mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-04 02:22:38 +00:00
Compare commits
45 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0df748876c | |||
| 01da660aaa | |||
1877d385e4
|
|||
|
2f9c779b15
|
|||
|
5fa9a3b505
|
|||
|
3b0cd75cbd
|
|||
|
12fc2d8a9b
|
|||
| e9b951cb68 | |||
| 95d653f26e | |||
| bd4818e993 | |||
| 16237ad930 | |||
| 347d09a4c2 | |||
|
0ab8b1f8f2
|
|||
|
4f091b65e2
|
|||
|
86ee500c6d
|
|||
| 005c6fe7cd | |||
| bd5ef054ea | |||
| 182d76b2ae | |||
| 67f1526d19 | |||
| ef4db53567 | |||
| 8535dadcad | |||
| e1f5a00d90 | |||
| 3b12f672f0 | |||
| 462db2bdfa | |||
| 2abaf2f4dd | |||
| a0ebda314e | |||
| 5334e869ed | |||
| 011efec32b | |||
| 1c527faa04 | |||
| ca9a13c544 | |||
| 0d0a0a822c | |||
| ef286ae706 | |||
| d421e81045 | |||
| 2176a3a2de | |||
| 65874da53c | |||
| b3ceb64052 | |||
| ab0b61db10 | |||
| 31ff6160eb | |||
| 960a328ea7 | |||
| 3111447b96 | |||
| b506f74950 | |||
| e0933d6521 | |||
| 2d6b59e94b | |||
| 7a73aae321 | |||
| da1a7709fa |
2
.github/workflows/crowdin.yml
vendored
2
.github/workflows/crowdin.yml
vendored
@ -14,7 +14,7 @@ jobs:
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: crowdin action
|
||||
uses: crowdin/github-action@1.4.9
|
||||
uses: crowdin/github-action@1.4.11
|
||||
with:
|
||||
upload_sources: true
|
||||
upload_sources_args: '--auto-update --delete-obsolete'
|
||||
|
||||
@ -1,19 +1,24 @@
|
||||
name: 📦 Deploy Website
|
||||
name: 🛠️ Deploy to GitHub Pages
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
release:
|
||||
types: [published]
|
||||
|
||||
# Allow one concurrent deployment
|
||||
concurrency:
|
||||
group: "pages"
|
||||
cancel-in-progress: true
|
||||
|
||||
env:
|
||||
PYTHON_VERSION: 3.x
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build website
|
||||
name: Build
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
@ -22,14 +27,17 @@ jobs:
|
||||
repository: ${{github.event.pull_request.head.repo.full_name}}
|
||||
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
|
||||
submodules: 'true'
|
||||
|
||||
- name: Pages setup
|
||||
uses: actions/configure-pages@v1
|
||||
|
||||
- name: Set up Python runtime
|
||||
- name: Python setup
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.7'
|
||||
|
||||
- name: Cache files
|
||||
uses: actions/cache@v3.0.4
|
||||
uses: actions/cache@v3.0.5
|
||||
with:
|
||||
key: ${{ github.ref }}
|
||||
path: .cache
|
||||
@ -40,34 +48,35 @@ jobs:
|
||||
pipenv install
|
||||
|
||||
- name: Build website
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
pipenv run mkdocs build
|
||||
pipenv run mkdocs build --config-file mkdocs.production.yml
|
||||
mv .well-known site/
|
||||
tar cvf site.tar site
|
||||
pipenv run mkdocs --version
|
||||
|
||||
- name: Package website
|
||||
uses: actions/upload-artifact@v3
|
||||
uses: actions/upload-pages-artifact@v1
|
||||
with:
|
||||
name: generated-site
|
||||
path: site.tar
|
||||
path: site
|
||||
|
||||
|
||||
|
||||
deploy:
|
||||
name: Rsync Deploy
|
||||
runs-on: ubuntu-latest
|
||||
environment: production
|
||||
name: Deploy
|
||||
needs: build
|
||||
|
||||
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
|
||||
permissions:
|
||||
pages: write # to deploy to Pages
|
||||
id-token: write # to verify the deployment originates from an appropriate source
|
||||
|
||||
environment:
|
||||
name: github-pages
|
||||
url: ${{ steps.deployment.outputs.page_url }}
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Download generated Jekyll site
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: generated-site
|
||||
- run: tar xvf site.tar
|
||||
- name: Copy built site to production
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
|
||||
chmod 700 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts
|
||||
rsync -azP --delete site/ ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:${{ secrets.SSH_PATH }}
|
||||
- name: Deploy to GitHub Pages
|
||||
id: deployment
|
||||
uses: actions/deploy-pages@main
|
||||
6
.github/workflows/preview.yml
vendored
6
.github/workflows/preview.yml
vendored
@ -3,7 +3,7 @@ name: 🔂 Surge PR Preview
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [opened, synchronize, reopened]
|
||||
|
||||
|
||||
# Ensures that only one mirror task will run at a time.
|
||||
concurrency:
|
||||
group: surge-sh
|
||||
@ -33,6 +33,8 @@ jobs:
|
||||
|
||||
- name: Deploy to surge.sh
|
||||
uses: afc163/surge-preview@v1
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
surge_token: ${{ secrets.SURGE_TOKEN }}
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
@ -41,4 +43,4 @@ jobs:
|
||||
build: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
pipenv run mkdocs build
|
||||
pipenv run mkdocs build --config-file mkdocs.production.yml
|
||||
|
||||
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -4,6 +4,3 @@
|
||||
[submodule "docs/assets/brand"]
|
||||
path = docs/assets/brand
|
||||
url = https://github.com/privacyguides/brand.git
|
||||
[submodule "docs/blog"]
|
||||
path = docs/blog
|
||||
url = https://github.com/privacyguides/blog.git
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
Contact: jonah@triplebit.net
|
||||
Encryption: https://www.jonaharagon.com/keys/
|
||||
Contact: mailto:jonah@triplebit.net
|
||||
Expires: 2024-01-01T18:00:00.000Z
|
||||
Preferred-Languages: en
|
||||
Canonical: https://privacyguides.org/.well-known/security.txt
|
||||
Canonical: https://www.privacyguides.org/.well-known/security.txt
|
||||
Policy: https://github.com/privacyguides/privacyguides.org/security/policy
|
||||
|
||||
1
Pipfile
1
Pipfile
@ -11,6 +11,7 @@ mkdocs-git-revision-date-localized-plugin = "*"
|
||||
typing-extensions = "*"
|
||||
mkdocs-minify-plugin = "*"
|
||||
mkdocs-rss-plugin = "*"
|
||||
mkdocs-git-committers-plugin-2 = "*"
|
||||
|
||||
[dev-packages]
|
||||
scour = "*"
|
||||
|
||||
647
Pipfile.lock
generated
647
Pipfile.lock
generated
@ -1,7 +1,7 @@
|
||||
{
|
||||
"_meta": {
|
||||
"hash": {
|
||||
"sha256": "ce0d93277762e5052d095796291285ed1ff44183570f08ebfa71b76619eee48e"
|
||||
"sha256": "ce2630991a262d8ca83cfc13f70347f8fdd9f9d07c281ea753f5fc52f3aebbd6"
|
||||
},
|
||||
"pipfile-spec": 6,
|
||||
"requires": {
|
||||
@ -18,11 +18,11 @@
|
||||
"default": {
|
||||
"babel": {
|
||||
"hashes": [
|
||||
"sha256:3f349e85ad3154559ac4930c3918247d319f21910d5ce4b25d439ed8693b98d2",
|
||||
"sha256:98aeaca086133efb3e1e2aad0396987490c8425929ddbcfe0550184fdc54cd13"
|
||||
"sha256:7614553711ee97490f732126dc077f8d0ae084ebc6a96e23db1482afabdb2c51",
|
||||
"sha256:ff56f4892c1c4bf0d814575ea23471c230d544203c7748e8c68f0089478d48eb"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2.10.1"
|
||||
"version": "==2.10.3"
|
||||
},
|
||||
"cairocffi": {
|
||||
"hashes": [
|
||||
@ -41,74 +41,88 @@
|
||||
},
|
||||
"certifi": {
|
||||
"hashes": [
|
||||
"sha256:9c5705e395cd70084351dd8ad5c41e65655e08ce46f2ec9cf6c2c08390f71eb7",
|
||||
"sha256:f1d53542ee8cbedbe2118b5686372fb33c297fcd6379b050cca0ef13a597382a"
|
||||
"sha256:84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d",
|
||||
"sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2022.5.18.1"
|
||||
"version": "==2022.6.15"
|
||||
},
|
||||
"cffi": {
|
||||
"hashes": [
|
||||
"sha256:00c878c90cb53ccfaae6b8bc18ad05d2036553e6d9d1d9dbcf323bbe83854ca3",
|
||||
"sha256:0104fb5ae2391d46a4cb082abdd5c69ea4eab79d8d44eaaf79f1b1fd806ee4c2",
|
||||
"sha256:06c48159c1abed75c2e721b1715c379fa3200c7784271b3c46df01383b593636",
|
||||
"sha256:0808014eb713677ec1292301ea4c81ad277b6cdf2fdd90fd540af98c0b101d20",
|
||||
"sha256:10dffb601ccfb65262a27233ac273d552ddc4d8ae1bf93b21c94b8511bffe728",
|
||||
"sha256:14cd121ea63ecdae71efa69c15c5543a4b5fbcd0bbe2aad864baca0063cecf27",
|
||||
"sha256:17771976e82e9f94976180f76468546834d22a7cc404b17c22df2a2c81db0c66",
|
||||
"sha256:181dee03b1170ff1969489acf1c26533710231c58f95534e3edac87fff06c443",
|
||||
"sha256:23cfe892bd5dd8941608f93348c0737e369e51c100d03718f108bf1add7bd6d0",
|
||||
"sha256:263cc3d821c4ab2213cbe8cd8b355a7f72a8324577dc865ef98487c1aeee2bc7",
|
||||
"sha256:2756c88cbb94231c7a147402476be2c4df2f6078099a6f4a480d239a8817ae39",
|
||||
"sha256:27c219baf94952ae9d50ec19651a687b826792055353d07648a5695413e0c605",
|
||||
"sha256:2a23af14f408d53d5e6cd4e3d9a24ff9e05906ad574822a10563efcef137979a",
|
||||
"sha256:31fb708d9d7c3f49a60f04cf5b119aeefe5644daba1cd2a0fe389b674fd1de37",
|
||||
"sha256:3415c89f9204ee60cd09b235810be700e993e343a408693e80ce7f6a40108029",
|
||||
"sha256:3773c4d81e6e818df2efbc7dd77325ca0dcb688116050fb2b3011218eda36139",
|
||||
"sha256:3b96a311ac60a3f6be21d2572e46ce67f09abcf4d09344c49274eb9e0bf345fc",
|
||||
"sha256:3f7d084648d77af029acb79a0ff49a0ad7e9d09057a9bf46596dac9514dc07df",
|
||||
"sha256:41d45de54cd277a7878919867c0f08b0cf817605e4eb94093e7516505d3c8d14",
|
||||
"sha256:4238e6dab5d6a8ba812de994bbb0a79bddbdf80994e4ce802b6f6f3142fcc880",
|
||||
"sha256:45db3a33139e9c8f7c09234b5784a5e33d31fd6907800b316decad50af323ff2",
|
||||
"sha256:45e8636704eacc432a206ac7345a5d3d2c62d95a507ec70d62f23cd91770482a",
|
||||
"sha256:4958391dbd6249d7ad855b9ca88fae690783a6be9e86df65865058ed81fc860e",
|
||||
"sha256:4a306fa632e8f0928956a41fa8e1d6243c71e7eb59ffbd165fc0b41e316b2474",
|
||||
"sha256:57e9ac9ccc3101fac9d6014fba037473e4358ef4e89f8e181f8951a2c0162024",
|
||||
"sha256:59888172256cac5629e60e72e86598027aca6bf01fa2465bdb676d37636573e8",
|
||||
"sha256:5e069f72d497312b24fcc02073d70cb989045d1c91cbd53979366077959933e0",
|
||||
"sha256:64d4ec9f448dfe041705426000cc13e34e6e5bb13736e9fd62e34a0b0c41566e",
|
||||
"sha256:6dc2737a3674b3e344847c8686cf29e500584ccad76204efea14f451d4cc669a",
|
||||
"sha256:74fdfdbfdc48d3f47148976f49fab3251e550a8720bebc99bf1483f5bfb5db3e",
|
||||
"sha256:75e4024375654472cc27e91cbe9eaa08567f7fbdf822638be2814ce059f58032",
|
||||
"sha256:786902fb9ba7433aae840e0ed609f45c7bcd4e225ebb9c753aa39725bb3e6ad6",
|
||||
"sha256:8b6c2ea03845c9f501ed1313e78de148cd3f6cad741a75d43a29b43da27f2e1e",
|
||||
"sha256:91d77d2a782be4274da750752bb1650a97bfd8f291022b379bb8e01c66b4e96b",
|
||||
"sha256:91ec59c33514b7c7559a6acda53bbfe1b283949c34fe7440bcf917f96ac0723e",
|
||||
"sha256:920f0d66a896c2d99f0adbb391f990a84091179542c205fa53ce5787aff87954",
|
||||
"sha256:a5263e363c27b653a90078143adb3d076c1a748ec9ecc78ea2fb916f9b861962",
|
||||
"sha256:abb9a20a72ac4e0fdb50dae135ba5e77880518e742077ced47eb1499e29a443c",
|
||||
"sha256:c2051981a968d7de9dd2d7b87bcb9c939c74a34626a6e2f8181455dd49ed69e4",
|
||||
"sha256:c21c9e3896c23007803a875460fb786118f0cdd4434359577ea25eb556e34c55",
|
||||
"sha256:c2502a1a03b6312837279c8c1bd3ebedf6c12c4228ddbad40912d671ccc8a962",
|
||||
"sha256:d4d692a89c5cf08a8557fdeb329b82e7bf609aadfaed6c0d79f5a449a3c7c023",
|
||||
"sha256:da5db4e883f1ce37f55c667e5c0de439df76ac4cb55964655906306918e7363c",
|
||||
"sha256:e7022a66d9b55e93e1a845d8c9eba2a1bebd4966cd8bfc25d9cd07d515b33fa6",
|
||||
"sha256:ef1f279350da2c586a69d32fc8733092fd32cc8ac95139a00377841f59a3f8d8",
|
||||
"sha256:f54a64f8b0c8ff0b64d18aa76675262e1700f3995182267998c31ae974fbc382",
|
||||
"sha256:f5c7150ad32ba43a07c4479f40241756145a1f03b43480e058cfd862bf5041c7",
|
||||
"sha256:f6f824dc3bce0edab5f427efcfb1d63ee75b6fcb7282900ccaf925be84efb0fc",
|
||||
"sha256:fd8a250edc26254fe5b33be00402e6d287f562b6a5b2152dec302fa15bb3e997",
|
||||
"sha256:ffaa5c925128e29efbde7301d8ecaf35c8c60ffbcd6a1ffd3a552177c8e5e796"
|
||||
"sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5",
|
||||
"sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef",
|
||||
"sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104",
|
||||
"sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426",
|
||||
"sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405",
|
||||
"sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375",
|
||||
"sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a",
|
||||
"sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e",
|
||||
"sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc",
|
||||
"sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf",
|
||||
"sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185",
|
||||
"sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497",
|
||||
"sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3",
|
||||
"sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35",
|
||||
"sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c",
|
||||
"sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83",
|
||||
"sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21",
|
||||
"sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca",
|
||||
"sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984",
