
- ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx-android)
- ![Strongbox logo](assets/img/password-management/strongbox.svg){ .twemoji } [Strongbox (iOS & macOS)](passwords.md#strongbox-ios-macos)
- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass)
- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass (CLI)](passwords.md#gopass-cli)
</div>
@@ -489,6 +480,18 @@ For encrypting your operating system drive, we typically recommend using whichev
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to utilize effectively.
### Alternative Networks
<div class="grid cards" markdown>
- ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](alternative-networks.md#tor)
- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](alternative-networks.md#snowflake)
</div>
[Learn more :material-arrow-right-drop-circle:](alternative-networks.md)
### Device Integrity Verification
<div class="grid cards" markdown>

56
docs/tor.md
View File

@@ -1,7 +1,7 @@
---
meta_title: "Tor Browser and Network: Anonymous Web Browsing - Privacy Guides"
title: "Tor Network"
icon: simple/torproject
title: "Tor Browser"
icon: simple/torbrowser
description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship.
cover: tor.webp
schema:
@@ -23,22 +23,10 @@ schema:
url: "./"
---
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
[:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/core/tor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
**Tor** is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md){ .md-button }
## Connecting to Tor
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
@@ -52,7 +40,7 @@ Some of these apps are better than others, and again making a determination come
If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
### Tor Browser
## Tor Browser
<div class="admonition recommendation" markdown>
@@ -90,7 +78,7 @@ The Tor Browser is designed to prevent fingerprinting, or identifying you based
In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
### Orbot
## Orbot
<div class="admonition recommendation" markdown>
@@ -128,7 +116,7 @@ All versions are signed using the same signature so they should be compatible wi
</div>
### Onion Browser
## Onion Browser
<div class="admonition recommendation" markdown>
@@ -150,35 +138,3 @@ All versions are signed using the same signature so they should be compatible wi
</details>
</div>
## Relays and Bridges
### Snowflake
<div class="admonition recommendation" markdown>
![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
[:octicons-home-16: Homepage](https://snowflake.torproject.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
</details>
</div>
You can enable Snowflake in your browser by opening it in another tab and turning the switch on. You can leave it running in the background while you browse to contribute your connection. We don't recommend installing Snowflake as a browser extension; adding third-party extensions can increase your attack surface.
[Run Snowflake in your Browser :material-arrow-right-drop-circle:](https://snowflake.torproject.org/embed.html){ .md-button }
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
[^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html) and [Whonix's Stream Isolation documentation](https://whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.

70
docs/vpn.md
View File

@@ -4,26 +4,19 @@ title: "VPN Services"
icon: material/vpn
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isnt out to spy on you.
cover: vpn.webp
global:
- [randomize-element, "table tbody"]
---
<!-- markdownlint-disable MD024 -->
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
<div class="grid cards" markdown>
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn)
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad)
</div>
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you.
<div class="admonition danger" markdown>
<p class="admonition-title">VPNs do not provide anonymity</p>
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
If you are looking for **anonymity**, you should use the Tor Browser.
If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
[Download Tor](https://torproject.org){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
@@ -33,7 +26,13 @@ If you're looking for added **security**, you should always ensure you're connec
## Recommended Providers
Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
Our recommended providers use encryption, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
| Provider | Countries | WireGuard | Port Forwarding | IPv6 | Anonymous Payments
|---|---|---|---|---|---
| [Proton](#proton-vpn) | 91+ | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Partial Support | :material-alert-outline:{ .pg-orange } | Cash
| [IVPN](#ivpn) | 37+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero, Cash
| [Mullvad](#mullvad) | 41+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero, Cash
### Proton VPN
@@ -61,12 +60,12 @@ Our recommended providers use encryption, accept Monero, support WireGuard & Ope
</div>
#### :material-check:{ .pg-green } 88 Countries
#### :material-check:{ .pg-green } 91 Countries
Proton VPN has [servers in 88 countries](https://protonvpn.com/vpn-servers) [or 5 if you use their free plan](https://protonvpn.com/free-vpn).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
Proton VPN has [servers in 91 countries](https://protonvpn.com/vpn-servers) or [5](https://protonvpn.com/support/how-to-create-free-vpn-account) if you use their [free plan](https://protonvpn.com/free-vpn/server).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2024-03-23
1. Last checked: 2024-04-02
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@@ -88,11 +87,15 @@ Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://wiregua
Proton VPN [recommends](https://protonvpn.com/blog/wireguard) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols) for the protocol is not present in their Linux app.
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
#### :material-alert-outline:{ .pg-orange } No IPv6 Support
Proton VPN's servers are only compatible with IPv4. The Proton VPN applications will block all outgoing IPv6 traffic, so you don't have to worry about your IPv6 address being leaked, but you will not be able to connect to any IPv6-only sites, and you will not be able to connect to Proton VPN from an IPv6-only network.
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-orange } Censorship Circumvention
#### :material-information-outline:{ .pg-blue } Anti-Censorship
Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
@@ -102,11 +105,11 @@ Unfortunately it does not work very well in countries where sophisticated filter
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/app/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-alert-outline:{ .pg-orange } Additional Notes
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://torproject.org) for this purpose.
#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
@@ -116,7 +119,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
![IVPN logo](assets/img/vpn/ivpn.svg){ align=right }
**IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
**IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and does not offer a free trial.
[:octicons-home-16: Homepage](https://ivpn.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ivpn.net/privacy){ .card-link title="Privacy Policy" }
@@ -142,7 +145,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
IVPN has [servers in 37 countries](https://ivpn.net/status).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2023-12-21
1. Last checked: 2024-04-02
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@@ -164,11 +167,15 @@ IVPN supports the WireGuard® protocol. [WireGuard](https://wireguard.com) is a
IVPN [recommends](https://ivpn.net/wireguard) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://wireguard.com/install).
#### :material-information-outline:{ .pg-blue } IPv6 Support
IVPN allows you to [connect to services using IPv6](https://ivpn.net/knowledgebase/general/do-you-support-ipv6) but doesn't allow you to connect from a device using an IPv6 address.
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
IVPN previously supported port forwarding, but removed the option in [June 2023](https://ivpn.net/blog/gradual-removal-of-port-forwarding). Missing this feature could negatively impact certain applications, especially peer-to-peer applications like torrent clients.
#### :material-check:{ .pg-green } Censorship Circumvention
#### :material-check:{ .pg-green } Anti-Censorship
IVPN has obfuscation modes using the [v2ray](https://v2ray.com/en/index.html) project which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
@@ -176,9 +183,9 @@ IVPN has obfuscation modes using the [v2ray](https://v2ray.com/en/index.html) pr
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/app/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-information-outline:{ .pg-blue } Additional Notes
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -186,7 +193,7 @@ IVPN clients support two factor authentication (Mullvad's clients do not). IVPN
![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial.
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not offer a free trial.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -213,7 +220,7 @@ IVPN clients support two factor authentication (Mullvad's clients do not). IVPN
Mullvad has [servers in 41 countries](https://mullvad.net/servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2024-03-23
1. Last checked: 2024-04-02
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@@ -245,13 +252,13 @@ Mullvad [recommends](https://mullvad.net/en/help/why-wireguard) the use of WireG
#### :material-check:{ .pg-green } IPv6 Support
Mullvad allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support), as opposed to other providers which block IPv6 connections.
Mullvad allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support) and connect from a device using an IPv6 address.
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
Mullvad previously supported port forwarding, but removed the option in [May 2023](https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports). Missing this feature could negatively impact certain applications, especially peer-to-peer applications like torrent clients.
#### :material-check:{ .pg-green } Censorship Circumvention
#### :material-check:{ .pg-green } Anti-Censorship
Mullvad has obfuscation an mode using [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) which may be useful in situations where VPN protocols like OpenVPN or Wireguard are blocked.
@@ -259,9 +266,9 @@ Mullvad has obfuscation an mode using [Shadowsocks with v2ray](https://mullvad.n
Mullvad has published [App Store](https://apps.apple.com/app/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-information-outline:{ .pg-blue } Additional Notes
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They use [ShadowSocks](https://shadowsocks.org) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers). They use [ShadowSocks](https://shadowsocks.org) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22).
## Criteria
@@ -287,7 +294,6 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi
**Best Case:**
- WireGuard and OpenVPN support.
- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.