|
||||
"sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac",
|
||||
"sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd",
|
||||
"sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee",
|
||||
"sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a",
|
||||
"sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2",
|
||||
"sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192",
|
||||
"sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7",
|
||||
"sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585",
|
||||
"sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f",
|
||||
"sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e",
|
||||
"sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27",
|
||||
"sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b",
|
||||
"sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e",
|
||||
"sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e",
|
||||
"sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d",
|
||||
"sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c",
|
||||
"sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415",
|
||||
"sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82",
|
||||
"sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02",
|
||||
"sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314",
|
||||
"sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325",
|
||||
"sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c",
|
||||
"sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3",
|
||||
"sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914",
|
||||
"sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045",
|
||||
"sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d",
|
||||
"sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9",
|
||||
"sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5",
|
||||
"sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2",
|
||||
"sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c",
|
||||
"sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3",
|
||||
"sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2",
|
||||
"sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8",
|
||||
"sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d",
|
||||
"sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d",
|
||||
"sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9",
|
||||
"sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162",
|
||||
"sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76",
|
||||
"sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4",
|
||||
"sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e",
|
||||
"sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9",
|
||||
"sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6",
|
||||
"sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b",
|
||||
"sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01",
|
||||
"sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0"
|
||||
],
|
||||
"version": "==1.15.0"
|
||||
"version": "==1.15.1"
|
||||
},
|
||||
"charset-normalizer": {
|
||||
"hashes": [
|
||||
"sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
|
||||
"sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
|
||||
"sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5",
|
||||
"sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413"
|
||||
],
|
||||
"markers": "python_version >= '3.0'",
|
||||
"version": "==2.0.12"
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2.1.0"
|
||||
},
|
||||
"click": {
|
||||
"hashes": [
|
||||
@ -174,24 +188,24 @@
|
||||
"sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff",
|
||||
"sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
|
||||
],
|
||||
"markers": "python_version >= '3.0'",
|
||||
"markers": "python_version >= '3.5'",
|
||||
"version": "==3.3"
|
||||
},
|
||||
"importlib-metadata": {
|
||||
"hashes": [
|
||||
"sha256:5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700",
|
||||
"sha256:c58c8eb8a762858f49e18436ff552e83914778e50e9d2f1660535ffb364552ec"
|
||||
"sha256:637245b8bab2b6502fcbc752cc4b7a6f6243bb02b31c5c26156ad103d3d45670",
|
||||
"sha256:7401a975809ea1fdc658c3aa4f78cc2195a0e019c5cbc4c06122884e9ae80c23"
|
||||
],
|
||||
"markers": "python_version < '3.10'",
|
||||
"version": "==4.11.4"
|
||||
"version": "==4.12.0"
|
||||
},
|
||||
"jinja2": {
|
||||
"hashes": [
|
||||
"sha256:077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8",
|
||||
"sha256:611bb273cd68f3b993fabdc4064fc858c5b47a973cb5aa7999ec1ba405c87cd7"
|
||||
"sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852",
|
||||
"sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==3.0.3"
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==3.1.2"
|
||||
},
|
||||
"jsmin": {
|
||||
"hashes": [
|
||||
@ -201,70 +215,79 @@
|
||||
},
|
||||
"lxml": {
|
||||
"hashes": [
|
||||
"sha256:078306d19a33920004addeb5f4630781aaeabb6a8d01398045fcde085091a169",
|
||||
"sha256:0c1978ff1fd81ed9dcbba4f91cf09faf1f8082c9d72eb122e92294716c605428",
|
||||
"sha256:1010042bfcac2b2dc6098260a2ed022968dbdfaf285fc65a3acf8e4eb1ffd1bc",
|
||||
"sha256:1d650812b52d98679ed6c6b3b55cbb8fe5a5460a0aef29aeb08dc0b44577df85",
|
||||
"sha256:20b8a746a026017acf07da39fdb10aa80ad9877046c9182442bf80c84a1c4696",
|
||||
"sha256:2403a6d6fb61c285969b71f4a3527873fe93fd0abe0832d858a17fe68c8fa507",
|
||||
"sha256:24f5c5ae618395ed871b3d8ebfcbb36e3f1091fd847bf54c4de623f9107942f3",
|
||||
"sha256:28d1af847786f68bec57961f31221125c29d6f52d9187c01cd34dc14e2b29430",
|
||||
"sha256:31499847fc5f73ee17dbe1b8e24c6dafc4e8d5b48803d17d22988976b0171f03",
|
||||
"sha256:31ba2cbc64516dcdd6c24418daa7abff989ddf3ba6d3ea6f6ce6f2ed6e754ec9",
|
||||
"sha256:330bff92c26d4aee79c5bc4d9967858bdbe73fdbdbacb5daf623a03a914fe05b",
|
||||
"sha256:5045ee1ccd45a89c4daec1160217d363fcd23811e26734688007c26f28c9e9e7",
|
||||
"sha256:52cbf2ff155b19dc4d4100f7442f6a697938bf4493f8d3b0c51d45568d5666b5",
|
||||
"sha256:530f278849031b0eb12f46cca0e5db01cfe5177ab13bd6878c6e739319bae654",
|
||||
"sha256:545bd39c9481f2e3f2727c78c169425efbfb3fbba6e7db4f46a80ebb249819ca",
|
||||
"sha256:5804e04feb4e61babf3911c2a974a5b86f66ee227cc5006230b00ac6d285b3a9",
|
||||
"sha256:5a58d0b12f5053e270510bf12f753a76aaf3d74c453c00942ed7d2c804ca845c",
|
||||
"sha256:5f148b0c6133fb928503cfcdfdba395010f997aa44bcf6474fcdd0c5398d9b63",
|
||||
"sha256:5f7d7d9afc7b293147e2d506a4596641d60181a35279ef3aa5778d0d9d9123fe",
|
||||
"sha256:60d2f60bd5a2a979df28ab309352cdcf8181bda0cca4529769a945f09aba06f9",
|
||||
"sha256:6259b511b0f2527e6d55ad87acc1c07b3cbffc3d5e050d7e7bcfa151b8202df9",
|
||||
"sha256:6268e27873a3d191849204d00d03f65c0e343b3bcb518a6eaae05677c95621d1",
|
||||
"sha256:627e79894770783c129cc5e89b947e52aa26e8e0557c7e205368a809da4b7939",
|
||||
"sha256:62f93eac69ec0f4be98d1b96f4d6b964855b8255c345c17ff12c20b93f247b68",
|
||||
"sha256:6d6483b1229470e1d8835e52e0ff3c6973b9b97b24cd1c116dca90b57a2cc613",
|
||||
"sha256:6f7b82934c08e28a2d537d870293236b1000d94d0b4583825ab9649aef7ddf63",
|
||||
"sha256:6fe4ef4402df0250b75ba876c3795510d782def5c1e63890bde02d622570d39e",
|
||||
"sha256:719544565c2937c21a6f76d520e6e52b726d132815adb3447ccffbe9f44203c4",
|
||||
"sha256:730766072fd5dcb219dd2b95c4c49752a54f00157f322bc6d71f7d2a31fecd79",
|
||||
"sha256:74eb65ec61e3c7c019d7169387d1b6ffcfea1b9ec5894d116a9a903636e4a0b1",
|
||||
"sha256:7993232bd4044392c47779a3c7e8889fea6883be46281d45a81451acfd704d7e",
|
||||
"sha256:80bbaddf2baab7e6de4bc47405e34948e694a9efe0861c61cdc23aa774fcb141",
|
||||
"sha256:86545e351e879d0b72b620db6a3b96346921fa87b3d366d6c074e5a9a0b8dadb",
|
||||
"sha256:891dc8f522d7059ff0024cd3ae79fd224752676447f9c678f2a5c14b84d9a939",
|
||||
"sha256:8a31f24e2a0b6317f33aafbb2f0895c0bce772980ae60c2c640d82caac49628a",
|
||||
"sha256:8b99ec73073b37f9ebe8caf399001848fced9c08064effdbfc4da2b5a8d07b93",
|
||||
"sha256:986b7a96228c9b4942ec420eff37556c5777bfba6758edcb95421e4a614b57f9",
|
||||
"sha256:a1547ff4b8a833511eeaceacbcd17b043214fcdb385148f9c1bc5556ca9623e2",
|
||||
"sha256:a2bfc7e2a0601b475477c954bf167dee6d0f55cb167e3f3e7cefad906e7759f6",
|
||||
"sha256:a3c5f1a719aa11866ffc530d54ad965063a8cbbecae6515acbd5f0fae8f48eaa",
|
||||
"sha256:a9f1c3489736ff8e1c7652e9dc39f80cff820f23624f23d9eab6e122ac99b150",
|
||||
"sha256:aa0cf4922da7a3c905d000b35065df6184c0dc1d866dd3b86fd961905bbad2ea",
|
||||
"sha256:ad4332a532e2d5acb231a2e5d33f943750091ee435daffca3fec0a53224e7e33",
|
||||
"sha256:b2582b238e1658c4061ebe1b4df53c435190d22457642377fd0cb30685cdfb76",
|
||||
"sha256:b6fc2e2fb6f532cf48b5fed57567ef286addcef38c28874458a41b7837a57807",
|
||||
"sha256:b92d40121dcbd74831b690a75533da703750f7041b4bf951befc657c37e5695a",
|
||||
"sha256:bbab6faf6568484707acc052f4dfc3802bdb0cafe079383fbaa23f1cdae9ecd4",
|
||||
"sha256:c0b88ed1ae66777a798dc54f627e32d3b81c8009967c63993c450ee4cbcbec15",
|
||||
"sha256:ce13d6291a5f47c1c8dbd375baa78551053bc6b5e5c0e9bb8e39c0a8359fd52f",
|
||||
"sha256:db3535733f59e5605a88a706824dfcb9bd06725e709ecb017e165fc1d6e7d429",
|
||||
"sha256:dd10383f1d6b7edf247d0960a3db274c07e96cf3a3fc7c41c8448f93eac3fb1c",
|
||||
"sha256:e01f9531ba5420838c801c21c1b0f45dbc9607cb22ea2cf132844453bec863a5",
|
||||
"sha256:e11527dc23d5ef44d76fef11213215c34f36af1608074561fcc561d983aeb870",
|
||||
"sha256:e1ab2fac607842ac36864e358c42feb0960ae62c34aa4caaf12ada0a1fb5d99b",
|
||||
"sha256:e1fd7d2fe11f1cb63d3336d147c852f6d07de0d0020d704c6031b46a30b02ca8",
|
||||
"sha256:e9f84ed9f4d50b74fbc77298ee5c870f67cb7e91dcdc1a6915cb1ff6a317476c",
|
||||
"sha256:ec4b4e75fc68da9dc0ed73dcdb431c25c57775383fec325d23a770a64e7ebc87",
|
||||
"sha256:f10ce66fcdeb3543df51d423ede7e238be98412232fca5daec3e54bcd16b8da0",
|
||||
"sha256:f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23",
|
||||
"sha256:fa56bb08b3dd8eac3a8c5b7d075c94e74f755fd9d8a04543ae8d37b1612dd170",
|
||||
"sha256:fa9b7c450be85bfc6cd39f6df8c5b8cbd76b5d6fc1f69efec80203f9894b885f"
|
||||
"sha256:04da965dfebb5dac2619cb90fcf93efdb35b3c6994fea58a157a834f2f94b318",
|
||||
"sha256:0538747a9d7827ce3e16a8fdd201a99e661c7dee3c96c885d8ecba3c35d1032c",
|
||||
"sha256:0645e934e940107e2fdbe7c5b6fb8ec6232444260752598bc4d09511bd056c0b",
|
||||
"sha256:079b68f197c796e42aa80b1f739f058dcee796dc725cc9a1be0cdb08fc45b000",
|
||||
"sha256:0f3f0059891d3254c7b5fb935330d6db38d6519ecd238ca4fce93c234b4a0f73",
|
||||
"sha256:10d2017f9150248563bb579cd0d07c61c58da85c922b780060dcc9a3aa9f432d",
|
||||
"sha256:1355755b62c28950f9ce123c7a41460ed9743c699905cbe664a5bcc5c9c7c7fb",
|
||||
"sha256:13c90064b224e10c14dcdf8086688d3f0e612db53766e7478d7754703295c7c8",
|
||||
"sha256:1423631e3d51008871299525b541413c9b6c6423593e89f9c4cfbe8460afc0a2",
|
||||
"sha256:1436cf0063bba7888e43f1ba8d58824f085410ea2025befe81150aceb123e345",
|
||||
"sha256:1a7c59c6ffd6ef5db362b798f350e24ab2cfa5700d53ac6681918f314a4d3b94",
|
||||
"sha256:1e1cf47774373777936c5aabad489fef7b1c087dcd1f426b621fda9dcc12994e",
|
||||
"sha256:206a51077773c6c5d2ce1991327cda719063a47adc02bd703c56a662cdb6c58b",
|
||||
"sha256:21fb3d24ab430fc538a96e9fbb9b150029914805d551deeac7d7822f64631dfc",
|
||||
"sha256:27e590352c76156f50f538dbcebd1925317a0f70540f7dc8c97d2931c595783a",
|
||||
"sha256:287605bede6bd36e930577c5925fcea17cb30453d96a7b4c63c14a257118dbb9",
|
||||
"sha256:2aaf6a0a6465d39b5ca69688fce82d20088c1838534982996ec46633dc7ad6cc",
|
||||
"sha256:32a73c53783becdb7eaf75a2a1525ea8e49379fb7248c3eeefb9412123536387",
|
||||
"sha256:41fb58868b816c202e8881fd0f179a4644ce6e7cbbb248ef0283a34b73ec73bb",
|
||||
"sha256:4780677767dd52b99f0af1f123bc2c22873d30b474aa0e2fc3fe5e02217687c7",
|
||||
"sha256:4878e667ebabe9b65e785ac8da4d48886fe81193a84bbe49f12acff8f7a383a4",
|
||||
"sha256:487c8e61d7acc50b8be82bda8c8d21d20e133c3cbf41bd8ad7eb1aaeb3f07c97",
|
||||
"sha256:4beea0f31491bc086991b97517b9683e5cfb369205dac0148ef685ac12a20a67",
|
||||
"sha256:4cfbe42c686f33944e12f45a27d25a492cc0e43e1dc1da5d6a87cbcaf2e95627",
|
||||
"sha256:4d5bae0a37af799207140652a700f21a85946f107a199bcb06720b13a4f1f0b7",
|
||||
"sha256:4e285b5f2bf321fc0857b491b5028c5f276ec0c873b985d58d7748ece1d770dd",
|
||||
"sha256:57e4d637258703d14171b54203fd6822fda218c6c2658a7d30816b10995f29f3",
|
||||
"sha256:5974895115737a74a00b321e339b9c3f45c20275d226398ae79ac008d908bff7",
|
||||
"sha256:5ef87fca280fb15342726bd5f980f6faf8b84a5287fcc2d4962ea8af88b35130",
|
||||
"sha256:603a464c2e67d8a546ddaa206d98e3246e5db05594b97db844c2f0a1af37cf5b",
|
||||
"sha256:6653071f4f9bac46fbc30f3c7838b0e9063ee335908c5d61fb7a4a86c8fd2036",
|
||||
"sha256:6ca2264f341dd81e41f3fffecec6e446aa2121e0b8d026fb5130e02de1402785",
|
||||
"sha256:6d279033bf614953c3fc4a0aa9ac33a21e8044ca72d4fa8b9273fe75359d5cca",
|
||||
"sha256:6d949f53ad4fc7cf02c44d6678e7ff05ec5f5552b235b9e136bd52e9bf730b91",
|
||||
"sha256:6daa662aba22ef3258934105be2dd9afa5bb45748f4f702a3b39a5bf53a1f4dc",
|
||||
"sha256:6eafc048ea3f1b3c136c71a86db393be36b5b3d9c87b1c25204e7d397cee9536",
|
||||
"sha256:830c88747dce8a3e7525defa68afd742b4580df6aa2fdd6f0855481e3994d391",
|
||||
"sha256:86e92728ef3fc842c50a5cb1d5ba2bc66db7da08a7af53fb3da79e202d1b2cd3",
|
||||
"sha256:8caf4d16b31961e964c62194ea3e26a0e9561cdf72eecb1781458b67ec83423d",
|
||||
"sha256:8d1a92d8e90b286d491e5626af53afef2ba04da33e82e30744795c71880eaa21",
|
||||
"sha256:8f0a4d179c9a941eb80c3a63cdb495e539e064f8054230844dcf2fcb812b71d3",
|
||||
"sha256:9232b09f5efee6a495a99ae6824881940d6447debe272ea400c02e3b68aad85d",
|
||||
"sha256:927a9dd016d6033bc12e0bf5dee1dde140235fc8d0d51099353c76081c03dc29",
|
||||
"sha256:93e414e3206779ef41e5ff2448067213febf260ba747fc65389a3ddaa3fb8715",
|
||||
"sha256:98cafc618614d72b02185ac583c6f7796202062c41d2eeecdf07820bad3295ed",
|
||||
"sha256:9c3a88d20e4fe4a2a4a84bf439a5ac9c9aba400b85244c63a1ab7088f85d9d25",
|
||||
"sha256:9f36de4cd0c262dd9927886cc2305aa3f2210db437aa4fed3fb4940b8bf4592c",
|
||||
"sha256:a60f90bba4c37962cbf210f0188ecca87daafdf60271f4c6948606e4dabf8785",
|
||||
"sha256:a614e4afed58c14254e67862456d212c4dcceebab2eaa44d627c2ca04bf86837",
|
||||
"sha256:ae06c1e4bc60ee076292e582a7512f304abdf6c70db59b56745cca1684f875a4",
|
||||
"sha256:b122a188cd292c4d2fcd78d04f863b789ef43aa129b233d7c9004de08693728b",
|
||||
"sha256:b570da8cd0012f4af9fa76a5635cd31f707473e65a5a335b186069d5c7121ff2",
|
||||
"sha256:bcaa1c495ce623966d9fc8a187da80082334236a2a1c7e141763ffaf7a405067",
|
||||
"sha256:bd34f6d1810d9354dc7e35158aa6cc33456be7706df4420819af6ed966e85448",
|
||||
"sha256:be9eb06489bc975c38706902cbc6888f39e946b81383abc2838d186f0e8b6a9d",
|
||||
"sha256:c4b2e0559b68455c085fb0f6178e9752c4be3bba104d6e881eb5573b399d1eb2",
|
||||
"sha256:c62e8dd9754b7debda0c5ba59d34509c4688f853588d75b53c3791983faa96fc",
|
||||
"sha256:c852b1530083a620cb0de5f3cd6826f19862bafeaf77586f1aef326e49d95f0c",
|
||||
"sha256:d9fc0bf3ff86c17348dfc5d322f627d78273eba545db865c3cd14b3f19e57fa5",
|
||||
"sha256:dad7b164905d3e534883281c050180afcf1e230c3d4a54e8038aa5cfcf312b84",
|
||||
"sha256:e5f66bdf0976ec667fc4594d2812a00b07ed14d1b44259d19a41ae3fff99f2b8",
|
||||
"sha256:e8f0c9d65da595cfe91713bc1222af9ecabd37971762cb830dea2fc3b3bb2acf",
|
||||
"sha256:edffbe3c510d8f4bf8640e02ca019e48a9b72357318383ca60e3330c23aaffc7",
|
||||
"sha256:eea5d6443b093e1545ad0210e6cf27f920482bfcf5c77cdc8596aec73523bb7e",
|
||||
"sha256:ef72013e20dd5ba86a8ae1aed7f56f31d3374189aa8b433e7b12ad182c0d2dfb",
|
||||
"sha256:f05251bbc2145349b8d0b77c0d4e5f3b228418807b1ee27cefb11f69ed3d233b",
|
||||
"sha256:f1be258c4d3dc609e654a1dc59d37b17d7fef05df912c01fc2e15eb43a9735f3",
|
||||
"sha256:f9ced82717c7ec65a67667bb05865ffe38af0e835cdd78728f1209c8fffe0cad",
|
||||
"sha256:fe17d10b97fdf58155f858606bddb4e037b805a60ae023c009f760d8361a4eb8",
|
||||
"sha256:fe749b052bb7233fe5d072fcb549221a8cb1a16725c47c37e42b0b9cb3ff2c3f"
|
||||
],
|
||||
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
|
||||
"version": "==4.8.0"
|
||||
"version": "==4.9.1"
|
||||
},
|
||||
"markdown": {
|
||||
"hashes": [
|
||||
@ -330,23 +353,31 @@
|
||||
},
|
||||
"mkdocs": {
|
||||
"hashes": [
|
||||
"sha256:26bd2b03d739ac57a3e6eed0b7bcc86168703b719c27b99ad6ca91dc439aacde",
|
||||
"sha256:b504405b04da38795fec9b2e5e28f6aa3a73bb0960cb6d5d27ead28952bd35ea"
|
||||
"sha256:a41a2ff25ce3bbacc953f9844ba07d106233cd76c88bac1f59cb1564ac0d87ed",
|
||||
"sha256:fda92466393127d2da830bc6edc3a625a14b436316d1caf347690648e774c4f0"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==1.3.0"
|
||||
"version": "==1.3.1"
|
||||
},
|
||||
"mkdocs-git-committers-plugin-2": {
|
||||
"hashes": [
|
||||
"sha256:5da4d790377133d610c0c81fb4989f266b2c9bfaed74866d58af0045926c7753",
|
||||
"sha256:69f38a84bfdc6ecd35778d888b51c40f249f52ed4d1cbc77d5464b6c1c1493f8"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==0.4.3"
|
||||
},
|
||||
"mkdocs-git-revision-date-localized-plugin": {
|
||||
"hashes": [
|
||||
"sha256:f3e020b445e7b4fb4e58ccd46b07adecbca0f85ac1659e1a63e38b8779c81ba7",
|
||||
"sha256:ffcf206b5108d9f729af6cd42377d2e0e25c080817fdad0119549ac924b526f3"
|
||||
"sha256:38517e2084229da1a1b9460e846c2748d238c2d79efd405d1b9174a87bd81d79",
|
||||
"sha256:4ba0e49abea3e9f6ee26e2623ff7283873da657471c61f1d0cfbb986f403316d"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==1.0.1"
|
||||
"version": "==1.1.0"
|
||||
},
|
||||
"mkdocs-material": {
|
||||
"path": "./mkdocs-material",
|
||||
"version": "==8.2.15+insiders.4.15.1"
|
||||
"version": "==8.3.9+insiders.4.21.0"
|
||||
},
|
||||
"mkdocs-material-extensions": {
|
||||
"hashes": [
|
||||
@ -374,10 +405,10 @@
|
||||
},
|
||||
"mkdocs-static-i18n": {
|
||||
"hashes": [
|
||||
"sha256:5d69b4eb284931bd048a36f923367f2a7bd0dc7b0438008dce8ca1a8feee99e2"
|
||||
"sha256:9a13987c1a1afdb2b9f532f7c1597c2b6e747b4015f4adc1ebd65843b8bf1378"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==0.45"
|
||||
"version": "==0.46"
|
||||
},
|
||||
"packaging": {
|
||||
"hashes": [
|
||||
@ -389,47 +420,67 @@
|
||||
},
|
||||
"pillow": {
|
||||
"hashes": [
|
||||
"sha256:088df396b047477dd1bbc7de6e22f58400dae2f21310d9e2ec2933b2ef7dfa4f",
|
||||
"sha256:09e67ef6e430f90caa093528bd758b0616f8165e57ed8d8ce014ae32df6a831d",
|
||||
"sha256:0b4d5ad2cd3a1f0d1df882d926b37dbb2ab6c823ae21d041b46910c8f8cd844b",
|
||||
"sha256:0b525a356680022b0af53385944026d3486fc8c013638cf9900eb87c866afb4c",
|
||||
"sha256:1d4331aeb12f6b3791911a6da82de72257a99ad99726ed6b63f481c0184b6fb9",
|
||||
"sha256:20d514c989fa28e73a5adbddd7a171afa5824710d0ab06d4e1234195d2a2e546",
|
||||
"sha256:2b291cab8a888658d72b575a03e340509b6b050b62db1f5539dd5cd18fd50578",
|
||||
"sha256:3f6c1716c473ebd1649663bf3b42702d0d53e27af8b64642be0dd3598c761fb1",
|
||||
"sha256:42dfefbef90eb67c10c45a73a9bc1599d4dac920f7dfcbf4ec6b80cb620757fe",
|
||||
"sha256:488f3383cf5159907d48d32957ac6f9ea85ccdcc296c14eca1a4e396ecc32098",
|
||||
"sha256:4d45dbe4b21a9679c3e8b3f7f4f42a45a7d3ddff8a4a16109dff0e1da30a35b2",
|
||||
"sha256:53c27bd452e0f1bc4bfed07ceb235663a1df7c74df08e37fd6b03eb89454946a",
|
||||
"sha256:55e74faf8359ddda43fee01bffbc5bd99d96ea508d8a08c527099e84eb708f45",
|
||||
"sha256:59789a7d06c742e9d13b883d5e3569188c16acb02eeed2510fd3bfdbc1bd1530",
|
||||
"sha256:5b650dbbc0969a4e226d98a0b440c2f07a850896aed9266b6fedc0f7e7834108",
|
||||
"sha256:66daa16952d5bf0c9d5389c5e9df562922a59bd16d77e2a276e575d32e38afd1",
|
||||
"sha256:6e760cf01259a1c0a50f3c845f9cad1af30577fd8b670339b1659c6d0e7a41dd",
|
||||
"sha256:7502539939b53d7565f3d11d87c78e7ec900d3c72945d4ee0e2f250d598309a0",
|
||||
"sha256:769a7f131a2f43752455cc72f9f7a093c3ff3856bf976c5fb53a59d0ccc704f6",
|
||||
"sha256:7c150dbbb4a94ea4825d1e5f2c5501af7141ea95825fadd7829f9b11c97aaf6c",
|
||||
"sha256:8844217cdf66eabe39567118f229e275f0727e9195635a15e0e4b9227458daaf",
|
||||
"sha256:8a66fe50386162df2da701b3722781cbe90ce043e7d53c1fd6bd801bca6b48d4",
|
||||
"sha256:9370d6744d379f2de5d7fa95cdbd3a4d92f0b0ef29609b4b1687f16bc197063d",
|
||||
"sha256:937a54e5694684f74dcbf6e24cc453bfc5b33940216ddd8f4cd8f0f79167f765",
|
||||
"sha256:9c857532c719fb30fafabd2371ce9b7031812ff3889d75273827633bca0c4602",
|
||||
"sha256:a4165205a13b16a29e1ac57efeee6be2dfd5b5408122d59ef2145bc3239fa340",
|
||||
"sha256:b3fe2ff1e1715d4475d7e2c3e8dabd7c025f4410f79513b4ff2de3d51ce0fa9c",
|
||||
"sha256:b6617221ff08fbd3b7a811950b5c3f9367f6e941b86259843eab77c8e3d2b56b",
|
||||
"sha256:b761727ed7d593e49671d1827044b942dd2f4caae6e51bab144d4accf8244a84",
|
||||
"sha256:baf3be0b9446a4083cc0c5bb9f9c964034be5374b5bc09757be89f5d2fa247b8",
|
||||
"sha256:c17770a62a71718a74b7548098a74cd6880be16bcfff5f937f900ead90ca8e92",
|
||||
"sha256:c67db410508b9de9c4694c57ed754b65a460e4812126e87f5052ecf23a011a54",
|
||||
"sha256:d78ca526a559fb84faaaf84da2dd4addef5edb109db8b81677c0bb1aad342601",
|
||||
"sha256:e9ed59d1b6ee837f4515b9584f3d26cf0388b742a11ecdae0d9237a94505d03a",
|
||||
"sha256:f054b020c4d7e9786ae0404278ea318768eb123403b18453e28e47cdb7a0a4bf",
|
||||
"sha256:f372d0f08eff1475ef426344efe42493f71f377ec52237bf153c5713de987251",
|
||||
"sha256:f3f6a6034140e9e17e9abc175fc7a266a6e63652028e157750bd98e804a8ed9a",
|
||||
"sha256:ffde4c6fabb52891d81606411cbfaf77756e3b561b566efd270b3ed3791fde4e"
|
||||
"sha256:0030fdbd926fb85844b8b92e2f9449ba89607231d3dd597a21ae72dc7fe26927",
|
||||
"sha256:030e3460861488e249731c3e7ab59b07c7853838ff3b8e16aac9561bb345da14",
|
||||
"sha256:0ed2c4ef2451de908c90436d6e8092e13a43992f1860275b4d8082667fbb2ffc",
|
||||
"sha256:136659638f61a251e8ed3b331fc6ccd124590eeff539de57c5f80ef3a9594e58",
|
||||
"sha256:13b725463f32df1bfeacbf3dd197fb358ae8ebcd8c5548faa75126ea425ccb60",
|
||||
"sha256:1536ad017a9f789430fb6b8be8bf99d2f214c76502becc196c6f2d9a75b01b76",
|
||||
"sha256:15928f824870535c85dbf949c09d6ae7d3d6ac2d6efec80f3227f73eefba741c",
|
||||
"sha256:17d4cafe22f050b46d983b71c707162d63d796a1235cdf8b9d7a112e97b15bac",
|
||||
"sha256:1802f34298f5ba11d55e5bb09c31997dc0c6aed919658dfdf0198a2fe75d5490",
|
||||
"sha256:1cc1d2451e8a3b4bfdb9caf745b58e6c7a77d2e469159b0d527a4554d73694d1",
|
||||
"sha256:1fd6f5e3c0e4697fa7eb45b6e93996299f3feee73a3175fa451f49a74d092b9f",
|
||||
"sha256:254164c57bab4b459f14c64e93df11eff5ded575192c294a0c49270f22c5d93d",
|
||||
"sha256:2ad0d4df0f5ef2247e27fc790d5c9b5a0af8ade9ba340db4a73bb1a4a3e5fb4f",
|
||||
"sha256:2c58b24e3a63efd22554c676d81b0e57f80e0a7d3a5874a7e14ce90ec40d3069",
|
||||
"sha256:2d33a11f601213dcd5718109c09a52c2a1c893e7461f0be2d6febc2879ec2402",
|
||||
"sha256:337a74fd2f291c607d220c793a8135273c4c2ab001b03e601c36766005f36885",
|
||||
"sha256:37ff6b522a26d0538b753f0b4e8e164fdada12db6c6f00f62145d732d8a3152e",
|
||||
"sha256:3d1f14f5f691f55e1b47f824ca4fdcb4b19b4323fe43cc7bb105988cad7496be",
|
||||
"sha256:408673ed75594933714482501fe97e055a42996087eeca7e5d06e33218d05aa8",
|
||||
"sha256:4134d3f1ba5f15027ff5c04296f13328fecd46921424084516bdb1b2548e66ff",
|
||||
"sha256:4ad2f835e0ad81d1689f1b7e3fbac7b01bb8777d5a985c8962bedee0cc6d43da",
|
||||
"sha256:50dff9cc21826d2977ef2d2a205504034e3a4563ca6f5db739b0d1026658e004",
|
||||
"sha256:510cef4a3f401c246cfd8227b300828715dd055463cdca6176c2e4036df8bd4f",
|
||||
"sha256:5aed7dde98403cd91d86a1115c78d8145c83078e864c1de1064f52e6feb61b20",
|
||||
"sha256:69bd1a15d7ba3694631e00df8de65a8cb031911ca11f44929c97fe05eb9b6c1d",
|
||||
"sha256:6bf088c1ce160f50ea40764f825ec9b72ed9da25346216b91361eef8ad1b8f8c",
|
||||
"sha256:6e8c66f70fb539301e064f6478d7453e820d8a2c631da948a23384865cd95544",
|
||||
"sha256:727dd1389bc5cb9827cbd1f9d40d2c2a1a0c9b32dd2261db522d22a604a6eec9",
|
||||
"sha256:74a04183e6e64930b667d321524e3c5361094bb4af9083db5c301db64cd341f3",
|
||||
"sha256:75e636fd3e0fb872693f23ccb8a5ff2cd578801251f3a4f6854c6a5d437d3c04",
|
||||
"sha256:7761afe0126d046974a01e030ae7529ed0ca6a196de3ec6937c11df0df1bc91c",
|
||||
"sha256:7888310f6214f19ab2b6df90f3f06afa3df7ef7355fc025e78a3044737fab1f5",
|
||||
"sha256:7b0554af24df2bf96618dac71ddada02420f946be943b181108cac55a7a2dcd4",
|
||||
"sha256:7c7b502bc34f6e32ba022b4a209638f9e097d7a9098104ae420eb8186217ebbb",
|
||||
"sha256:808add66ea764ed97d44dda1ac4f2cfec4c1867d9efb16a33d158be79f32b8a4",
|
||||
"sha256:831e648102c82f152e14c1a0938689dbb22480c548c8d4b8b248b3e50967b88c",
|
||||
"sha256:93689632949aff41199090eff5474f3990b6823404e45d66a5d44304e9cdc467",
|
||||
"sha256:96b5e6874431df16aee0c1ba237574cb6dff1dcb173798faa6a9d8b399a05d0e",
|
||||
"sha256:9a54614049a18a2d6fe156e68e188da02a046a4a93cf24f373bffd977e943421",
|
||||
"sha256:a138441e95562b3c078746a22f8fca8ff1c22c014f856278bdbdd89ca36cff1b",
|
||||
"sha256:a647c0d4478b995c5e54615a2e5360ccedd2f85e70ab57fbe817ca613d5e63b8",
|
||||
"sha256:a9c9bc489f8ab30906d7a85afac4b4944a572a7432e00698a7239f44a44e6efb",
|
||||
"sha256:ad2277b185ebce47a63f4dc6302e30f05762b688f8dc3de55dbae4651872cdf3",
|
||||
"sha256:b6d5e92df2b77665e07ddb2e4dbd6d644b78e4c0d2e9272a852627cdba0d75cf",
|
||||
"sha256:bc431b065722a5ad1dfb4df354fb9333b7a582a5ee39a90e6ffff688d72f27a1",
|
||||
"sha256:bdd0de2d64688ecae88dd8935012c4a72681e5df632af903a1dca8c5e7aa871a",
|
||||
"sha256:c79698d4cd9318d9481d89a77e2d3fcaeff5486be641e60a4b49f3d2ecca4e28",
|
||||
"sha256:cb6259196a589123d755380b65127ddc60f4c64b21fc3bb46ce3a6ea663659b0",
|
||||
"sha256:d5b87da55a08acb586bad5c3aa3b86505f559b84f39035b233d5bf844b0834b1",
|
||||
"sha256:dcd7b9c7139dc8258d164b55696ecd16c04607f1cc33ba7af86613881ffe4ac8",
|
||||
"sha256:dfe4c1fedfde4e2fbc009d5ad420647f7730d719786388b7de0999bf32c0d9fd",
|
||||
"sha256:ea98f633d45f7e815db648fd7ff0f19e328302ac36427343e4432c84432e7ff4",