91
includes/strings.en.env
View File

@@ -1,41 +1,58 @@
LANG="English"
LANG_ENGLISH="English"
SITE_NAME="Privacy Guides"
SITE_DESCRIPTION="Privacy Guides is your central privacy and security resource to protect yourself online."
FOOTER_COPYRIGHT_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
FOOTER_COPYRIGHT_AFFILIATE="We do not make money from recommending certain products, and we do not use affiliate links."
FOOTER_COPYRIGHT_DATE="2019 - 2024 Privacy Guides and contributors."
FOOTER_COPYRIGHT_ICON='<span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="m245.83 214.87-33.22 17.28c-9.43-19.58-25.24-19.93-27.46-19.93-22.13 0-33.22 14.61-33.22 43.84 0 23.57 9.21 43.84 33.22 43.84 14.47 0 24.65-7.09 30.57-21.26l30.55 15.5c-6.17 11.51-25.69 38.98-65.1 38.98-22.6 0-73.96-10.32-73.96-77.05 0-58.69 43-77.06 72.63-77.06 30.72-.01 52.7 11.95 65.99 35.86zm143.05 0-32.78 17.28c-9.5-19.77-25.72-19.93-27.9-19.93-22.14 0-33.22 14.61-33.22 43.84 0 23.55 9.23 43.84 33.22 43.84 14.45 0 24.65-7.09 30.54-21.26l31 15.5c-2.1 3.75-21.39 38.98-65.09 38.98-22.69 0-73.96-9.87-73.96-77.05 0-58.67 42.97-77.06 72.63-77.06 30.71-.01 52.58 11.95 65.56 35.86zM247.56 8.05C104.74 8.05 0 123.11 0 256.05c0 138.49 113.6 248 247.56 248 129.93 0 248.44-100.87 248.44-248 0-137.87-106.62-248-248.44-248zm.87 450.81c-112.54 0-203.7-93.04-203.7-202.81 0-105.42 85.43-203.27 203.72-203.27 112.53 0 202.82 89.46 202.82 203.26-.01 121.69-99.68 202.82-202.84 202.82z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M314.9 194.4v101.4h-28.3v120.5h-77.1V295.9h-28.3V194.4c0-4.4 1.6-8.2 4.6-11.3 3.1-3.1 6.9-4.7 11.3-4.7H299c4.1 0 7.8 1.6 11.1 4.7 3.1 3.2 4.8 6.9 4.8 11.3zm-101.5-63.7c0-23.3 11.5-35 34.5-35s34.5 11.7 34.5 35c0 23-11.5 34.5-34.5 34.5s-34.5-11.5-34.5-34.5zM247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3z"></path></svg></span><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M247.6 8C389.4 8 496 118.1 496 256c0 147.1-118.5 248-248.4 248C113.6 504 0 394.5 0 256 0 123.1 104.7 8 247.6 8zm.8 44.7C130.2 52.7 44.7 150.6 44.7 256c0 109.8 91.2 202.8 203.7 202.8 103.2 0 202.8-81.1 202.8-202.8.1-113.8-90.2-203.3-202.8-203.3zm94 144.3v42.5H162.1V197h180.3zm0 79.8v42.5H162.1v-42.5h180.3z"></path></svg></span>'
FOOTER_COPYRIGHT_LICENSE="Content license:"
FOOTER_COPYRIGHT="$FOOTER_COPYRIGHT_INTRO <br> $FOOTER_COPYRIGHT_AFFILIATE <br> &copy; $FOOTER_COPYRIGHT_DATE $FOOTER_COPYRIGHT_ICON $FOOTER_COPYRIGHT_LICENSE <a href='/license'><strong>CC BY-ND 4.0</strong></a>."
THEME_LIGHT="Switch to light mode"
THEME_DARK="Switch to dark mode"
THEME_AUTO="Switch to system theme"
ANALYTICS_CONSENT_BODY="We collect anonymous statistics about your visits to help us improve the site. We do not track you across other websites. If you disable this, we will not know when you have visited our site. We will save a single cookie in your browser to remember your preference."
ANALYTICS_CONSENT_TITLE="Contribute anonymous statistics"
ANALYTICS_COOKIE_GITHUB="GitHub API"
ANALYTICS_COOKIE_UMAMI="Self-Hosted Analytics"
ANALYTICS_FEEDBACK_NEGATIVE_NAME="This page could be improved"
ANALYTICS_FEEDBACK_NEGATIVE_NOTE='Thanks for your feedback! If you want to let us know more, please leave a post on our <a href="https://discuss.privacyguides.net/c/site-development/7" target="_blank" rel="noopener">forum</a>.'
ANALYTICS_FEEDBACK_POSITIVE_NAME="This page was helpful"
ANALYTICS_FEEDBACK_POSITIVE_NOTE="Thanks for your feedback!"
ANALYTICS_FEEDBACK_TITLE="Was this page helpful?"
DESCRIPTION_HOMEPAGE="A socially motivated website which provides information about protecting your online data privacy and security."
DESCRIPTION_TRANSLATION="You're viewing the $LANG copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!"
DESCRIPTION_TRANSLATION_CTA="Visit Crowdin"
SOCIAL_MASTODON="Mastodon"
SOCIAL_MATRIX="Matrix"
FOOTER_ANALYTICS="Anonymous statistics preferences."
FOOTER_COPYRIGHT_AUTHOR="Privacy Guides and contributors."
FOOTER_INTRO="<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy."
FOOTER_NOTE="We do not make money from recommending certain products, and we do not use affiliate links."
HOMEPAGE_CTA_DESCRIPTION="It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know."
HOMEPAGE_DESCRIPTION="A socially motivated website which provides information about protecting your online data privacy and security."
HOMEPAGE_RSS_CHANGELOG_LINK="https://discuss.privacyguides.net/c/site-development/changelog/9.rss"
HOMEPAGE_RSS_CHANGELOG_TITLE="Privacy Guides release changelog"
HOMEPAGE_RSS_BLOG_LINK="https://blog.privacyguides.org/feed_rss_created.xml"
HOMEPAGE_RSS_BLOG_TITLE="Privacy Guides blog feed"
HOMEPAGE_RSS_STORIES_LINK="https://share.privacyguides.org/web-stories/feed/"
HOMEPAGE_RSS_STORIES_TITLE="Privacy Guides web stories feed"
HOMEPAGE_RSS_FORUM_LINK="https://discuss.privacyguides.net/latest.rss"
HOMEPAGE_RSS_FORUM_TITLE="Latest Privacy Guides forum topics"
NAV_ABOUT="About"
NAV_ADVANCED="Advanced"
NAV_ADVANCED_TOPICS="Advanced Topics"
NAV_BLOG="Blog"
NAV_CHANGELOG="Changelog"
NAV_CODE_OF_CONDUCT="Code of Conduct"
NAV_COMMUNITY="Community"
NAV_CONTRIBUTING="Contributing"
NAV_FORUM="Forum"
NAV_HOME="Home"
NAV_INTERNET_BROWSING="Internet Browsing"
NAV_KNOWLEDGE_BASE="Knowledge Base"
NAV_ONLINE_SERVICES="Online Services"
NAV_OPERATING_SYSTEMS="Operating Systems"
NAV_PROVIDERS="Providers"
NAV_RECOMMENDATIONS="Recommendations"
NAV_SOFTWARE="Software"
NAV_TECHNICAL_GUIDES="Technical Guides"
NAV_TECHNOLOGY_ESSENTIALS="Technology Essentials"
NAV_WRITING_GUIDE="Writing Guide"
SITE_DESCRIPTION="Privacy Guides is your central privacy and security resource to protect yourself online."
SITE_LANGUAGE="English"
SITE_LANGUAGE_ENGLISH="English"
SITE_NAME="Privacy Guides"
SOCIAL_FORUM="Forum"
SOCIAL_GITHUB="GitHub"
SOCIAL_MASTODON="Mastodon"
SOCIAL_MATRIX="Matrix"
SOCIAL_TOR_SITE="Hidden service"
NAV_HOME="Home"
NAV_KNOWLEDGE_BASE="Knowledge Base"
NAV_TECHNOLOGY_ESSENTIALS="Technology Essentials"
NAV_OPERATING_SYSTEMS="Operating Systems"
NAV_ADVANCED_TOPICS="Advanced Topics"
NAV_RECOMMENDATIONS="Recommendations"
NAV_INTERNET_BROWSING="Internet Browsing"
NAV_PROVIDERS="Providers"
NAV_SOFTWARE="Software"
NAV_ADVANCED="Advanced"
NAV_ABOUT="About"
NAV_COMMUNITY="Community"
NAV_ONLINE_SERVICES="Online Services"
NAV_CODE_OF_CONDUCT="Code of Conduct"
NAV_CONTRIBUTING="Contributing"
NAV_WRITING_GUIDE="Writing Guide"
NAV_TECHNICAL_GUIDES="Technical Guides"
NAV_CHANGELOG="Changelog"
NAV_FORUM="Forum"
NAV_BLOG="Blog"
THEME_AUTO="Switch to system theme"
THEME_DARK="Switch to dark mode"
THEME_LIGHT="Switch to light mode"
TRANSLATION_NOTICE="You're viewing the $SITE_LANGUAGE copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!"
TRANSLATION_NOTICE_CTA="Visit Crowdin"