|
||||
"sha256:ec52c351b35ca269cb1f8069d610fc45c5bd38c3e91f9ab4cbbf0aebc136d9c8",
|
||||
"sha256:eef7592281f7c174d3d6cbfbb7ee5984a671fcd77e3fc78e973d492e9bf0eb3f",
|
||||
"sha256:f07f1f00e22b231dd3d9b9208692042e29792d6bd4f6639415d2f23158a80013",
|
||||
"sha256:f3fac744f9b540148fa7715a435d2283b71f68bfb6d4aae24482a890aed18b59",
|
||||
"sha256:fa768eff5f9f958270b081bb33581b4b569faabf8774726b283edb06617101dc",
|
||||
"sha256:fac2d65901fb0fdf20363fbd345c01958a742f2dc62a8dd4495af66e3ff502a4"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==9.1.1"
|
||||
"version": "==9.2.0"
|
||||
},
|
||||
"pycparser": {
|
||||
"hashes": [
|
||||
@ -448,11 +499,11 @@
|
||||
},
|
||||
"pymdown-extensions": {
|
||||
"hashes": [
|
||||
"sha256:1baa22a60550f731630474cad28feb0405c8101f1a7ddc3ec0ed86ee510bcc43",
|
||||
"sha256:5b7432456bf555ce2b0ab3c2439401084cda8110f24f6b3ecef952b8313dfa1b"
|
||||
"sha256:3ef2d998c0d5fa7eb09291926d90d69391283561cf6306f85cd588a5eb5befa0",
|
||||
"sha256:ec141c0f4983755349f0c8710416348d1a13753976c028186ed14f190c8061c4"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==9.4"
|
||||
"version": "==9.5"
|
||||
},
|
||||
"pyparsing": {
|
||||
"hashes": [
|
||||
@ -526,91 +577,91 @@
|
||||
},
|
||||
"regex": {
|
||||
"hashes": [
|
||||
"sha256:02543d6d5c32d361b7cc468079ba4cddaaf4a6544f655901ba1ff9d8e3f18755",
|
||||
"sha256:036d1c1fbe69eba3ee253c107e71749cdbb4776db93d674bc0d5e28f30300734",
|
||||
"sha256:071bcb625e890f28b7c4573124a6512ea65107152b1d3ca101ce33a52dad4593",
|
||||
"sha256:0f8da3145f4b72f7ce6181c804eaa44cdcea313c8998cdade3d9e20a8717a9cb",
|
||||
"sha256:0fb6cb16518ac7eff29d1e0b0cce90275dfae0f17154165491058c31d58bdd1d",
|
||||
"sha256:0fd464e547dbabf4652ca5fe9d88d75ec30182981e737c07b3410235a44b9939",
|
||||
"sha256:12af15b6edb00e425f713160cfd361126e624ec0de86e74f7cad4b97b7f169b3",
|
||||
"sha256:165cc75cfa5aa0f12adb2ac6286330e7229a06dc0e6c004ec35da682b5b89579",
|
||||
"sha256:1a07e8366115069f26822c47732122ab61598830a69f5629a37ea8881487c107",
|
||||
"sha256:1c2de7f32fa87d04d40f54bce3843af430697aba51c3a114aa62837a0772f219",
|
||||
"sha256:253f858a0255cd91a0424a4b15c2eedb12f20274f85731b0d861c8137e843065",
|
||||
"sha256:275afc7352982ee947fc88f67a034b52c78395977b5fc7c9be15f7dc95b76f06",
|
||||
"sha256:2bde99f2cdfd6db1ec7e02d68cadd384ffe7413831373ea7cc68c5415a0cb577",
|
||||
"sha256:3241db067a7f69da57fba8bca543ac8a7ca415d91e77315690202749b9fdaba1",
|
||||
"sha256:37903d5ca11fa47577e8952d2e2c6de28553b11c70defee827afb941ab2c6729",
|
||||
"sha256:3dfbadb7b74d95f72f9f9dbf9778f7de92722ab520a109ceaf7927461fa85b10",
|
||||
"sha256:3e35c50b27f36176c792738cb9b858523053bc495044d2c2b44db24376b266f1",
|
||||
"sha256:3e9e983fc8e0d4d5ded7caa5aed39ca2cf6026d7e39801ef6f0af0b1b6cd9276",
|
||||
"sha256:3f6bd8178cce5bb56336722d5569d19c50bba5915a69a2050c497fb921e7cb0f",
|
||||
"sha256:43ee0df35925ae4b0cc6ee3f60b73369e559dd2ac40945044da9394dd9d3a51d",
|
||||
"sha256:45b761406777a681db0c24686178532134c937d24448d9e085279b69e9eb7da4",
|
||||
"sha256:46cbc5b23f85e94161b093dba1b49035697cf44c7db3c930adabfc0e6d861b95",
|
||||
"sha256:4f2e2cef324ca9355049ee1e712f68e2e92716eba24275e6767b9bfa15f1f478",
|
||||
"sha256:50b77622016f03989cd06ecf6b602c7a6b4ed2e3ce04133876b041d109c934ee",
|
||||
"sha256:582ea06079a03750b5f71e20a87cd99e646d796638b5894ff85987ebf5e04924",
|
||||
"sha256:58521abdab76583bd41ef47e5e2ddd93b32501aee4ee8cee71dee10a45ba46b1",
|
||||
"sha256:5b9c7b6895a01204296e9523b3e12b43e013835a9de035a783907c2c1bc447f0",
|
||||
"sha256:6165e737acb3bea3271372e8aa5ebe7226c8a8e8da1b94af2d6547c5a09d689d",
|
||||
"sha256:66fb765b2173d90389384708e3e1d3e4be1148bd8d4d50476b1469da5a2f0229",
|
||||
"sha256:68aed3fb0c61296bd6d234f558f78c51671f79ccb069cbcd428c2eea6fee7a5b",
|
||||
"sha256:6a0ef57cccd8089b4249eebad95065390e56c04d4a92c51316eab4131bca96a9",
|
||||
"sha256:709396c0c95b95045fac89b94f997410ff39b81a09863fe21002f390d48cc7d3",
|
||||
"sha256:73ed1b06abadbf6b61f6033a07c06f36ec0ddca117e41ef2ac37056705e46458",
|
||||
"sha256:7a608022f4593fc67518c6c599ae5abdb03bb8acd75993c82cd7a4c8100eff81",
|
||||
"sha256:7c4d9770e579eb11b582b2e2fd19fa204a15cb1589ae73cd4dcbb63b64f3e828",
|
||||
"sha256:7dbc96419ef0fb6ac56626014e6d3a345aeb8b17a3df8830235a88626ffc8d84",
|
||||
"sha256:7f271d0831d8ebc56e17b37f9fa1824b0379221d1238ae77c18a6e8c47f1fdce",
|
||||
"sha256:82b7fc67e49fdce671bdbec1127189fc979badf062ce6e79dc95ef5e07a8bf92",
|
||||
"sha256:85b7ee4d0c7a46296d884f6b489af8b960c4291d76aea4b22fd4fbe05e6ec08e",
|
||||
"sha256:8b747cef8e5dcdaf394192d43a0c02f5825aeb0ecd3d43e63ae500332ab830b0",
|
||||
"sha256:8bf867ba71856414a482e4b683500f946c300c4896e472e51d3db8dfa8dc8f32",
|
||||
"sha256:8e0da7ef160d4f3eb3d4d3e39a02c3c42f7dbcfce62c81f784cc99fc7059765f",
|
||||
"sha256:8e7d33f93cdd01868327d834d0f5bb029241cd293b47d51b96814dec27fc9b4b",
|
||||
"sha256:92183e9180c392371079262879c6532ccf55f808e6900df5d9f03c9ca8807255",
|
||||
"sha256:92ad03f928675ca05b79d3b1d3dfc149e2226d57ed9d57808f82105d511d0212",
|
||||
"sha256:97af238389cb029d63d5f2d931a7e8f5954ad96e812de5faaed373b68e74df86",
|
||||
"sha256:9913bcf730eb6e9b441fb176832eea9acbebab6035542c7c89d90c803f5cd3be",
|
||||
"sha256:9dae5affbb66178dad6c6fd5b02221ca9917e016c75ee3945e9a9563eb1fbb6f",
|
||||
"sha256:a850f5f369f1e3b6239da7fb43d1d029c1e178263df671819889c47caf7e4ff3",
|
||||
"sha256:aa6daa189db9104787ff1fd7a7623ce017077aa59eaac609d0d25ba95ed251a0",
|
||||
"sha256:aabc28f7599f781ddaeac168d0b566d0db82182cc3dcf62129f0a4fc2927b811",
|
||||
"sha256:af1e687ffab18a75409e5e5d6215b6ccd41a5a1a0ea6ce9665e01253f737a0d3",
|
||||
"sha256:b1d53835922cd0f9b74b2742453a444865a70abae38d12eb41c59271da66f38d",
|
||||
"sha256:b2df3ede85d778c949d9bd2a50237072cee3df0a423c91f5514f78f8035bde87",
|
||||
"sha256:b415b82e5be7389ec5ee7ee35431e4a549ea327caacf73b697c6b3538cb5c87f",
|
||||
"sha256:b7ba3c304a4a5d8112dbd30df8b3e4ef59b4b07807957d3c410d9713abaee9a8",
|
||||
"sha256:bcc6f7a3a95119c3568c572ca167ada75f8319890706283b9ba59b3489c9bcb3",
|
||||
"sha256:be392d9cd5309509175a9d7660dc17bf57084501108dbff0c5a8bfc3646048c3",
|
||||
"sha256:bea61de0c688198e3d9479344228c7accaa22a78b58ec408e41750ebafee6c08",
|
||||
"sha256:bedb3d01ad35ea1745bdb1d57f3ee0f996f988c98f5bbae9d068c3bb3065d210",
|
||||
"sha256:c36906a7855ec33a9083608e6cd595e4729dab18aeb9aad0dd0b039240266239",
|
||||
"sha256:c4fdf837666f7793a5c3cfa2f2f39f03eb6c7e92e831bc64486c2f547580c2b3",
|
||||
"sha256:cfad3a770839aa456ff9a9aa0e253d98b628d005a3ccb37da1ff9be7c84fee16",
|
||||
"sha256:d128e278e5e554c5c022c7bed410ca851e00bacebbb4460de546a73bc53f8de4",
|
||||
"sha256:dffd9114ade73137ab2b79a8faf864683dbd2dbbb6b23a305fbbd4cbaeeb2187",
|
||||
"sha256:e2acf5c66fbb62b5fe4c40978ddebafa50818f00bf79d60569d9762f6356336e",
|
||||
"sha256:e65580ae3137bce712f505ec7c2d700aef0014a3878c4767b74aff5895fc454f",
|
||||
"sha256:e944268445b5694f5d41292c9228f0ca46d5a32a67f195d5f8547c1f1d91f4bc",
|
||||
"sha256:ed26c3d2d62c6588e0dad175b8d8cc0942a638f32d07b80f92043e5d73b7db67",
|
||||
"sha256:ed625205f5f26984382b68e4cbcbc08e6603c9e84c14b38457170b0cc71c823b",
|
||||
"sha256:f2a5d9f612091812dee18375a45d046526452142e7b78c4e21ab192db15453d5",
|
||||
"sha256:f86aef546add4ff1202e1f31e9bb54f9268f17d996b2428877283146bf9bc013",
|
||||
"sha256:f89d26e50a4c7453cb8c415acd09e72fbade2610606a9c500a1e48c43210a42d",
|
||||
"sha256:fb7107faf0168de087f62a2f2ed00f9e9da12e0b801582b516ddac236b871cda"
|
||||
"sha256:03cdd06061426378a83e8a5bdec9cc71b964c35e329f68fb7058d08791780c83",
|
||||
"sha256:03d7ff80e3a276ef460baaa745d425162c19d8ea093d60ecf47f52ffee37aea5",
|
||||
"sha256:0798f6b97c3f8139c95af7b128a60909f5305b2e431a012083063298b2481e5d",
|
||||
"sha256:1228f5a6be5b45ce7b66a69a77682632f0ce64cea1d7da505f33972e01f1f3fe",
|
||||
"sha256:14882770017436aabe4cfa2651a9777f9faa2625bc0f6cdaec362697a8a964c3",
|
||||
"sha256:15bc8cddffe3a9181572c6bcdf45b145691fff1b5712767e7d7a6ef5d32f424f",
|
||||
"sha256:1903a2a6c4463488452e953a49f7e6663cfea9ff5e75b09333cbcc840e727a5b",
|
||||
"sha256:1991348464df42a6bc04601e1241dfa4a9ec4d599338dc64760f2c299e1cb996",
|
||||
"sha256:1dee18c683a0603445ff9e77ffc39f1a3997f43ee07ae04ac80228fc5565fc4d",
|
||||
"sha256:26d6e9a6431626c20821d0165a4c4508acb20a57e4c04ee77c96f01b7fe4c09c",
|
||||
"sha256:39ed69803697f1e1e9f1fb1e0b5a8116c55c130745ecd39485cc6255d3b9f046",
|
||||
"sha256:3ef5a4ced251a501962d1c8797d15978dd97661721e337cbe88d8bcdb9cd0d56",
|
||||
"sha256:3ef700d411b900fcff91f1ef16771bf085a9f9a376d16d8a643e8a20ff6dcb7b",
|
||||
"sha256:3f3de4baf25e960a3048a6ecd0246cedcdfeb462a741d55e9a42e91add5a4a99",
|
||||
"sha256:42702dba0281bcafbcf194770ecb987d60854946071c622777e6d207b3c169bc",
|
||||
"sha256:438b36fbf9446b94325eaeeb1336e2291cd81daeef91b9c728c0946ffbc42ba4",
|
||||
"sha256:4433690ff474fd95a3058085aed5fe12ac4e09d4f4b2b983de35e3a6c899afa0",
|
||||
"sha256:454c2c81d34eb4e1d015acbca0488789c17fc84188e336365eaa31a16c964c04",
|
||||
"sha256:48018c71ce7b2fe80c1eb16b9104d7d04d07567e9333159810a4ae5ef8cdf01f",
|
||||
"sha256:4d4640ab9fd3659378eab2ee6f47c3e04b4a269bf206475652c6d8520a9301cc",
|
||||
"sha256:50497f3d8a1e8d8055c6da1768c98f5b618039e572aacdcccd642704db6077eb",
|
||||
"sha256:50dd20fd10dafd9b697f1c0629285790d86e66946caa2c6a1135f67846d9b495",
|
||||
"sha256:513be18bcf5f27076990dd111f72270d33188653e772023985be92a2c5438382",
|
||||
"sha256:535a2392a0f11f7df80f43e63a5b69c51bb29a10a690e4ae5ad721b9fe50684d",
|
||||
"sha256:55911aba9bae9ad826971d2c80428425625a3dd0c00b94e9bb19361888b983a6",
|
||||
"sha256:609a97626bf310e8cd7c79173e6ed8acab7f01ed4519b7936e998b54b3eb8d31",
|
||||
"sha256:730cc311757153d59bf2bcf06d4026e3c998c1919c06557ad0e382235049b376",
|
||||
"sha256:7378a6fba8a043b3c5fb8cf915044c814ebb2463b0a7137ec09ae0b1b10f5484",
|
||||
"sha256:750b5de7982e568c1bb60388dea1c3abd674d1d579b87ef1b945ba4da53eb5e2",
|
||||
"sha256:76696de39cbbbf976aa85cbd7b1f3ea2d98b3bc9889f6739fdb6cda85a7f05aa",
|
||||
"sha256:89f4c531409ef01aa12b7c15bb489415e219c186725d44bc12a8f279afde3fe2",
|
||||
"sha256:8d928237cf78cfe3b46b608f87e255c45a1e11d04e7dd2c49cb60200cbd6f987",
|
||||
"sha256:8e324436b7f8bbb8e7b3c4593b01d1dce7215befc83a60569ff34a38d6c250ae",
|
||||
"sha256:9163ef45bfebc39838848330cb94f79b563f738c60fc0a20a7f0a30f13ec1573",
|
||||
"sha256:91d2a85a4a134011eb517f2a752f4e488b0a4f6b6ad00ef247f9fac57f9ff4f0",
|
||||
"sha256:933752abc9931cb53eccbd4ab3aedbcd0f1797c0a1b19ed385952e265636b2b6",
|
||||
"sha256:9b8d411a547b47852020242f9c384da35d4c65ccf159ae55a3ba0e50b6220932",
|
||||
"sha256:9eec276e6419de4f93824f9373b28a2a8eaed04f28514000cc6a41b64703d804",
|
||||
"sha256:a06d6ada6bef79aaa550ef37c7d529da60b81c02838d9dd9c5ab788becfc57d4",
|
||||
"sha256:a0c38edcc78556625cbadf48eb87decd5d3c5e82fc4810dd22c19a5498d2329d",
|
||||
"sha256:a23653a18c1d69760a2d8b6793478815cf5dc8c12f3b6e608e50aed49829f0ef",
|
||||
"sha256:a2afa24d06301f4ffcb00244d30df1c12e65cabf30dcb0ba8b871d6b0c54d19e",
|
||||
"sha256:a60840ebd37fe0152b5be50b56e8a958e1430837475311986f867dabad1c7474",
|
||||
"sha256:ab950bbafafe9bf2e0a75b9f17291500fa7794f398834f1f4a71c18dddece130",
|
||||
"sha256:ae6cd6ce16681d345592d74a0a92b25a9530d4055be460af425e654d891cdee4",
|
||||
"sha256:af3d5c74af5ae5d04d597ea61e5e9e0b84e84509e58d1e52aaefbae81cb697bb",
|
||||
"sha256:b131c7c94da56f8f1c59b4540c37c20973119608ec8cf42b3ebb40a94f3afc2c",
|
||||
"sha256:b24133df3d3c57a901f6a63ba3783d6eed1d0561ed1cafd027f0789e76a10615",
|
||||
"sha256:b5f1e598b9b823fb37f2f1baf930bb5f30ae4a3d9b67dfdc63f8f2374f336679",
|
||||
"sha256:bbc0c5b350036ce49a8fd6015a29e4621de725fa99d9e985d3d76b820d44e5a9",
|
||||
"sha256:bd0883e86964cd61360ffc36dbebbc49b928e92a306f886eab02c11dfde5b7aa",
|
||||
"sha256:c942696b541ce6be4e3cc2c963b48671277b38ebd4a28af803b511b2885759b7",
|
||||
"sha256:cc018ce0f1b62df155a5b9c9a81464040a87e97fd9bd05e0febe92568c63e678",
|
||||
"sha256:ccf10d7d0f25a3c5e123c97ffbab8d4b1429a3c25fbd50812010075bd5d844fd",
|
||||
"sha256:d3ce546e54cfafa9dee60b11b7f99b87058d81ab62bd05e366fc5bf6b2c1383a",
|
||||
"sha256:dc49d9c6289df4c7895c85094872ef98ce7f609ba0ecbeb77acdd7f8362cda7d",
|
||||
"sha256:dd0b115c4fab388b1131c89518cdd98db38d88c55cedfffc71de33c92eeee9c6",
|
||||
"sha256:e0c12e5c14eeb5e484c688f2db57ca4a8182d09b40ab69f73147dc32bcdf849d",
|
||||
"sha256:e19695f7b8de8a3b7d940288abedf48dfcfc0cd8d36f360e5b1bc5e1c3f02a72",
|
||||
"sha256:e1b83baa19355c8dd0ec23e725f18450be01bc464ba1f1865cfada03594fa629",
|
||||
"sha256:e2c8f542c5afd36e60237dbbabc95722135047d4c2844b9c4bff74c7177a50a1",
|
||||
"sha256:e4a72f70ad7aa3df8244da55cf21e28b6f0640a8d8e0065dfa7ec477dd2b4ea4",
|
||||
"sha256:ea9f01224c25101c5f2c6dceebd29d1431525637d596241935640e4de0fbb822",
|
||||