466
mkdocs.yml Normal file
View File

@@ -0,0 +1,466 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
docs_dir: !ENV [BUILD_DOCS_DIR, "docs"]
site_url: !ENV [BUILD_SITE_URL, "https://www.privacyguides.org/en/"]
site_dir: !ENV [BUILD_SITE_DIR, "site/en"]
site_name: Privacy Guides
site_description:
!ENV [
SITE_DESCRIPTION,
"Privacy Guides is your central privacy and security resource to protect yourself online.",
]
edit_uri_template:
!ENV [BUILD_EDIT_URI_TEMPLATE, "blob/main/docs/{path}?plain=1"]
extra:
generator: false
context: !ENV [BUILD_CONTEXT, "production"]
offline: !ENV [BUILD_OFFLINE, false]
deploy: !ENV DEPLOY_ID
privacy_guides:
footer:
intro:
!ENV [
FOOTER_INTRO,
"Privacy Guides is a non-profit, socially motivated website that provides information for protecting your data security and privacy.",
]
note:
!ENV [
FOOTER_NOTE,
"We do not make money from recommending certain products, and we do not use affiliate links.",
]
copyright:
author:
!ENV [FOOTER_COPYRIGHT_AUTHOR, "Privacy Guides and contributors."]
date: !ENV [FOOTER_COPYRIGHT_DATE, "2019-2024"]
license:
- fontawesome/brands/creative-commons
- fontawesome/brands/creative-commons-by
- fontawesome/brands/creative-commons-nd
analytics: !ENV [FOOTER_ANALYTICS, "Anonymous statistics preferences."]
homepage:
description:
!ENV [
HOMEPAGE_DESCRIPTION,
"A socially motivated website which provides information about protecting your online data privacy and security.",
]
hero:
header:
!ENV [HOMEPAGE_HEADER, "The guide to restoring your online privacy."]
subheader:
!ENV [
HOMEPAGE_SUBHEADER,
"Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.",
]
buttons:
- name:
!ENV [
HOMEPAGE_BUTTON_GET_STARTED_NAME,
"Start Your Privacy Journey",
]
title:
!ENV [
HOMEPAGE_BUTTON_GET_STARTED_TITLE,
"The first step of your privacy journey",
]
link:
!ENV [
HOMEPAGE_BUTTON_GET_STARTED_LINK,
"basics/why-privacy-matters/",
]
class: md-button md-button--primary
- name: !ENV [HOMEPAGE_BUTTON_TOOLS_NAME, "Recommended Tools"]
title:
!ENV [
HOMEPAGE_BUTTON_TOOLS_TITLE,
"Recommended privacy tools, services, and knowledge",
]
link: !ENV [HOMEPAGE_BUTTON_TOOLS_LINK, "tools/"]
class: md-button
cta:
- title:
!ENV [
HOMEPAGE_CTA_TITLE,
"We need you! Here's how to get involved:",
]
links:
- icon: simple/discourse
name: !ENV [HOMEPAGE_CTA_FORUM_NAME, "Join the forum"]
link: https://discuss.privacyguides.net/
- icon: simple/mastodon
name: !ENV [HOMEPAGE_CTA_MASTODON_NAME, "Follow us on Mastodon"]
link: https://mastodon.neat.computer/@privacyguides
- icon: simple/github
name: !ENV [HOMEPAGE_CTA_GITHUB_NAME, "Contribute on GitHub"]
link: https://github.com/privacyguides/privacyguides.org
- icon: material/translate
name: !ENV [HOMEPAGE_CTA_TRANSLATE_NAME, "Help translate"]
link: https://crowdin.com/project/privacyguides
- icon: simple/matrix
name: !ENV [HOMEPAGE_CTA_MATRIX_NAME, "Join the Matrix chat"]
link: https://matrix.to/#/#privacyguides:matrix.org
- icon: material/information-outline
name: !ENV [HOMEPAGE_CTA_ABOUT_NAME, "Learn more about us"]
link: about/
- icon: material/hand-coin
name: !ENV [HOMEPAGE_CTA_DONATE_NAME, "Donate to Privacy Guides"]
link: about/donate/
description:
!ENV [
HOMEPAGE_CTA_DESCRIPTION,
"If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.",
]
rss:
- title:
!ENV [
HOMEPAGE_RSS_CHANGELOG_TITLE,
"Privacy Guides release changelog",
]
link:
!ENV [
HOMEPAGE_RSS_CHANGELOG_LINK,
"https://discuss.privacyguides.net/c/site-development/changelog/9.rss",
]
- title: !ENV [HOMEPAGE_RSS_BLOG_TITLE, "Privacy Guides blog feed"]
link:
!ENV [
HOMEPAGE_RSS_BLOG_LINK,
"https://blog.privacyguides.org/feed_rss_created.xml",
]
- title:
!ENV [HOMEPAGE_RSS_STORIES_TITLE, "Privacy Guides Web Stories feed"]
link:
!ENV [
HOMEPAGE_RSS_STORIES_LINK,
"https://share.privacyguides.org/web-stories/feed/",
]
- title:
!ENV [
HOMEPAGE_RSS_FORUM_TITLE,
"Latest Privacy Guides forum topics",
]
link:
!ENV [
HOMEPAGE_RSS_FORUM_LINK,
"https://discuss.privacyguides.net/latest.rss",
]
translation_notice:
notice: !ENV TRANSLATION_NOTICE
cta: !ENV [TRANSLATION_NOTICE_CTA, "Visit Crowdin"]
language: !ENV SITE_LANGUAGE_ENGLISH
translation_stylesheet: !ENV [TRANSLATION_STYLESHEET]
social:
- icon: simple/mastodon
link: https://mastodon.neat.computer/@privacyguides
name: !ENV [SOCIAL_MASTODON, "Mastodon"]
- icon: simple/matrix
link: https://matrix.to/#/#privacyguides:matrix.org
name: !ENV [SOCIAL_MATRIX, "Matrix"]
- icon: simple/discourse
link: https://discuss.privacyguides.net/
name: !ENV [SOCIAL_FORUM, "Forum"]
- icon: simple/github
link: https://github.com/privacyguides
name: !ENV [SOCIAL_GITHUB, "GitHub"]
- icon: simple/torbrowser
link: http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/
name: !ENV [SOCIAL_TOR_SITE, "Hidden service"]
alternate:
- name: English
link: /en/
lang: en
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1fa-1f1f8.svg
- name: Español
link: /es/
lang: es
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ea-1f1f8.svg
- name: Français
link: /fr/
lang: fr
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1eb-1f1f7.svg
- name: עִברִית
link: /he/
lang: he
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ee-1f1f1.svg
- name: Italiano
link: /it/
lang: it
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ee-1f1f9.svg
- name: Nederlands
link: /nl/
lang: nl
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f3-1f1f1.svg
- name: 正體中文
link: /zh-hant/
lang: zh-Hant
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1ed-1f1f0.svg
- name: русский
link: /ru/
lang: ru
icon: https://raw.githubusercontent.com/twitter/twemoji/master/assets/svg/1f1f7-1f1fa.svg
analytics:
feedback:
title: !ENV [ANALYTICS_FEEDBACK_TITLE, "Was this page helpful?"]
ratings:
- icon: material/emoticon-happy-outline
name: !ENV [ANALYTICS_FEEDBACK_POSITIVE_NAME, "This page was helpful"]
data: 1
note:
!ENV [ANALYTICS_FEEDBACK_POSITIVE_NOTE, "Thanks for your feedback!"]
- icon: material/emoticon-sad-outline
name:
!ENV [
ANALYTICS_FEEDBACK_NEGATIVE_NAME,
"This page could be improved",
]
data: 0
note:
!ENV [ANALYTICS_FEEDBACK_NEGATIVE_NOTE, "Thanks for your feedback!"]
consent:
title: !ENV [ANALYTICS_CONSENT_TITLE, "Contribute anonymous statistics"]
description:
!ENV [
ANALYTICS_CONSENT_BODY,
"We use cookies to collect anonymous usage statistics. You can opt out if you wish.",
]
cookies:
analytics:
name: !ENV [ANALYTICS_COOKIE_UMAMI, "Self-Hosted Analytics"]
checked: true
github:
name: !ENV [ANALYTICS_COOKIE_GITHUB, "GitHub API"]
checked: true
actions:
- reject
- accept
- manage
repo_url:
!ENV [BUILD_REPO_URL, "https://github.com/privacyguides/privacyguides.org"]
repo_name: ""
theme:
name: material
language: !ENV [BUILD_THEME_LANGUAGE, "en"]
custom_dir: theme
font:
text: !ENV [BUILD_THEME_FONT_TEXT, "Public Sans"]
code: !ENV [BUILD_THEME_FONT_CODE, "DM Mono"]
palette:
- media: "(prefers-color-scheme)"
scheme: default
accent: deep purple
toggle:
icon: material/brightness-auto
name: !ENV [THEME_DARK, "Switch to dark mode"]
- media: "(prefers-color-scheme: dark)"
scheme: slate
accent: amber
toggle:
icon: material/brightness-2
name: !ENV [THEME_LIGHT, "Switch to light mode"]
- media: "(prefers-color-scheme: light)"
scheme: default
accent: deep purple
toggle:
icon: material/brightness-5
name: !ENV [THEME_AUTO, "Switch to system theme"]
favicon: assets/brand/logos/png/favicon-32x32.png
icon:
repo: simple/github
features:
- navigation.tracking
- navigation.tabs
- navigation.sections
- navigation.expand
- navigation.path
- navigation.indexes
- content.action.edit
- content.tabs.link
- content.tooltips
- search.highlight
extra_css:
- assets/stylesheets/extra.css?v=1
extra_javascript:
- assets/javascripts/randomize-element.js?v=1
- assets/javascripts/resolution.js?v=1
- assets/javascripts/feedback.js?v=1
watch:
- theme
- includes
plugins:
tags: {}
search: {}
privacy: {}
group:
enabled: !ENV [BUILD_INSIDERS, false]
plugins:
macros: {}
meta: {}
git-authors:
enabled: !ENV [GITAUTHORS, PRODUCTION, NETLIFY, false]
sort_authors_by: contribution
show_contribution: true
fallback_to_empty: true
authorship_threshold_percent: 1
git-revision-date-localized:
enabled: !ENV [GITREVISIONDATE, PRODUCTION, NETLIFY, false]
exclude:
- index.md
fallback_to_build_date: true
enable_creation_date: true
optimize:
enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false]
typeset: {}
social:
cards: !ENV [CARDS, true]
cards_dir: assets/img/social
cards_layout_dir: theme/layouts
cards_layout: page
# cards_layout: pride
markdown_extensions:
admonition: {}
pymdownx.details: {}
pymdownx.superfences:
custom_fences:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format
pymdownx.tabbed:
alternate_style: true
pymdownx.arithmatex:
generic: true
pymdownx.critic: {}
pymdownx.caret: {}
pymdownx.keys: {}
pymdownx.mark: {}
pymdownx.tilde: {}
pymdownx.snippets:
auto_append:
- !ENV [BUILD_ABBREVIATIONS, "includes/abbreviations.en.txt"]
pymdownx.tasklist:
custom_checkbox: true
attr_list: {}
def_list: {}
md_in_html: {}
meta: {}
abbr: {}
pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
tables: {}
footnotes: {}
toc:
permalink: true
toc_depth: 4
nav:
- !ENV [NAV_HOME, "Home"]: "index.md"
- !ENV [NAV_KNOWLEDGE_BASE, "Knowledge Base"]:
- "basics/why-privacy-matters.md"
- "basics/threat-modeling.md"
- "basics/common-threats.md"
- "basics/common-misconceptions.md"
- "basics/account-creation.md"
- "basics/account-deletion.md"
- !ENV [NAV_TECHNOLOGY_ESSENTIALS, "Technology Essentials"]:
- "basics/passwords-overview.md"
- "basics/multi-factor-authentication.md"
- "basics/email-security.md"
- "basics/vpn-overview.md"
- !ENV [NAV_ADVANCED_TOPICS, "Advanced Topics"]:
- "advanced/dns-overview.md"
- "advanced/tor-overview.md"
- "advanced/payments.md"
- "advanced/communication-network-types.md"
- !ENV [NAV_OPERATING_SYSTEMS, "Operating Systems"]:
- "os/android-overview.md"
- "os/ios-overview.md"
- "os/linux-overview.md"
- "os/macos-overview.md"
- "os/qubes-overview.md"
- kb-archive.md
- !ENV [NAV_RECOMMENDATIONS, "Recommendations"]:
- "tools.md"
- !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
- "tor.md"
- "desktop-browsers.md"
- "mobile-browsers.md"
- "browser-extensions.md"
- !ENV [NAV_PROVIDERS, "Providers"]:
- "cloud.md"
- "dns.md"
- "email-aliasing.md"
- "email.md"
- "financial-services.md"
- "photo-management.md"
- "search-engines.md"
- "vpn.md"
- !ENV [NAV_SOFTWARE, "Software"]:
- "calendar.md"
- "cryptocurrency.md"
- "data-redaction.md"
- "email-clients.md"
- "encryption.md"
- "file-sharing.md"
- "frontends.md"
- "multi-factor-authentication.md"
- "news-aggregators.md"
- "notebooks.md"
- "passwords.md"
- "productivity.md"
- "real-time-communication.md"
- !ENV [NAV_OPERATING_SYSTEMS, "Operating Systems"]:
- "android.md"
- "desktop.md"
- "router.md"
- !ENV [NAV_ADVANCED, "Advanced"]:
- "alternative-networks.md"
- "device-integrity.md"
- !ENV [NAV_ABOUT, "About"]:
- "about/index.md"
- "about/criteria.md"
- "about/notices.md"
- "about/privacy-policy.md"
- "about/statistics.md"
- !ENV [NAV_COMMUNITY, "Community"]:
- "about/donate.md"
- !ENV [NAV_ONLINE_SERVICES, "Online Services"]: "about/services.md"
- !ENV [NAV_CODE_OF_CONDUCT, "Code of Conduct"]: "CODE_OF_CONDUCT.md"
- "about/privacytools.md"
- !ENV [NAV_CONTRIBUTING, "Contributing"]:
- !ENV [NAV_WRITING_GUIDE, "Writing Guide"]:
- "meta/writing-style.md"
- "meta/admonitions.md"
- "meta/brand.md"
- "meta/translations.md"
- !ENV [NAV_TECHNICAL_GUIDES, "Technical Guides"]:
- "meta/uploading-images.md"
- "meta/git-recommendations.md"
- !ENV [NAV_CHANGELOG, "Changelog"]:
"https://github.com/privacyguides/privacyguides.org/releases"
- !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
- !ENV [NAV_BLOG, "Blog"]: "https://blog.privacyguides.org/"