"sha256:ed42feff196aaf262db1878d5ac553a3bcef147caf1362e7095f1115b71ae0e1",
|
||||
"sha256:f049a9fdacdbc4e84afcec7a3b14a8309699a7347c95a525d49c4b9a9c353cee",
|
||||
"sha256:f7329e66c6bd9950eb428f225db3982e5f54e53d3d95951da424dce9aa621eae",
|
||||
"sha256:f755fba215ddafa26211e33ac91b48dcebf84ff28590790e5b7711b46fa4095d",
|
||||
"sha256:f86be4e30cf2ffcd67845251c8549d70740cd6eec77bd38d977c4c0640eefc24",
|
||||
"sha256:f898bf0a9613cc8b7f7af6fdcd80cc8e7659787908834c63391f22271fdb1c14",
|
||||
"sha256:fac0dd2f11a165a79e271a04226378a008c83368031c6a9294a6df9cd1c13c05",
|
||||
"sha256:fbbf9858a3043f632c9da2a82e4ce895016dfb401f59ab110900121121ee73b7",
|
||||
"sha256:fddd2ef742f05a18fde1d1c74df12fa6f426945cfb6fefba3fa1c5380e2dd2bf",
|
||||
"sha256:fddd7ddd520661085ffd91f1db74b18e4cf5ed9b6e939aa7d31ca1ea67bc7621",
|
||||
"sha256:ff0e0c3a48c635529a1723d2fea9326da1dacdba5db20be1a4eeaf56580e3949"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2022.4.24"
|
||||
"version": "==2022.7.25"
|
||||
},
|
||||
"requests": {
|
||||
"hashes": [
|
||||
"sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61",
|
||||
"sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d"
|
||||
"sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983",
|
||||
"sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349"
|
||||
],
|
||||
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
|
||||
"version": "==2.27.1"
|
||||
"markers": "python_version >= '3.7' and python_version < '4'",
|
||||
"version": "==2.28.1"
|
||||
},
|
||||
"six": {
|
||||
"hashes": [
|
||||
@ -638,50 +689,50 @@
|
||||
},
|
||||
"typing-extensions": {
|
||||
"hashes": [
|
||||
"sha256:6657594ee297170d19f67d55c05852a874e7eb634f4f753dbd667855e07c1708",
|
||||
"sha256:f1c24655a0da0d1b67f07e17a5e6b2a105894e6824b92096378bb3668ef02376"
|
||||
"sha256:25642c956049920a5aa49edcdd6ab1e06d7e5d467fc00e0506c44ac86fbfca02",
|
||||
"sha256:e6d2677a32f47fc7eb2795db1dd15c1f34eff616bcaf2cfb5e997f854fa1c4a6"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==4.2.0"
|
||||
"version": "==4.3.0"
|
||||
},
|
||||
"urllib3": {
|
||||
"hashes": [
|
||||
"sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14",
|
||||
"sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"
|
||||
"sha256:c33ccba33c819596124764c23a97d25f32b28433ba0dedeb77d873a38722c9bc",
|
||||
"sha256:ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a"
|
||||
],
|
||||
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
|
||||
"version": "==1.26.9"
|
||||
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' and python_version < '4'",
|
||||
"version": "==1.26.11"
|
||||
},
|
||||
"watchdog": {
|
||||
"hashes": [
|
||||
"sha256:036ed15f7cd656351bf4e17244447be0a09a61aaa92014332d50719fc5973bc0",
|
||||
"sha256:0c520009b8cce79099237d810aaa19bc920941c268578436b62013b2f0102320",
|
||||
"sha256:0fb60c7d31474b21acba54079ce9ff0136411183e9a591369417cddb1d7d00d7",
|
||||
"sha256:156ec3a94695ea68cfb83454b98754af6e276031ba1ae7ae724dc6bf8973b92a",
|
||||
"sha256:1ae17b6be788fb8e4d8753d8d599de948f0275a232416e16436363c682c6f850",
|
||||
"sha256:1e5d0fdfaa265c29dc12621913a76ae99656cf7587d03950dfeb3595e5a26102",
|
||||
"sha256:24dedcc3ce75e150f2a1d704661f6879764461a481ba15a57dc80543de46021c",
|
||||
"sha256:2962628a8777650703e8f6f2593065884c602df7bae95759b2df267bd89b2ef5",
|
||||
"sha256:47598fe6713fc1fee86b1ca85c9cbe77e9b72d002d6adeab9c3b608f8a5ead10",
|
||||
"sha256:4978db33fc0934c92013ee163a9db158ec216099b69fce5aec790aba704da412",
|
||||
"sha256:5e2e51c53666850c3ecffe9d265fc5d7351db644de17b15e9c685dd3cdcd6f97",
|
||||
"sha256:676263bee67b165f16b05abc52acc7a94feac5b5ab2449b491f1a97638a79277",
|
||||
"sha256:68dbe75e0fa1ba4d73ab3f8e67b21770fbed0651d32ce515cd38919a26873266",
|
||||
"sha256:6d03149126864abd32715d4e9267d2754cede25a69052901399356ad3bc5ecff",
|
||||
"sha256:6ddf67bc9f413791072e3afb466e46cc72c6799ba73dea18439b412e8f2e3257",
|
||||
"sha256:746e4c197ec1083581bb1f64d07d1136accf03437badb5ff8fcb862565c193b2",
|
||||
"sha256:7721ac736170b191c50806f43357407138c6748e4eb3e69b071397f7f7aaeedd",
|
||||
"sha256:88ef3e8640ef0a64b7ad7394b0f23384f58ac19dd759da7eaa9bc04b2898943f",
|
||||
"sha256:aa68d2d9a89d686fae99d28a6edf3b18595e78f5adf4f5c18fbfda549ac0f20c",
|
||||
"sha256:b962de4d7d92ff78fb2dbc6a0cb292a679dea879a0eb5568911484d56545b153",
|
||||
"sha256:ce7376aed3da5fd777483fe5ebc8475a440c6d18f23998024f832134b2938e7b",
|
||||
"sha256:ddde157dc1447d8130cb5b8df102fad845916fe4335e3d3c3f44c16565becbb7",
|
||||
"sha256:efcc8cbc1b43902571b3dce7ef53003f5b97fe4f275fe0489565fc6e2ebe3314",
|
||||
"sha256:f9ee4c6bf3a1b2ed6be90a2d78f3f4bbd8105b6390c04a86eb48ed67bbfa0b0b",
|
||||
"sha256:fed4de6e45a4f16e4046ea00917b4fe1700b97244e5d114f594b4a1b9de6bed8"
|
||||
"sha256:083171652584e1b8829581f965b9b7723ca5f9a2cd7e20271edf264cfd7c1412",
|
||||
"sha256:117ffc6ec261639a0209a3252546b12800670d4bf5f84fbd355957a0595fe654",
|
||||
"sha256:186f6c55abc5e03872ae14c2f294a153ec7292f807af99f57611acc8caa75306",
|
||||
"sha256:195fc70c6e41237362ba720e9aaf394f8178bfc7fa68207f112d108edef1af33",
|
||||
"sha256:226b3c6c468ce72051a4c15a4cc2ef317c32590d82ba0b330403cafd98a62cfd",
|
||||
"sha256:247dcf1df956daa24828bfea5a138d0e7a7c98b1a47cf1fa5b0c3c16241fcbb7",
|
||||
"sha256:255bb5758f7e89b1a13c05a5bceccec2219f8995a3a4c4d6968fe1de6a3b2892",
|
||||
"sha256:43ce20ebb36a51f21fa376f76d1d4692452b2527ccd601950d69ed36b9e21609",
|
||||
"sha256:4f4e1c4aa54fb86316a62a87b3378c025e228178d55481d30d857c6c438897d6",
|
||||
"sha256:5952135968519e2447a01875a6f5fc8c03190b24d14ee52b0f4b1682259520b1",
|
||||
"sha256:64a27aed691408a6abd83394b38503e8176f69031ca25d64131d8d640a307591",
|
||||
"sha256:6b17d302850c8d412784d9246cfe8d7e3af6bcd45f958abb2d08a6f8bedf695d",
|
||||
"sha256:70af927aa1613ded6a68089a9262a009fbdf819f46d09c1a908d4b36e1ba2b2d",
|
||||
"sha256:7a833211f49143c3d336729b0020ffd1274078e94b0ae42e22f596999f50279c",
|
||||
"sha256:8250546a98388cbc00c3ee3cc5cf96799b5a595270dfcfa855491a64b86ef8c3",
|
||||
"sha256:97f9752208f5154e9e7b76acc8c4f5a58801b338de2af14e7e181ee3b28a5d39",
|
||||
"sha256:9f05a5f7c12452f6a27203f76779ae3f46fa30f1dd833037ea8cbc2887c60213",
|
||||
"sha256:a735a990a1095f75ca4f36ea2ef2752c99e6ee997c46b0de507ba40a09bf7330",
|
||||
"sha256:ad576a565260d8f99d97f2e64b0f97a48228317095908568a9d5c786c829d428",
|
||||
"sha256:b530ae007a5f5d50b7fbba96634c7ee21abec70dc3e7f0233339c81943848dc1",
|
||||
"sha256:bfc4d351e6348d6ec51df007432e6fe80adb53fd41183716017026af03427846",
|
||||
"sha256:d3dda00aca282b26194bdd0adec21e4c21e916956d972369359ba63ade616153",
|
||||
"sha256:d9820fe47c20c13e3c9dd544d3706a2a26c02b2b43c993b62fcd8011bcc0adb3",
|
||||
"sha256:ed80a1628cee19f5cfc6bb74e173f1b4189eb532e705e2a13e3250312a62e0c9",
|
||||
"sha256:ee3e38a6cc050a8830089f79cbec8a3878ec2fe5160cdb2dc8ccb6def8552658"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2.1.8"
|
||||
"version": "==2.1.9"
|
||||
},
|
||||
"webencodings": {
|
||||
"hashes": [
|
||||
@ -692,11 +743,11 @@
|
||||
},
|
||||
"zipp": {
|
||||
"hashes": [
|
||||
"sha256:56bf8aadb83c24db6c4b577e13de374ccfb67da2078beba1d037c17980bf43ad",
|
||||
"sha256:c4f6e5bbf48e74f7a38e7cc5b0480ff42b0ae5178957d564d18932525d5cf099"
|
||||
"sha256:05b45f1ee8f807d0cc928485ca40a07cb491cf092ff587c0df9cb1fd154848d2",
|
||||
"sha256:47c40d7fe183a6f21403a199b3e4192cca5774656965b0a4988ad2f8feb5f009"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==3.8.0"
|
||||
"version": "==3.8.1"
|
||||
}
|
||||
},
|
||||
"develop": {
|
||||
|
||||
22
README.md
22
README.md
@ -58,6 +58,14 @@ Our current list of team members can be found [here](https://github.com/orgs/pri
|
||||
- Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
|
||||
- View some contribution tips on our [contributor's wiki](https://github.com/privacyguides/privacyguides.org/wiki)
|
||||
|
||||
### Blog
|
||||
|
||||
We aspire to publish the best articles about privacy on the net. From hot-takes to long-form essays, we are looking for stylish and well-written pieces.
|
||||
|
||||
This not a place for sponsored content or SEO-obsessed posts. Please do **not** pitch us this, as we don't take kindly to it and your email will be blocked. *Caveat scriptor.*
|
||||
|
||||
Submit stories or requests to: `freddy@privacyguides.org`
|
||||
|
||||
## Mirrors
|
||||
|
||||
[](https://github.com/privacyguides/privacyguides.org)
|
||||
@ -74,7 +82,7 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
|
||||
- `git submodule init`
|
||||
- `git submodule update docs/assets/brand`
|
||||
2. Install [Python 3.6+](https://www.python.org/downloads/)
|
||||
3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n mkdocs-git-revision-date-localized-plugin mkdocs-minify-plugin mkdocs-rss-plugin typing-extensions`
|
||||
3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n typing-extensions`
|
||||
4. Serve the site locally: `mkdocs serve`
|
||||
- The site will be available at `http://localhost:8000`
|
||||
- You can build the site locally with `mkdocs build`
|
||||
@ -83,10 +91,10 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
|
||||
**Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
|
||||
|
||||
1. Clone this repository and submodules: `git clone --recurse-submodules https://github.com/privacyguides/privacyguides.org.git`
|
||||
2. Install [Python 3.6+](https://www.python.org/downloads/)
|
||||
2. Install Python **3.7**
|
||||
3. Install **pipenv**: `pip install pipenv`
|
||||
4. Install dependencies: `pipenv install --dev`
|
||||
5. Serve the site locally: `pipenv run mkdocs serve`
|
||||
5. Serve the site locally: `pipenv run mkdocs serve --config-file mkdocs.production.yml`
|
||||
- The site will be available at `http://localhost:8000`
|
||||
- You can build the site locally with `pipenv run mkdocs build`
|
||||
- This version of the site should be identical to the live, production version
|
||||
@ -95,12 +103,12 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
|
||||
|
||||
1. Create a new tag: `git tag -s v2.X.X -m 'Some message'`
|
||||
- [View existing tags](https://github.com/privacyguides/privacyguides.org/tags)
|
||||
- Tag [numbering](https://semver.org/): Increment the MINOR (2nd) number when making significant changes (adding/deleting pages, etc.), increment the PATCH (3rd) number when making minor changes (typos, bug fixes). Probably leave the MAJOR number at 2 until a massive redesign (v1 -> v2 was the Jekyll to MkDocs transition).
|
||||
- Tag [numbering](https://semver.org/): Increment the MINOR (2nd) number when making significant changes (adding/deleting pages, etc.), increment the PATCH (3rd) number when making minor changes (typos, bug fixes). Probably leave the MAJOR number at 2 until a massive revamp (v1 -> v2 was the Jekyll to MkDocs transition).
|
||||
2. Push the tag to GitHub: `git push --tags`
|
||||
3. [Create a new release](https://github.com/privacyguides/privacyguides.org/releases/new) selecting the new tag
|
||||
- Title the release the same as the tag version number without the `v`, i.e. `2.X.X`
|
||||
- For more significant releases, add a **short** title, for example [2.3.0 - Localization Support](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) or [2.2.0 - Removing Social Networks](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.2.0)
|
||||
- Title the release the same as the tag version number, i.e. `v2.X.X`
|
||||
- For more significant releases, add a **short** title, for example [v2.3.0 - Localization Support](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) or [v2.2.0 - Removing Social Networks](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.2.0)
|
||||
- GitHub should let you auto-generate release notes based on PR titles
|
||||
- Mark more significant changes in bold, see [2.3.0](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) for example
|
||||
- Mark more significant changes in bold, see [v2.12.0](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.12.0) for example
|
||||
4. Publish release, it will be deployed to the live site automatically
|
||||
- When publishing more significant releases (generally any with a MINOR version increment) check the "Create a discussion for this release" box to post an announcement
|
||||
|
||||
@ -34,5 +34,3 @@ Physical destruction may be necessary to securely erase devices such as memory c
|
||||
Securely shredding **individual files** is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, [wear leveling](https://en.wikipedia.org/wiki/Wear_leveling) (on modern [flash storage](https://en.wikipedia.org/wiki/Solid-state_drive)), caching and filesystem [journaling](https://en.wikipedia.org/wiki/Journaling_file_system).