2
modules/mkdocs-material

Submodule modules/mkdocs-material updated: 4ff6a57215...2ab4dc8ce4

104
netlify.toml
View File

@@ -1,104 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
[build]
publish = "site/"
command = "mkdocs build --config-file config/mkdocs.en.yml && cp -r static/* site/"
[context.production]
command = "rm -rf i18n-download || true && git clone https://github.com/privacyguides/i18n i18n-download && cp -rl i18n-download/i18n . && cp -rl i18n-download/includes . && cp -rl i18n-download/theme . && mkdocs build --config-file config/mkdocs.en.yml && mkdocs build --config-file config/mkdocs.es.yml && mkdocs build --config-file config/mkdocs.fr.yml && mkdocs build --config-file config/mkdocs.he.yml && mkdocs build --config-file config/mkdocs.it.yml && mkdocs build --config-file config/mkdocs.nl.yml && mkdocs build --config-file config/mkdocs.zh-Hant.yml && mkdocs build --config-file config/mkdocs.ru.yml && cp -r static/* site/"
[context.branch-deploy]
command = "crowdin download && for i in config/mkdocs.*.yml; do mkdocs build --config-file $i; done && cp -r static/* site/"
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "0"
X-Content-Type-Options = "nosniff"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none'"
Permissions-Policy = "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
[[headers]]
for = "/:lang/about/donate/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://opencollective.com https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com; frame-ancestors 'none'"
[[headers]]
for = "/:lang/tor/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://snowflake.torproject.org; frame-ancestors 'none'"
[[redirects]]
from = "/es/*"
to = "/i18n/404.es.html"
status = 404
[[redirects]]
from = "/fr/*"
to = "/i18n/404.fr.html"
status = 404
[[redirects]]
from = "/he/*"
to = "/i18n/404.he.html"
status = 404
[[redirects]]
from = "/it/*"
to = "/i18n/404.it.html"
status = 404
[[redirects]]
from = "/nl/*"
to = "/i18n/404.nl.html"
status = 404
[[redirects]]
from = "/zh-hant/*"
to = "/i18n/404.zh-Hant.html"
status = 404
[[redirects]]
from = "/ru/*"
to = "/i18n/404.ru.html"
status = 404
[[redirects]]
from = "/*"
to = "/i18n/404.en.html"
status = 404
[[plugins]]
package = "@netlify/plugin-lighthouse"
[[plugins.inputs.audits]]
path = "en"
[[plugins.inputs.audits]]
path = "en/tools"
[[plugins.inputs.audits]]
path = "en/basics/why-privacy-matters"
[[plugins.inputs.audits]]
path = "en/vpn"

140
run.sh Executable file
View File

@@ -0,0 +1,140 @@
#!/bin/bash
# Add --help output
if [ "$1" == "--help" ]; then
echo "Usage: ./run.sh [options]"
echo "Options:"
echo " --lang=<language code> (default: en) Language code for the site"
echo " --insiders Enable insiders mode"
echo ' --cmd="<base command>" Base command to run mkdocs'
echo ' (default: "pipenv run mkdocs")'
echo ' --cmd_flags="<flags>" Flags to pass to the base command'
echo " --build Build the site instead of serving it"
echo " --offline Build the site in offline mode"
echo " --production Build the site in production mode"
echo ""
echo "Examples:"
echo " $ bash run.sh"
echo " $ bash run.sh --lang=ru --insiders"
echo ' $ bash run.sh --cmd="mkdocs" --cmd_flags="--dev-addr=0.0.0.0:8000"'
echo " $ bash run.sh --build"
exit
fi
# Defaults
build=false
language="en"
base_cmd="pipenv run mkdocs"
offline=false
cmd_flags=()
insiders=false
export PRODUCTION=false
# Parse command-line arguments
for arg in "$@"
do
case $arg in
--lang=*)
language="${arg#*=}"
shift
;;
--insiders)
insiders=true
shift
;;
--cmd=*)
base_cmd="${arg#*=}"
shift
;;
--build)
build=true
shift
;;
--offline)
offline=true
shift
;;
--production)
export PRODUCTION=true
shift
;;
--cmd_flags=*)
cmd_flags+=("${arg#*=}")
shift
;;
*)
shift
;;
esac
done
# Set variables for offline mode
if $offline ; then
export BUILD_EDIT_URI_TEMPLATE=''
export BUILD_OFFLINE=true
export BUILD_REPO_URL=''
export CARDS=false
export HOMEPAGE_BUTTON_GET_STARTED_LINK="basics/why-privacy-matters.html"
export HOMEPAGE_BUTTON_TOOLS_LINK="tools.html"
fi
# Set environment variables if language is not en
if [ "$language" != "en" ]; then
export BUILD_ABBREVIATIONS="includes/abbreviations.$language.txt"
export BUILD_DOCS_DIR="i18n/$language"
export BUILD_EDIT_URI_TEMPLATE="https://github.com/privacyguides/i18n/blob/main/i18n/$language/{path}?plain=1"
export BUILD_SITE_DIR="site/$language"
export BUILD_SITE_URL="https://privacyguides.org/$language"
export BUILD_THEME_LANGUAGE="$language"
set -a
# shellcheck disable=SC1090
source "$PWD/includes/strings.$language.env"
set +a
fi
# Set font if hebrew
if [ "$language" == "he" ]; then
export BUILD_THEME_FONT_CODE="Cousine"
export BUILD_THEME_FONT_TEXT="Open Sans"
fi
# Set font if chinese
if [ "$language" == "zh-Hant" ]; then
export BUILD_THEME_FONT_CODE="Noto Sans TC"
export BUILD_THEME_FONT_TEXT="Noto Sans TC"
fi
# Set stylesheet if hebrew or russian or chinese
if [[ "he ru zh-Hant" =~ $language ]]; then
export TRANSLATION_STYLESHEET="assets/stylesheets/lang-$language.css?v=20240410"
fi
# Set theme if insiders
if $insiders ; then
random_num=$RANDOM
export BUILD_INSIDERS=true
cmd_flags+=("--config-file=$PWD/.mkdocs-insiders-$random_num.yml")
touch "$PWD/.mkdocs-insiders-$random_num.yml"
cat <<EOT >> "$PWD/.mkdocs-insiders-$random_num.yml"
INHERIT: mkdocs.yml
watch:
- theme
- includes
- mkdocs.yml
markdown_extensions:
material.extensions.preview:
sources:
exclude:
- tools.md
EOT
trap 'rm $PWD/.mkdocs-insiders-$random_num.yml' EXIT
fi
# Run the command with the specified language
if $build ; then
$base_cmd build "${cmd_flags[@]}"
else
$base_cmd serve "${cmd_flags[@]}"
fi

89
static/_redirects
View File

@@ -1,89 +0,0 @@
# Copyright (c) 2023 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
/ /en/ 302 Language=en
/ /es/ 302 Language=es
/ /fr/ 302 Language=fr
/ /he/ 302 Language=he
/ /it/ 302 Language=it
/ /nl/ 302 Language=nl
/ /zh-hant/ 302 Language=zh-Hant
/ /ru/ 302 Language=ru
/ /en/ 302
/.well-known/matrix/* https://matrix.privacyguides.org/.well-known/matrix/:splat 200
/.well-known/* /well-known/:splat 200
/kb /en/basics/why-privacy-matters/
/:lang/kb /:lang/basics/why-privacy-matters/
/coc /en/CODE_OF_CONDUCT/
/license https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
/team /en/about/
/browsers /en/desktop-browsers/
/blog https://blog.privacyguides.org
/basics/dns-overview /en/advanced/dns-overview/
/basics/tor-overview /en/advanced/tor-overview/
/real-time-communication/communication-network-types /en/advanced/communication-network-types
/advanced/real-time-communication /en/advanced/communication-network-types
/android/overview /en/os/android-overview/
/linux-desktop/overview /en/os/linux-overview/
/android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
/ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
/linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
/linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
/advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
/real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
/advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
/advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
/operating-systems /en/desktop/
/threat-modeling /en/basics/threat-modeling/
/self-contained-networks /en/tor/
/privacy-policy /en/about/privacy-policy/
/metadata-removal-tools /en/data-redaction/
/basics /en/kb
/software/file-encryption /en/encryption/
/providers /en/tools/#service-providers
/software/calendar-contacts /en/calendar/
/calendar-contacts /en/calendar/
/software/metadata-removal-tools /en/data-redaction/
/contact /en/about/
/welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
/software/email /en/email-clients/
/providers/paste /en/tools/
/blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
/terms-and-notices /en/about/notices/
/software/networks /en/tor/
/social-news-aggregator /en/news-aggregators/
/basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
/linux-desktop /en/desktop/
/providers/:slug /en/:slug/
/software/:slug /en/:slug/
/blog/* https://blog.privacyguides.org/:splat
/assets/* /en/assets/:splat
/:slug/ /en/:slug/
/about/:slug/ /en/about/:slug/
/advanced/:slug/ /en/advanced/:slug/
/basics/:slug/ /en/basics/:slug/
/meta/:slug/ /en/meta/:slug/
/os/:slug/ /en/os/:slug/

24
static/i18n/404.en.html
View File

File diff suppressed because one or more lines are too long

5
static/well-known/security.txt
View File

@@ -1,5 +0,0 @@
Contact: mailto:jonah@triplebit.net
Expires: 2024-01-01T18:00:00.000Z
Preferred-Languages: en
Canonical: https://www.privacyguides.org/.well-known/security.txt
Policy: https://github.com/privacyguides/privacyguides.org/security/policy