|
||||
|
||||
Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, so shredding may not provide adequate security.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -78,7 +78,7 @@ Shortcuts is quite intuitive to work with, so if you don't like the behavior dem
|
||||
|
||||
[Shortcuts](https://support.apple.com/guide/shortcuts/welcome/ios) can be made accessible through the system Share Sheet, making accessing those shortcuts very convenient. This guide will show you how to build a metadata removal shortcut and integrate it into the system *Share Sheet*.
|
||||
|
||||
!!! attention
|
||||
!!! warning
|
||||
This method of metadata removal is not as comprehensive at removing metadata as utilities like [ExifTool](../metadata-removal-tools.md#exiftool) and [mat2](../metadata-removal-tools.md#mat2) are.
|
||||
|
||||
The lack of *good* metadata removal apps on the App Store is what makes this solution worthwhile.
|
||||
@ -160,5 +160,3 @@ Windows allows you to place files in a **SendTo** folder which then appear in th
|
||||
### Using the shortcut
|
||||
|
||||
1. Right click a supported file and choose **ExifTool.bat** within the *Send to* context menu.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
258
docs/advanced/signal-configuration-hardening.en.md
Normal file
258
docs/advanced/signal-configuration-hardening.en.md
Normal file
@ -0,0 +1,258 @@
|
||||
---
|
||||
title: "Signal Configuration and Hardening"
|
||||
icon: 'material/chat-processing'
|
||||
---
|
||||
|
||||
[Signal](../real-time-communication.md#signal) is a widely regarded instant messaging service that is not only easy to use but is also private and secure. Signal's strong E2EE implementation and metadata protections provide a level of assurance that only you and your intended recipients are able to read communications.
|
||||
|
||||
This guide details actions you can take to configure and harden Signal in accordance with your [threat model](../basics/threat-modeling.md).
|
||||
|
||||
## Signal Configuration
|
||||
|
||||
### Signal PIN
|
||||
|
||||
When you register for Signal with your phone number, you will be asked to set up a Signal PIN. This PIN can be used to recover your profile, settings, contacts and who you've blocked in case you ever lose or switch devices.
|
||||
|
||||
Additionally, your Signal PIN can also double as a registration lock that prevents others from registering with your number.
|
||||
|
||||
!!! attention "Registration Lock"
|
||||
|
||||
The server will not enforce the registration lock after 7 days of inactivity. After that, someone will be able to reset the PIN at registration and register with your phone number. This will wipe the data stored in your Signal account, as it is encrypted by the PIN, but it won't prevent someone from registering with your number provided that they can receive a text on it.
|
||||
|
||||
If you haven't set up a Signal PIN, or have previously opted out of setting one up, follow these steps on Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Account** > **Signal PIN**
|
||||
- Select **Create new PIN**
|
||||
|
||||
Signal will prompt you to enter a PIN. We suggest using a strong alphanumeric PIN that can be stored in a [password manager](../passwords.md).
|
||||
|
||||
Once you have done that, or if you already have set up a PIN, make sure that **Registration Lock** is also enabled.
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Account** > **Signal PIN**
|
||||
- [x] Turn on **Registration Lock**
|
||||
|
||||
!!! Important
|
||||
|
||||
If you forget the PIN and have enabled a registration lock, you may be locked out of your account for up to 7 days.
|
||||
|
||||
You can learn more about Signal PIN on [Signal's website](https://support.signal.org/hc/en-us/articles/360007059792-Signal-PIN).
|
||||
|
||||
### Safety Numbers
|
||||
|
||||
Safety numbers are a feature in Signal that allows you to ensure that messages are delivered securely between verified devices.
|
||||
|
||||
It is best practice to always compare safety numbers with your contacts. This can be done in a couple of ways:
|
||||
|
||||
- Scanning your contact's QR code while viewing their safety number.
|
||||
- Comparing the safety numbers on both ends, be it visually or audibly.
|
||||
|
||||
!!! Important
|
||||
|
||||
In order for safety numbers to also verify that the intended recipient has access to the device you're verifying, you need a secondary communication channel where you can authenticate the person that is holding the device. For example, an in-person meeting or during a video call.
|
||||
|
||||
To view the safety number for a particular contact, you need to follow these steps within Signal:
|
||||
|
||||
- Go to a chat with a contact.
|
||||
- Select the chat header or :material-dots-vertical: > **View Safety Number**
|
||||
|
||||
Once you've compared the safety numbers on both devices, you can mark that contact as **Verified**.
|
||||
|
||||
A checkmark will appear in the chat header by your contact's name when the safety number is marked as verified. It will remain verified unless the safety number changes or you manually change the verification status.
|
||||
|
||||
After doing that, any time the safety number changes, you'll be notified.
|
||||
|
||||
If the safety number with one of your contacts changes, we recommend asking the contact what happened (if they switched to a new device or re-installed Signal, for example) and verify the safety numbers again.
|
||||
|
||||
For more demanding threat models, you should agree on a protocol with your contacts in advance on what to do in case the safety number ever changes.
|
||||
|
||||
You can learn more about safety numbers on [Signal's website](https://support.signal.org/hc/en-us/articles/360007060632-What-is-a-safety-number-and-why-do-I-see-that-it-changed-).
|
||||
|
||||
### Disappearing Messages
|
||||
|
||||
While communication in Signal is E2EE, the messages are still available on the devices, unless they are manually deleted.
|
||||
|
||||
It is good practice to set up disappearing messages in Signal's settings so that any chats you start will disappear after a specified amount of time has passed.
|
||||
|
||||
On Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- Under **Disappearing messages**, select **Default timer for new chats**
|
||||
- Select the desired amount of time and select **Save**
|
||||
|
||||
!!! tip "Override the global default for specific contacts"
|
||||
|
||||
- Go to a chat with a contact
|
||||
- Select :material-dots-vertical: on the top right
|
||||
- Select **Disappearing messages**
|
||||
- Select the desired amount of time and select **Save**
|
||||
|
||||
We recommend setting up a reasonable timer by default, such as one week, and adjusting it per contact as you see fit.
|
||||
|
||||
!!! tip "Snapchat-like Functionality"
|
||||
|
||||
Signal allows you to send "view-once" media that are automatically removed from the conversation after they have been viewed.
|
||||
|
||||
### Disable Link Previews
|
||||
|
||||
Signal offers the ability to retrieve previews of webpages linked within a conversation.
|
||||
|
||||
This means that when you send a link, a request will be sent to that website so that a preview of the website can be displayed alongside the link. Thus, we recommend disabling link previews.
|
||||
|
||||
Your recipient doesn't make any requests unless they open the link on their end.
|
||||
|
||||
On Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Chats**
|
||||
- [ ] Turn off **Generate link previews**
|
||||
|
||||
### Screen Security
|
||||
|
||||
Signal allows you to prevent a preview of the app being shown (i.e., in the app switcher) unless you explicitly open it.
|
||||
|
||||
On Android:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- [x] Turn on **Screen Security**
|
||||
|
||||
On iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- [x] Turn on **Hide Screen in App Switcher**
|
||||
|
||||
### Screen Lock
|
||||
|
||||
If someone gets a hold of your device while it is unlocked, you run the risk of them being able to open the Signal app and look at your conversations.
|
||||
|
||||
To mitigate this, you can leverage the Screen Lock option to require additional authentication before Signal can be accessed.
|
||||
|
||||
On Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- [x] Turn on **Screen Lock**
|
||||
|
||||
### Notification Privacy
|
||||
|
||||
Even when your phone is locked, anyone who can lay eyes on the device can read messages and sender names from your lock screen.
|
||||
|
||||
On Signal, you have the ability to hide message content and sender name, or just the message content itself.
|
||||
|
||||
On Android:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Notifications**
|
||||
- Select **Show**
|
||||
- Select **No name or message** or **Name only** respectively.
|
||||
|
||||
On iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Notifications**
|
||||
- Select **Show**
|
||||
- Select **No name or Content** or **Name Only** respectively.
|
||||
|
||||
### Call Relaying
|
||||
|
||||
Signal allows you to relay all calls (including video calls) through the Signal server to avoid revealing your IP address to your contact. This may reduce call quality.
|
||||
|
||||
On Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy** > **Advanced**
|
||||
- [x] Turn on **Always Relay Calls**
|
||||
|
||||
For incoming calls from people who are not in your Contacts app, the call will be relayed through the Signal server regardless of how you've set it up.
|
||||
|
||||
### Proxy Support
|
||||
|
||||
If Signal is blocked in your country, Signal allows you to set up a proxy to bypass it.
|
||||
|
||||
!!! Warning
|
||||
|
||||
All traffic remains opaque to the proxy operator. However, the censoring party could learn that you are using Signal through a proxy because the app [fails to route all the IP connections to the proxy](https://community.signalusers.org/t/traffic-not-routed-to-tls-proxies-can-expose-users-to-censors/27479).
|
||||
|
||||
You can learn more about Signal's proxy support on their [website](https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support).
|
||||
|
||||
### Keep Your Signal Call History off iCloud (iOS only)
|
||||
|
||||
Signal allows you to see your call history from your regular phone app. This allows your iOS device to sync your call history with iCloud, including who you spoke to, when, and for how long.
|
||||
|
||||
If you use iCloud and you don’t want to share call history on Signal, confirm it’s turned off:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- [ ] Turn off **Show Calls in Recents**
|
||||
|
||||
## Signal Hardening
|
||||
|
||||
### Avoid Linking Your Signal Account to a Desktop Device
|
||||
|
||||
While it may be tempting to link your Signal account to your desktop device for convenience, keep in mind that this extends your trust to an additional and potentially less secure operating system.
|
||||
|
||||
If your threat model calls for it, avoid linking your Signal account to a desktop device to reduce your attack surface.
|
||||
|
||||
### Endpoint Security
|
||||
|
||||
Signal takes security very seriously, however there is only so much an app can do to protect you.
|
||||
|
||||
It is very important to take device security on both ends into account to ensure that your conversations are kept private.
|
||||
|
||||
We recommend an up-to-date [GrapheneOS](/android/#grapheneos) or iOS device.
|
||||
|
||||
### Hardening Signal with Molly on Android
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Molly** is a security-focused [Signal](../real-time-communication/#signal) fork that aims to provide extensive hardening and anti-forensic features to people who use Signal.
|
||||
|
||||
[:octicons-home-16: Homepage](https://molly.im/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:pg-f-droid: F-Droid](https://molly.im/download/fdroid/)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/mollyim/mollyim-android/releases)
|
||||
|
||||
Molly offers two variants of the app: **Molly** and **Molly-FOSS**.
|
||||
|
||||
The former is identical to Signal with the addition of Molly's improvements and security features. The latter, Molly-FOSS, removes Google's proprietary code, which is used for some key features (e.g., [FCM](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) and Google Maps integration), in an effort to make it fully open-source.
|
||||
|
||||
A comparison of the two versions is available in the [project's repository](https://github.com/mollyim/mollyim-android#readme).
|
||||
|
||||
Both versions of Molly support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
|
||||
|
||||
#### Features
|
||||
|
||||
Molly has implemented database encryption at rest, which means that you can encrypt the app's database with a passphrase to ensure that none of its data is accessible without it.
|
||||
|
||||
!!! note
|
||||
|
||||
As long as Molly is locked, you will not receive notifications for any incoming messages or calls until you unlock it again.
|
||||
|
||||
Once enabled, a configurable lock timer can be set, after which point Molly will lock itself if you haven't unlocked your device for that specific time period. Alternatively, you can manually lock the app whenever you want.
|
||||
|
||||
For the database encryption feature to be useful, two conditions must be met:
|
||||
|
||||
1. Molly has to be locked at the time an attacker gains access to the device. This can include a physical attack in which the attacker seizes your device and manages to unlock the device itself, or a remote attack, in which the device is compromised and manages to elevate privileges to root.
|
||||
1. If you become aware that your device has been compromised, you should not unlock Molly's database.
|
||||
|
||||
If both of the above conditions are met, the data within Molly is safe as long as the passphrase is not accessible to the attacker.
|
||||
|
||||
To supplement the database encryption feature, Molly securely wipes your device's RAM once the database is locked to defend against forensic analysis.
|
||||
|
||||
While Molly is running, your data is kept in RAM. When any app closes, its data remains in RAM until another app takes the same physical memory pages. That can take seconds or days, depending on many factors. To prevent anyone from dumping the RAM to disk and extracting your data after Molly is locked, the app overrides all free RAM memory with random data when you lock the database.
|
||||
|
||||
There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or Tor (via [Orbot](/android/#orbot)). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
|
||||
|
||||
Signal adds everyone who you have communicated with to its database. Molly allows you to delete those contacts and stop sharing your profile with them.
|
||||
|
||||
To supplement the feature above, as well as for additional security and to fight spam, Molly offers the ability to block unknown contacts that you've never been in contact with or those that are not in your contact list without you having to manually block them.
|
||||
|
||||
You can find a full list of Molly's [features](https://github.com/mollyim/mollyim-android#features) on the project's repository.
|
||||
|
||||
#### Caveats
|
||||
|
||||
- Molly does not support SMS messages within the app, unlike the official Signal app.
|
||||
- Molly removes Signal's Mobilecoin integration.
|
||||
- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, that are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
|
||||
- By using Molly, you are extending your trust to another party, as you now need to trust the Signal team, as well as the Molly team.
|
||||
@ -6,7 +6,7 @@ icon: 'fontawesome/brands/android'
|
||||
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. We also have additional Android-related information:
|
||||
|
||||
- [General Android Overview and Recommendations :hero-arrow-circle-right-fill:](android/overview.md)
|
||||
- [GrapheneOS vs CalyxOS Comparison :hero-arrow-circle-right-fill:](android/grapheneos-vs-calyxos.md)
|
||||
- [Why we recommend GrapheneOS over CalyxOS :hero-arrow-circle-right-fill:](android/grapheneos-vs-calyxos.md)
|
||||
|
||||
## AOSP Derivatives
|
||||
|
||||
@ -65,26 +65,6 @@ DivestOS implements some system hardening patches originally developed for Graph
|
||||
|
||||
Not all of the supported devices have verified boot, and some perform it better than others.
|
||||
|
||||
### CalyxOS
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**CalyxOS** is a system with some privacy features on top of AOSP, including [Datura](https://calyxos.org/docs/tech/datura-details) firewall, [Signal](https://signal.org) integration in the dialer app, and a built in panic button. CalyxOS also comes with firmware updates and signed builds, so verified boot is fully supported.
|
||||
|
||||
We only recommend CalyxOS as a harm reduction measure for the OnePlus 8T, OnePlus 9, and especially the Fairphone 4 if you need microG.
|
||||
|
||||
[:octicons-home-16: Homepage](https://calyxos.org/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://calyxinstitute.org/legal/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://calyxos.org/docs/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/CalyxOS){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://members.calyxinstitute.org/donate){ .card-link title=Contribute }
|
||||
|
||||
CalyxOS optionally includes [microG](https://microg.org/), a partially open-source reimplementation of Play Services which provides broader app compatibility. It also bundles in alternate location services: [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu).
|
||||
|
||||
CalyxOS [supports](https://calyxos.org/docs/guide/device-support/) Google Pixel phones, the OnePlus 8T/9/9 Pro and the Fairphone 4.
|
||||
|
||||
## Android Devices
|
||||
|
||||
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
|
||||
@ -126,30 +106,6 @@ A few more tips for purchasing a Google Pixel:
|
||||
- Look at online community bargain sites in your country. These can alert you to good sales.
|
||||
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date }-\text{ Current Date}$, meaning that the longer use of the device the lower cost per day.
|
||||
|
||||
### Other Devices
|
||||
|
||||
The following OEMs are only mentioned as they have phones compatible with the operating systems recommended by us. If you are purchasing a new device, we only recommend purchasing a Google Pixel.
|
||||
|
||||
#### OnePlus
|
||||
|
||||
If you are unable to obtain a Google Pixel, recent OnePlus devices are the next best option if you want to run a custom OS without privileged Play Services. OnePlus 8 and later devices will receive 4 years of security updates from their initial launch date. CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **OnePlus 8T** and **9**.
|
||||
|
||||
DivestOS has support for most OnePlus devices up to the **OnePlus 9 Pro**, with varying levels of support.
|
||||
|
||||
#### Fairphone
|
||||
|
||||
!!! danger
|
||||
|
||||
The Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
|
||||
|
||||
This problem is somewhat mitigated when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system keys, however a vulnerability in CalyxOS or DivestOS's recovery environments could still potentially allow an attacker to bypass AVB.
|
||||
|
||||
**To reiterate, you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.**
|
||||
|
||||
CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **Fairphone 4**. DivestOS has builds available for the **Fairphone 3**.
|
||||
|
||||
Fairphone markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
|
||||
|
||||
## General Apps
|
||||
|
||||
### Orbot
|
||||
@ -401,5 +357,3 @@ If you download APK files to install manually, you can verify their signature wi
|
||||
Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
|
||||
Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -1,12 +1,15 @@
|
||||
---
|
||||
title: "GrapheneOS vs CalyxOS"
|
||||
title: "Why we recommend GrapheneOS over CalyxOS"
|
||||
icon: 'material/cellphone-cog'
|
||||
---
|
||||
|
||||
GrapheneOS and CalyxOS are commonly compared as similar options for people looking for an alternative Android OS for their Pixel devices. Below are some of the reasons why we recommend GrapheneOS over CalyxOS.
|
||||
|
||||
## Profiles
|
||||
|
||||
CalyxOS includes a device controller app so there is no need to install a third-party app like Shelter.