1
theme/assets/img/browsers/mull.svg Normal file
View File

@@ -0,0 +1 @@
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.23559 0 0 .23559 1.8105e-7 .00017997)"><path d="m97.545 29.843s2.554-8.59 10.911-13c8.357-4.411 28.553-4.411 31.57-3.018 3.018 1.393 3.947 25.999 0 32.034-3.946 6.036-11.839 9.286-18.106 9.286-6.268 0-25.999-15.089-25.999-15.089z" fill="#e91e63"/><path d="m104.86 31.267s1.694-5.697 7.238-8.623c5.543-2.926 18.941-2.926 20.943-2.002s2.618 17.247 0 21.251-7.854 6.159-12.011 6.159c-4.158 0-17.248-10.009-17.248-10.009z" fill="#424242"/><path d="m46.206 29.843s-2.554-8.59-10.911-13c-8.356-4.411-28.553-4.411-31.57-3.018-3.018 1.393-3.946 25.999 0 32.034 3.946 6.036 11.839 9.286 18.106 9.286 6.268 0 25.999-15.089 25.999-15.089z" fill="#e91e63"/><path d="m38.888 31.267s-1.694-5.697-7.237-8.623c-5.544-2.926-18.941-2.926-20.943-2.002s-2.618 17.247 0 21.251 7.854 6.159 12.012 6.159 17.247-10.009 17.247-10.009z" fill="#424242"/></g><path d="m8.1036 7.1525s1.1318 0.00899 2.048 0.26551c0 0-2.3456 0.47637-4.178 1.6856 0 0 0.69618 0.036774 1.6126 0.18329 0 0-2.8064 2.0574-4.9931 5.1856 7.3768 1.4324 8.7289 9.3139 8.7289 9.3139 0.30485-0.48744 2.4372-1.9497 2.4372-1.9497 0.91786-10.59-0.71926-15.081-1.5827-16.652-1.5059 0.43396-2.9788 1.0762-4.0729 1.9677zm18.177 2.1344c0.91621-0.14654 1.6126-0.18329 1.6126-0.18329-1.8324-1.2093-4.1777-1.6856-4.1777-1.6856 0.91622-0.25656 2.048-0.26551 2.048-0.26551-1.0943-0.89148-2.567-1.5337-4.0731-1.9677-0.86343 1.5709-2.5006 6.0615-1.5827 16.652 0 0 2.1326 1.4623 2.4372 1.9497 0 0 1.3521-7.8815 8.7289-9.3139-2.1868-3.1279-4.9931-5.1856-4.9931-5.1856z" fill="#212121" stroke-width=".23559"/><g transform="matrix(.23559 0 0 .23559 1.8105e-7 .00017997)"><path d="m128.2 91.998c9.178-0.623 15.556 4.2 15.556 4.2-1.4-14.468-11.044-19.134-11.044-19.134 6.222 0.622 9.645 4.666 9.645 4.666-1.845-7.679-5.674-14.776-10.023-20.884 0.139 0.194 0.279 0.387 0.416 0.583-31.312 6.08-37.051 39.534-37.051 39.534-1.293-2.069-10.345-8.276-10.345-8.276-3.896-44.952 3.054-64.013 6.718-70.681-7.263-2.092-14.707-3.04-20.19-3.04-6.07 0-14.542 1.159-22.511 3.752 0.77-0.25 1.544-0.488 2.321-0.712 3.665 6.668 10.614 25.729 6.718 70.681 0 0-9.052 6.207-10.345 8.276 0 0-5.74-33.454-37.052-39.534 0.138-0.196 0.277-0.389 0.416-0.583-4.351 6.108-8.18 13.206-10.025 20.885 0 0 3.422-4.044 9.645-4.666 0 0-9.645 4.666-11.045 19.134 0 0 6.378-4.823 15.556-4.2 0 0-9.8 0.934-13.222 11.667 0 0 12.013-7.723 29.168-2.784 15.974 4.599 15.005 24.445 26.677 28.606 9.641 3.438 13.697-1.244 13.697-1.244s4.056 4.682 13.697 1.244c11.671-4.161 10.703-24.008 26.677-28.606 17.156-4.938 29.169 2.784 29.169 2.784-3.423-10.734-13.223-11.668-13.223-11.668z" fill="#e91e63"/><path d="m71.876 101.79c-10.66 0-15.61 4.697-15.61 4.697s10.557 14.105 15.61 14.352c5.053-0.247 15.61-14.352 15.61-14.352s-4.95-4.697-15.61-4.697z" fill="#212121"/><path d="m71.876 104.16c9.164 0 14.204 1.759 15.605 2.332l4e-3 -6e-3s-4.95-4.697-15.61-4.697-15.61 4.697-15.61 4.697l4e-3 6e-3c1.403-0.573 6.442-2.332 15.607-2.332z" fill="#424242"/><ellipse transform="matrix(.9602 -.2794 .2794 .9602 -15.818 30.286)" cx="98.317" cy="70.621" rx="10.771" ry="13.034" fill="#424242"/><circle