|
||||
|
||||
GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. There are plans to add a [cross profile notifications system](https://github.com/GrapheneOS/os-issue-tracker/issues/88) in the future. GrapheneOS plans to introduce nested profile support with better isolation in the future.
|
||||
GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. GrapheneOS also provides [cross-profile notification forwarding](https://grapheneos.org/features#notification-forwarding). GrapheneOS plans to introduce nested profile support with better isolation in the future.
|
||||
|
||||
## Sandboxed Google Play vs Privileged microG
|
||||
|
||||
@ -22,9 +25,11 @@ Local RF location backends like DejaVu require that the phone has a working GPS
|
||||
|
||||
If your threat model requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Play Services.
|
||||
|
||||
In terms of application compatibility, Sandboxed Google Play on GrapheneOS outperforms microG on CalyxOS due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
|
||||
In terms of application compatibility, Sandboxed Google Play on GrapheneOS is always going to be more compatible as it is the same code as what is released by Google. microG is a reimplementation of these services. As a result of that it only supports the various parts that have been reimplemented, meaning some things such as [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html) are not yet supported.
|
||||
|
||||
[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged `untrusted app` SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
|
||||
Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
|
||||
|
||||
[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged [`untrusted app`](https://source.android.com/security/selinux/concepts) SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
|
||||
|
||||
## Privileged eSIM Activation Application
|
||||
|
||||
@ -32,7 +37,7 @@ Currently, eSIM activation is tied to a privileged proprietary application by Go
|
||||
|
||||
On GrapheneOS, the app comes disabled and can be *optionally* enabled by the user after they have installed Sandboxed Play Services.
|
||||
|
||||
On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This is particularly problematic, as it means Google still has access to the user's hardware identifiers regardless of whether they even need the eSIM activation or not, and can access them persistently.
|
||||
On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This means Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and can be accessed persistently.
|
||||
|
||||
## Privileged App Extensions
|
||||
|
||||
|
||||
@ -34,6 +34,8 @@ Verified Boot ensures the integrity of the operating system files, thereby preve
|
||||
|
||||
Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
|
||||
|
||||
Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
|
||||
|
||||
## Firmware Updates
|
||||
|
||||
Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
|
||||
@ -42,16 +44,21 @@ As the components of the phone, such as the processor and radio technologies rel
|
||||
|
||||
EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
|
||||
|
||||
Fairphone, for example, markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
|
||||
|
||||
## Android Versions
|
||||
|
||||
It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
|
||||
|
||||
## Android Permissions
|
||||
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. The savings you make from not purchasing or subscribing to security apps is better spent on paying for a supported device in the future.
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
|
||||
|
||||
Should you want to run an app that you're unsure about, consider using a user or work profile.
|
||||
|
||||
## Media Access
|
||||
Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter.
|
||||
|
||||
## User Profiles
|
||||
|
||||
Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android.
|
||||
@ -70,7 +77,7 @@ This method is generally less secure than a secondary user profile; however, it
|
||||
|
||||
## VPN Killswitch
|
||||
|
||||
Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in (:gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**).
|
||||
Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
|
||||
|
||||
## Global Toggles
|
||||
|
||||
@ -122,5 +129,3 @@ You will either be given the option to delete your advertising ID or to *Opt out
|
||||
[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
|
||||
|
||||
As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
Submodule docs/assets/brand updated: 1592903b40...e598b2e81f
@ -1,2 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.43429 0 0 .43429 -102.24 -35.595)" stroke-width=".26458"><path d="m313.4 119.93c-7.7343 13.52-22.298 22.631-38.991 22.631-16.692 0-31.256-9.1114-38.991-22.631 7.7346-13.521 22.299-22.632 38.991-22.632 16.693 0 31.257 9.1115 38.991 22.632" fill="#9acc01"/><path d="m298.61 144.6-6.8334-12.569c2.364-3.4422 3.7478-7.6102 3.7478-12.101 0-11.819-9.5811-21.4-21.4-21.4-11.819 0-21.4 9.5806-21.4 21.4 0 11.819 9.5811 21.4 21.4 21.4 4.4736 0 8.6265-1.3727 12.061-3.7206l12.422 6.9937z" fill="#231f20"/><path d="m284.91 125.24c0 5.7915-4.7106 10.502-10.502 10.502-5.7915 0-10.502-4.7106-10.502-10.502v-12.917c0-0.80301 0.65352-1.456 1.4565-1.456 0.80275 0 1.456 0.65299 1.456 1.456v7.8192c0 0.4236 0.34263 0.76623 0.76702 0.76623 8e-3 0 0.0167-2e-3 0.0257-2e-3s0.0164 2e-3 0.0251 2e-3c0.4236 0 0.7665-0.34263 0.7665-0.76623v-11.856c0-0.80354 0.65299-1.4571 1.4565-1.4571s1.4565 0.65352 1.4565 1.4571v11.166c0 0.42387 0.34343 0.76624 0.76677 0.76624 0.42254 0 0.76623-0.34264 0.76623-0.76624v-13.875c0-0.80301 0.65378-1.4555 1.4563-1.4555 0.80354 0 1.4568 0.65246 1.4568 1.4555v13.773c0 0.42413 0.34317 0.76703 0.7665 0.76703 0.42307 0 0.7665-0.34317 0.7665-0.76703v-11.37c0-0.80327 0.65352-1.4565 1.4565-1.4565 0.80327 0 1.456 0.65352 1.456 1.4565v14.555c-1.7436 0.16219-5.8518 1.0464-7.543 5.7222-0.14366 0.39793 0.0622 0.83767 0.46038 0.9824 0.0857 0.031 0.1741 0.0455 0.26009 0.0455 0.31379 0 0.60748-0.19474 0.72125-0.50536 1.7732-4.903 6.6273-4.7546 6.8313-4.7464l0.80354 0.0386v-8.0939c0-0.80301 0.7112-1.4565 1.5843-1.4565 0.87392 0 1.5841 0.65352 1.5841 1.4565v9.2625zm-1.5841-12.253c-0.57864 0-1.1192 0.15557-1.5843 0.41963v-5.4277c0-1.6486-1.3409-2.9901-2.9895-2.9901-0.53314 0-1.0327 0.14261-1.4666 0.38761-0.10398-1.555-1.3991-2.789-2.98-2.789-1.6484 0-2.9893 1.3409-2.9893 2.989v0.10001c-0.4318-0.2413-0.92763-0.381-1.4565-0.381-1.6481 0-2.9893 1.3409-2.9893 2.9901v1.4594c-0.44344-0.26035-0.95752-0.41222-1.5079-0.41222-1.6486 0-2.99 1.3404-2.99 2.9893v12.917c0 6.636 5.3991 12.035 12.036 12.035 6.636 0 12.035-5.3991 12.035-12.035v-9.2631c0-1.6484-1.3981-2.9893-3.1171-2.9893" fill="#9acc01"/></g></svg>
|
||||
|
Before Width: | Height: | Size: 2.2 KiB |
@ -1,2 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.866 33.866" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(1.9999 0 0 1.9999 -.00028793 -560.11)"><g transform="matrix(.1411 0 0 .1411 -22.448 274.09)"><g transform="matrix(6.5975,0,0,6.5975,-881.57,-908.75)"><path d="m166.76 148.57v2.8e-4c-0.0731 1e-3 -0.14646 3e-3 -0.21965 6e-3 -2.0814 0.0983-3.9695 1.2488-5.0113 3.0532-0.27591 0.47789-0.47972 0.97776-0.61543 1.4866 1.8658 0.19779 3.5534 0.93382 4.9049 2.0531 2.7603 1.8081 5.5017 1.1662 7.0499 0.51897 0.40336-2.4423-0.70912-4.988-2.9792-6.2988-0.95179-0.54962-2.0328-0.83212-3.1292-0.81971z" fill="#d0f6ed" stroke-width=".14568"/><path d="m166.59 152.15c-1.5641 9.9e-4 -2.9951 0.51259-3.7051 1.324 0.94324 0.3021 1.8146 0.75292 2.5877 1.3259-1.2e-4 -3.9e-4 -1.6e-4 -1e-3 -2.9e-4 -1e-3 1.3493-0.74086 3.1114-1.2154 4.6422-1.5091-0.75982-0.70753-2.0913-1.1376-3.5245-1.1388v-5.6e-4z" fill="#4de564" stroke-width=".27973"/><path d="m172.56 152.93c-1.6055 0.16301-4.8923 0.66396-7.0864 1.8687 0.12815 0.095 0.25361 0.19321 0.37621 0.29474 2.6929 1.7639 5.3671 1.1376 6.8778 0.50616 0.14847-0.89893 0.0864-1.8121-0.16739-2.6696z" fill="#06c23c" stroke-width=".38858"/><path d="m170.2 144.17c-0.297-8e-3 -0.58809 0.14301-0.74764 0.41937l-0.15266 0.26436c-0.23207 0.40197-0.0953 0.91236 0.30665 1.1444l0.0712 0.0411-0.6784 1.175c-0.68491-0.19996-1.3964-0.30489-2.1144-0.30964l-3e-4 -2.9e-4c-0.13829-9.1e-4 -0.27683 2e-3 -0.41545 8e-3 -2.6278 0.12414-5.0122 1.5767-6.3272 3.8551-2.1338 3.6958-0.86761 8.4218 2.8282 10.556 3.696 2.1338 8.4218 0.86727 10.556-2.8288 1.8213-3.155 1.1646-7.0602-1.3656-9.463l0.67518-1.1694 0.0706 0.0407c0.40198 0.23207 0.91244 0.0953 1.1445-0.30665l0.15259-0.26436c0.23207-0.40197 0.0953-0.91243-0.30665-1.1445l-3.2996-1.905c-0.12562-0.0725-0.26181-0.10907-0.3968-0.11272zm-3.434 4.6336c1.0696-0.0121 2.1243 0.26346 3.0528 0.79964 2.2146 1.2787 3.1576 3.6198 2.7641 6.0024-1.5104 0.63142-4.0427 1.1156-6.7355-0.6483-1.3185-1.0919-2.8225-1.6679-4.6427-1.8609 0.13239-0.49643 0.33106-0.98387 0.60022-1.4501 1.0163-1.7604 2.7165-2.7406 4.7469-2.8365 0.0714-3e-3 0.14275-5e-3 0.21406-6e-3z" fill="#25935e" stroke-width=".28021"/></g></g></g></svg>
|
||||
|
Before Width: | Height: | Size: 2.2 KiB |
@ -1 +0,0 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.866 33.866"><path fill="#46a546" stroke-width=".275" d="m3.2563 0.90164h27.353c1.804 0 3.2563 1.4523 3.2563 3.2563v1.001e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-27.353c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1.001e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#f89406" stroke-width=".259" d="m3.2563 9.4185h23.546c1.804 0 3.2563 1.4523 3.2563 3.2563v1e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-23.546c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#c43c35" stroke-width=".269" d="m3.2563 17.935h25.95c1.804 0 3.2563 1.4523 3.2563 3.2563v1.01e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-25.95c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1.01e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#999" stroke-width=".212" d="m3.2563 26.452h13.726c1.804 0 3.2563 1.4523 3.2563 3.2563v1e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-13.726c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/></svg>
|
||||
|
Before Width: | Height: | Size: 1.0 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 5.5 KiB |
26
docs/assets/img/health/drip.svg
Normal file
26
docs/assets/img/health/drip.svg
Normal file
@ -0,0 +1,26 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="223px" height="223px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g><path style="opacity:0.999" fill="#000d19" d="M 9.5,-0.5 C 77.1667,-0.5 144.833,-0.5 212.5,-0.5C 216.833,1.83333 220.167,5.16667 222.5,9.5C 222.5,77.1667 222.5,144.833 222.5,212.5C 220.167,216.833 216.833,220.167 212.5,222.5C 144.833,222.5 77.1667,222.5 9.5,222.5C 5.16667,220.167 1.83333,216.833 -0.5,212.5C -0.5,144.833 -0.5,77.1667 -0.5,9.5C 1.83333,5.16667 5.16667,1.83333 9.5,-0.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#f6f7f7" d="M 78.5,53.5 C 78.5,56.1667 78.5,58.8333 78.5,61.5C 78.5,85.8333 78.5,110.167 78.5,134.5C 75.8333,134.5 73.1667,134.5 70.5,134.5C 71.5807,127.856 70.2474,126.689 66.5,131C 63.6907,132.741 60.6907,133.908 57.5,134.5C 55.1667,134.5 52.8333,134.5 50.5,134.5C 40.9915,133.487 34.4915,128.487 31,119.5C 27.2248,102.379 33.7248,91.3791 50.5,86.5C 52.9496,86.298 55.283,86.6314 57.5,87.5C 62.1899,88.3436 66.3566,90.3436 70,93.5C 70.4997,85.1733 70.6664,76.84 70.5,68.5C 70.5,65.8333 70.5,63.1667 70.5,60.5C 70.5,55.5 70.5,50.5 70.5,45.5C 73.1667,45.5 75.8333,45.5 78.5,45.5C 78.5,48.1667 78.5,50.8333 78.5,53.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#4ba59e" d="M 173.5,87.5 C 170.833,87.5 168.167,87.5 165.5,87.5C 152.554,62.4243 131.887,50.591 103.5,52C 94.49,53.5098 86.1566,56.6765 78.5,61.5C 78.5,58.8333 78.5,56.1667 78.5,53.5C 110.195,38.9759 138.029,44.3092 162,69.5C 166.107,75.3951 169.941,81.3951 173.5,87.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#010e19" d="M 165.5,87.5 C 160.636,88.0153 156.469,90.0153 153,93.5C 152.505,91.5273 152.338,89.5273 152.5,87.5C 149.833,87.5 147.167,87.5 144.5,87.5C 143.668,111.663 143.168,135.997 143,160.5C 119.036,174.794 95.8698,173.628 73.5,157C 66.2896,150.713 60.9563,143.213 57.5,134.5C 60.6907,133.908 63.6907,132.741 66.5,131C 70.2474,126.689 71.5807,127.856 70.5,134.5C 73.1667,134.5 75.8333,134.5 78.5,134.5C 78.5,110.167 78.5,85.8333 78.5,61.5C 86.1566,56.6765 94.49,53.5098 103.5,52C 131.887,50.591 152.554,62.4243 165.5,87.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#4aa59e" d="M 70.5,60.5 C 70.5,63.1667 70.5,65.8333 70.5,68.5C 64.1798,73.4846 59.8465,79.818 57.5,87.5C 55.283,86.6314 52.9496,86.298 50.5,86.5C 52.6286,80.2417 55.7953,74.5751 60,69.5C 63.0977,65.8926 66.5977,62.8926 70.5,60.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#06121c" d="M 70.5,68.5 C 70.6664,76.84 70.4997,85.1733 70,93.5C 66.3566,90.3436 62.1899,88.3436 57.5,87.5C 59.8465,79.818 64.1798,73.4846 70.5,68.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#f1f1f1" d="M 125.5,72.5 C 131.758,73.4774 133.091,76.6441 129.5,82C 123.324,83.1875 121.158,80.6875 123,74.5C 123.995,73.9341 124.828,73.2674 125.5,72.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#f7f7f7" d="M 144.5,87.5 C 147.167,87.5 149.833,87.5 152.5,87.5C 152.338,89.5273 152.505,91.5273 153,93.5C 156.469,90.0153 160.636,88.0153 165.5,87.5C 168.167,87.5 170.833,87.5 173.5,87.5C 185.551,90.058 192.217,97.558 193.5,110C 192.227,123.766 184.894,131.932 171.5,134.5C 169.167,134.5 166.833,134.5 164.5,134.5C 160.347,133.197 156.514,131.197 153,128.5C 152.5,136.493 152.334,144.493 152.5,152.5C 152.5,155.5 152.5,158.5 152.5,161.5C 152.5,166.167 152.5,170.833 152.5,175.5C 149.833,175.5 147.167,175.5 144.5,175.5C 144.5,172.833 144.5,170.167 144.5,167.5C 144.5,140.833 144.5,114.167 144.5,87.