cx="98.316" cy="69.891" r="6.81" fill="#332a24"/><circle cx="98.317" cy="69.891" r="4.375" fill="#4d4a47"/><circle cx="96.999" cy="68.527" r="1.761" fill="#fff"/><ellipse transform="matrix(-.9602 -.2794 .2794 -.9602 69.326 151.13)" cx="45.435" cy="70.621" rx="10.771" ry="13.034" fill="#424242"/><circle cx="45.435" cy="69.891" r="6.81" fill="#332a24"/><circle cx="45.435" cy="69.891" r="4.375" fill="#4d4a47"/><circle cx="44.117" cy="68.527" r="1.761" fill="#fff"/></g><path d="m30.064 21.674c2.1623-0.14678 3.6649 0.98948 3.6649 0.98948-0.32982-3.4085-2.6019-4.5078-2.6019-4.5078 1.4658 0.14654 2.2723 1.0993 2.2723 1.0993-0.421-1.7523-1.2819-3.3739-2.2664-4.7818 8.9e-4 -2.4e-4 0.0018-4.72e-4 0.0027-8.9e-4 -0.03223-0.04621-0.06527-0.09164-0.09801-0.13735 2.41e-4 2.32e-4 2.41e-4 4.72e-4 4.72e-4 7.04e-4 -0.38401-0.5395-0.78476-1.0463-1.1853-1.5148 1.1546-0.29802 2.322-0.98288 2.9981-2.0169 0.92988-1.4218 0.71101-7.219 0-7.5469-0.71101-0.32841-5.4688-0.32841-7.4376 0.71101-0.96545 0.50959-1.6006 1.255-1.9987 1.8833-0.59843-0.26056-1.2265-0.48343-1.8624-0.66672-1.7111-0.49286-3.4648-0.71619-4.7566-0.71619v25.744s0.95556 1.103 3.2269 0.29307c2.7496-0.98029 2.5215-5.6561 6.2849-6.7393 4.0418-1.1634 6.8717 0.65588 6.8717 0.65588-0.80642-2.5284-3.1155-2.7484-3.1155-2.7484z" fill="#5c4337" opacity=".1" stroke-width=".23559"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.4 KiB

1
theme/assets/img/cloud/peergos.svg Normal file
View File

@@ -0,0 +1 @@
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g fill="#26b99a"><rect class="cls-2" x="6.0734" y="30.393" width="21.72" height="3.4742" stroke-width="1.2679"/><polygon class="cls-2" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="13.73 13.61 23.67 13.61 25.36 31.59 12.03 31.59"/><polygon class="cls-2" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="21.68 9.2 21.68 8.29 19.7 8.29 19.7 9.2 17.7 9.2 17.7 8.29 15.72 8.29 15.72 9.2 13.72 9.2 13.72 8.29 11.74 8.29 11.74 9.2 11.74 10.27 11.74 11.61 25.66 11.61 25.66 10.27 25.66 9.2 25.66 8.29 23.68 8.29 23.68 9.2"/></g><g fill="#209e84"><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="23.67 13.61 25.66 11.61 11.74 11.61 13.73 13.61"/><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="25.36 30.91 27.26 32.26 10.13 32.26 12.03 30.91"/><g stroke-width="1.2679"><path class="cls-3" d="m20.186 17.269-0.90024-0.19019a2.3837 2.3837 0 0 0 0-0.48182v-0.97631a2.371 2.371 0 1 0-4.7421 0v0.97631 0.15215l-0.9256 0.0634v-0.21555-0.97631a3.2966 3.2966 0 1 1 6.5933 0v0.97631a3.2966 3.2966 0 0 1-0.02536 0.67201z"/><circle class="cls-3" cx="16.94" cy="18.55" r=".60861"/><path class="cls-3" d="m21.048 18.55a3.9687 3.9687 0 0 1-4.1081 3.9053 3.9306 3.9306 0 1 1 0-7.8359 3.9433 3.9433 0 0 1 4.1081 3.9306zm-6.8849 0a2.7768 2.7768 0 0 0 2.7895 2.7514 2.7514 2.7514 0 1 0-2.7895-2.7514z"/></g><polygon class="cls-3" transform="matrix(1.2679 0 0 1.2679 -6.7708 -10.511)" points="19.03 23.96 18.81 23.24 18.56 23.24 18.36 23.96"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.6 KiB

BIN
theme/assets/img/cover/alternative-networks.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

Some files were not shown because too many files have changed in this diff Show More