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#acadaf" d="M 98.5,92.5 C 98.44,93.0431 98.1067,93.3764 97.5,93.5C 96.5481,91.9547 96.2148,90.288 96.5,88.5C 94.1667,88.5 91.8333,88.5 89.5,88.5C 89.5,103.5 89.5,118.5 89.5,133.5C 91.8333,133.5 94.1667,133.5 96.5,133.5C 96.1734,124.318 96.5067,115.318 97.5,106.5C 97.5,115.833 97.5,125.167 97.5,134.5C 94.5,134.5 91.5,134.5 88.5,134.5C 88.5,118.833 88.5,103.167 88.5,87.5C 91.5,87.5 94.5,87.5 97.5,87.5C 97.2155,89.4147 97.5489,91.0813 98.5,92.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#fafafa" d="M 97.5,106.5 C 96.5067,115.318 96.1734,124.318 96.5,133.5C 94.1667,133.5 91.8333,133.5 89.5,133.5C 89.5,118.5 89.5,103.5 89.5,88.5C 91.8333,88.5 94.1667,88.5 96.5,88.5C 96.2148,90.288 96.5481,91.9547 97.5,93.5C 98.1067,93.3764 98.44,93.0431 98.5,92.5C 102.199,88.4866 106.865,86.8199 112.5,87.5C 112.5,90.5 112.5,93.5 112.5,96.5C 104.826,95.8435 99.8257,99.1768 97.5,106.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#aaacad" d="M 122.5,87.5 C 125.5,87.5 128.5,87.5 131.5,87.5C 131.5,103.167 131.5,118.833 131.5,134.5C 128.5,134.5 125.5,134.5 122.5,134.5C 122.5,118.833 122.5,103.167 122.5,87.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#fefffe" d="M 123.5,88.5 C 125.833,88.5 128.167,88.5 130.5,88.5C 130.5,103.5 130.5,118.5 130.5,133.5C 128.167,133.5 125.833,133.5 123.5,133.5C 123.5,118.5 123.5,103.5 123.5,88.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#4ca59e" d="M 53.5,95.5 C 52.8355,100.492 52.1688,105.492 51.5,110.5C 52.1683,115.841 52.835,121.175 53.5,126.5C 50.7718,126.829 48.4385,126.163 46.5,124.5C 45.2032,115.495 45.2032,106.495 46.5,97.5C 46.6107,96.8826 46.944,96.3826 47.5,96C 49.4727,95.5045 51.4727,95.3379 53.5,95.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#04111b" d="M 53.5,95.5 C 66.8791,98.589 71.0458,106.589 66,119.5C 62.9153,123.792 58.7486,126.125 53.5,126.5C 52.835,121.175 52.1683,115.841 51.5,110.5C 52.1688,105.492 52.8355,100.492 53.5,95.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#06131c" d="M 168.5,95.5 C 169.373,100.126 170.04,104.792 170.5,109.5C 169.941,115.187 169.274,120.854 168.5,126.5C 159.224,125.223 154.558,119.89 154.5,110.5C 155.039,101.628 159.705,96.6284 168.5,95.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#4aa59d" d="M 168.5,95.5 C 171.495,95.2938 174.162,95.9605 176.5,97.5C 176.81,106.32 176.477,115.32 175.5,124.5C 173.485,125.924 171.152,126.59 168.5,126.5C 169.274,120.854 169.941,115.187 170.5,109.5C 170.04,104.792 169.373,100.126 168.5,95.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#07131c" d="M 46.5,97.5 C 45.2032,106.495 45.2032,115.495 46.5,124.5C 40.9043,121.818 38.2376,117.318 38.5,111C 38.2505,104.652 40.9172,100.152 46.5,97.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#06111b" d="M 176.5,97.5 C 184.903,102.999 186.736,110.332 182,119.5C 180.223,121.79 178.056,123.457 175.5,124.5C 176.477,115.32 176.81,106.32 176.5,97.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#02101a" d="M 164.5,134.5 C 162.495,141.837 158.495,147.837 152.5,152.5C 152.334,144.493 152.5,136.493 153,128.5C 156.514,131.197 160.347,133.197 164.5,134.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#4fa099" d="M 144.5,87.5 C 144.5,114.167 144.5,140.833 144.5,167.5C 143.508,167.328 142.842,167.662 142.5,168.5C 111.15,182.997 83.6503,177.663 60,152.5C 55.723,147.064 52.5564,141.064 50.5,134.5C 52.8333,134.5 55.1667,134.5 57.5,134.5C 60.9563,143.213 66.2896,150.713 73.5,157C 95.8698,173.628 119.036,174.794 143,160.5C 143.168,135.997 143.668,111.663 144.5,87.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#4ba59e" d="M 164.5,134.5 C 166.833,134.5 169.167,134.5 171.5,134.5C 167.922,145.415 161.589,154.415 152.5,161.5C 152.5,158.5 152.5,155.5 152.5,152.5C 158.495,147.837 162.495,141.837 164.5,134.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#62696a" d="M 142.5,168.5 C 142.842,167.662 143.508,167.328 144.5,167.5C 144.5,170.167 144.5,172.833 144.5,175.5C 143.833,173.167 143.167,170.833 142.5,168.5 Z"/></g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 7.4 KiB |
29
docs/assets/img/health/euki.svg
Normal file
29
docs/assets/img/health/euki.svg
Normal file
@ -0,0 +1,29 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="240px" height="240px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g><path style="opacity:1" fill="#fefefe" d="M -0.5,-0.5 C 79.5,-0.5 159.5,-0.5 239.5,-0.5C 239.5,79.5 239.5,159.5 239.5,239.5C 159.5,239.5 79.5,239.5 -0.5,239.5C -0.5,159.5 -0.5,79.5 -0.5,-0.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#53786c" d="M 101.5,28.5 C 101.231,30.4286 101.731,32.0953 103,33.5C 103.974,31.1224 104.641,31.4557 105,34.5C 105.667,31.8333 106.333,31.8333 107,34.5C 109.316,33.6327 111.316,34.2993 113,36.5C 116.089,36.7819 119.256,36.7819 122.5,36.5C 126.361,37.8427 126.361,39.3427 122.5,41C 123.276,42.7698 123.11,44.6031 122,46.5C 121.667,46.1667 121.333,45.8333 121,45.5C 118.669,51.3163 116.169,56.483 113.5,61C 109.651,64.8464 105.484,68.3464 101,71.5C 100.667,71.1667 100.333,70.8333 100,70.5C 96.892,72.87 93.5587,74.87 90,76.5C 89.586,76.0426 89.086,75.7093 88.5,75.5C 87.4805,76.6872 86.3139,77.6872 85,78.5C 82.867,77.5823 80.7004,77.4156 78.5,78C 78.1667,77 77.8333,76 77.5,75C 80.1667,74.3333 80.1667,73.6667 77.5,73C 77.6158,71.7318 77.9491,70.3985 78.5,69C 77.6919,68.6924 77.0253,68.1924 76.5,67.5C 77.3966,67.3309 78.3966,66.9976 79.5,66.5C 78.3147,65.147 76.9814,63.9803 75.5,63C 77.9913,62.3741 77.9913,61.5407 75.5,60.5C 76.0253,59.8076 76.6919,59.3076 77.5,59C 73.1482,58.5811 72.8149,57.9145 76.5,57C 73.6384,56.0695 71.305,54.4029 69.5,52C 69.8333,51.6667 70.1667,51.3333 70.5,51C 69.552,50.5172 68.552,50.3505 67.5,50.5C 67.5,49.5 67.5,48.5 67.5,47.5C 78.1521,40.1684 89.4854,33.8351 101.5,28.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#558172" d="M 133.5,27.5 C 140.097,29.4651 146.097,32.4651 151.5,36.5C 153.05,39.1717 152.55,41.5051 150,43.5C 143.72,68.3435 129.72,86.3435 108,97.5C 106.927,96.7203 105.76,96.887 104.5,98C 106.301,98.3173 106.634,98.984 105.5,100C 100.86,100.871 97.1928,103.205 94.5,107C 94.8333,107.333 95.1667,107.667 95.5,108C 90.4919,108.76 88.1586,111.593 88.5,116.5C 88.9452,113.635 88.2785,111.135 86.5,109C 80.8431,108.501 75.1764,108.334 69.5,108.5C 69.5,105.5 69.5,102.5 69.5,99.5C 76.5079,99.6663 83.5079,99.4996 90.5,99C 93.3851,95.0562 93.0517,91.5562 89.5,88.5C 83.5,87.8333 77.5,87.1667 71.5,86.5C 76.5111,86.6659 81.5111,86.4993 86.5,86C 85.8333,85.3333 85.1667,84.6667 84.5,84C 87.1667,83.6667 89.8333,83.3333 92.5,83C 93.6667,82.5 94.5,81.6667 95,80.5C 95.6891,81.3567 96.5224,82.0233 97.5,82.5C 98.9122,81.1936 100.579,80.3603 102.5,80C 101.66,78.3335 102.16,78.1669 104,79.5C 107.834,77.753 110.834,75.0863 113,71.5C 115.695,70.4326 117.695,68.0993 119,64.5C 119.333,64.8333 119.667,65.1667 120,65.5C 124.702,59.7932 127.369,53.4599 128,46.5C 128.93,44.4476 130.43,42.9476 132.5,42C 131.601,39.4622 131.934,36.9622 133.5,34.5C 132.234,32.0276 132.234,29.6943 133.5,27.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#517c6f" d="M 133.5,27.5 C 132.234,29.6943 132.234,32.0276 133.5,34.5C 131.934,36.9622 131.601,39.4622 132.5,42C 130.43,42.9476 128.93,44.4476 128,46.5C 127.369,53.4599 124.702,59.7932 120,65.5C 119.667,65.1667 119.333,64.8333 119,64.5C 117.695,68.0993 115.695,70.4326 113,71.5C 110.834,75.0863 107.834,77.753 104,79.5C 102.16,78.1669 101.66,78.3335 102.5,80C 100.579,80.3603 98.9122,81.1936 97.5,82.5C 96.5224,82.0233 95.6891,81.3567 95,80.5C 94.5,81.6667 93.6667,82.5 92.5,83C 89.8333,83.3333 87.1667,83.6667 84.5,84C 85.1667,84.6667 85.8333,85.3333 86.5,86C 81.5111,86.4993 76.5111,86.6659 71.5,86.5C 64.343,86.7018 57.843,84.3684 52,79.5C 52.0016,75.3318 51.8349,71.1651 51.5,67C 52.2931,65.9148 52.9598,64.7481 53.5,63.5C 53.6837,61.5851 53.3503,59.5851 52.5,57.5C 56.9756,53.4254 61.9756,50.0921 67.5,47.5C 67.5,48.5 67.5,49.5 67.5,50.5C 68.552,50.3505 69.552,50.5172 70.5,51C 70.1667,51.3333 69.8333,51.6667 69.5,52C 71.305,54.4029 73.6384,56.0695 76.5,57C 72.8149,57.9145 73.1482,58.5811 77.5,59C 76.6919,59.3076 76.0253,59.8076 75.5,60.5C 77.9913,61.5407 77.9913,62.3741 75.5,63C 76.9814,63.9803 78.3147,65.147 79.5,66.5C 78.3966,66.9976 77.3966,67.3309 76.5,67.5C 77.0253,68.1924 77.6919,68.6924 78.5,69C 77.9491,70.3985 77.6158,71.7318 77.5,73C 80.1667,73.6667 80.1667,74.3333 77.5,75C 77.8333,76 78.1667,77 78.5,78C 80.7004,77.4156 82.867,77.5823 85,78.5C 86.3139,77.6872 87.4805,76.6872 88.5,75.5C 89.086,75.7093 89.586,76.0426 90,76.5C 93.5587,74.87 96.892,72.87 100,70.5C 100.333,70.8333 100.667,71.1667 101,71.5C 105.484,68.3464 109.651,64.8464 113.5,61C 116.169,56.483 118.669,51.3163 121,45.5C 121.333,45.8333 121.667,46.1667 122,46.5C 123.11,44.6031 123.276,42.7698 122.5,41C 126.361,39.3427 126.361,37.8427 122.5,36.5C 119.256,36.7819 116.089,36.7819 113,36.5C 111.316,34.2993 109.316,33.6327 107,34.5C 106.333,31.8333 105.667,31.8333 105,34.5C 104.641,31.4557 103.974,31.1224 103,33.5C 101.731,32.0953 101.231,30.4286 101.5,28.5C 107.267,25.6186 113.267,23.2853 119.5,21.5C 124.641,22.6051 129.307,24.6051 133.5,27.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#5a8674" d="M 151.5,36.5 C 159.986,39.5711 167.653,43.9044 174.5,49.5C 174.84,53.1309 174.006,56.4642 172,59.5C 171.667,59.1667 171.333,58.8333 171,58.5C 169.674,63.1603 167.341,67.1603 164,70.5C 162.334,69.6598 162.167,70.1598 163.5,72C 160.803,74.0395 158.137,76.0395 155.5,78C 154.5,80.3333 152.833,82 150.5,83C 150.833,83.3333 151.167,83.6667 151.5,84C 149.261,86.0865 146.927,87.9198 144.5,89.5C 141.59,88.1861 139.09,88.8527 137,91.5C 136.5,106.496 136.333,121.496 136.5,136.5C 135.829,133.242 134.996,129.909 134,126.5C 133.692,127.308 133.192,127.975 132.5,128.5C 132.167,127.833 131.833,127.167 131.5,126.5C 130.808,127.025 130.308,127.692 130,128.5C 129.828,122.319 129.328,116.319 128.5,110.5C 126.243,108.416 123.743,108.083 121,109.5C 119.755,115.39 119.088,121.39 119,127.5C 115.399,132.321 111.399,132.654 107,128.5C 105.804,122.581 105.138,116.581 105,110.5C 101.742,107.654 98.9083,107.987 96.5,111.5C 95.2114,117.191 95.2114,123.025 96.5,129C 93.9898,130.293 93.3231,132.126 94.5,134.5C 94.0428,136.598 93.0428,138.264 91.5,139.5C 91.9383,137.874 92.2716,136.207 92.5,134.5C 92.6598,132.645 91.9931,131.312 90.5,130.5C 83.6866,129.509 76.6866,129.175 69.5,129.5C 69.5,125.833 69.5,122.167 69.5,118.5C 75.1764,118.666 80.8431,118.499 86.5,118C 87.0442,117.283 87.7109,116.783 88.5,116.5C 88.1586,111.593 90.4919,108.76 95.5,108C 95.1667,107.667 94.8333,107.333 94.5,107C 97.1928,103.205 100.86,100.871 105.5,100C 106.634,98.984 106.301,98.3173 104.5,98C 105.76,96.887 106.927,96.7203 108,97.5C 129.72,86.3435 143.72,68.3435 150,43.5C 152.55,41.5051 153.05,39.1717 151.5,36.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#648d78" d="M 174.5,49.5 C 186.306,55.3033 195.973,63.6367 203.5,74.5C 199.523,78.3245 196.023,82.6578 193,87.5C 192.667,86.8333 192.333,86.1667 192,85.5C 188.962,89.5017 185.962,92.8351 183,95.5C 182.768,94.2625 182.268,93.2625 181.5,92.5C 181.586,91.5041 181.252,90.6708 180.5,90C 173.678,88.1624 171.178,90.6624 173,97.5C 173.708,98.3805 174.542,99.0472 175.5,99.5C 176.077,102.55 174.91,104.55 172,105.5C 171.138,107.087 170.471,108.754 170,110.5C 168.989,111.337 167.822,111.67 166.5,111.5C 166.657,112.873 166.49,114.207 166,115.5C 165.31,116.738 164.81,116.738 164.5,115.5C 165.999,111.831 164.832,109.498 161,108.5C 155.817,111.001 151.151,114.335 147,118.5C 146.667,109.167 146.333,99.8333 146,90.5C 145.617,89.944 145.117,89.6107 144.5,89.5C 146.927,87.9198 149.261,86.0865 151.5,84C 151.167,83.6667 150.833,83.3333 150.5,83C 152.833,82 154.5,80.3333 155.5,78C 158.137,76.0395 160.803,74.0395 163.5,72C 162.167,70.1598 162.334,69.6598 164,70.5C 167.341,67.1603 169.674,63.1603 171,58.5C 171.333,58.8333 171.667,59.1667 172,59.5C 174.006,56.4642 174.84,53.1309 174.5,49.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#6d9279" d="M 203.5,74.5 C 206.277,76.9505 208.277,79.9505 209.5,83.5C 201.726,91.5946 194.06,99.9279 186.5,108.5C 184.604,109.275 182.937,110.275 181.5,111.5C 179.947,108.746 177.614,107.913 174.5,109C 173.177,109.816 172.511,110.983 172.5,112.5C 171.671,120.657 171.171,128.99 171,137.5C 170.423,132.379 169.423,132.379 168,137.5C 167.722,136.584 167.222,135.918 166.5,135.5C 163.794,130.614 160.461,126.114 156.5,122C 159.331,119.999 161.997,117.833 164.5,115.5C 164.81,116.738 165.31,116.738 166,115.5C 166.49,114.207 166.657,112.873 166.5,111.5C 167.822,111.67 168.989,111.337 170,110.5C 170.471,108.754 171.138,107.087 172,105.5C 174.91,104.55 176.077,102.55 175.5,99.5C 180.323,99.6728 182.323,97.3394 181.5,92.5C 182.268,93.2625 182.768,94.2625 183,95.5C 185.962,92.8351 188.962,89.5017 192,85.5C 192.333,86.1667 192.667,86.8333 193,87.5C 196.023,82.6578 199.523,78.3245 203.5,74.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#467e6f" d="M 52.5,57.5 C 53.3503,59.5851 53.6837,61.5851 53.5,63.5C 52.9598,64.7481 52.2931,65.9148 51.5,67C 51.8349,71.1651 52.0016,75.3318 52,79.5C 57.843,84.3684 64.343,86.7018 71.5,86.5C 77.5,87.1667 83.5,87.8333 89.5,88.5C 80.4938,88.3336 71.4938,88.5002 62.5,89C 61.5838,89.3742 60.7504,89.8742 60,90.5C 58.5318,105.737 58.0318,121.07 58.5,136.5C 57.6695,125.674 57.1695,114.674 57,103.5C 56.8078,105.577 56.3078,107.577 55.5,109.5C 54.0944,108.332 52.9277,108.665 52,110.5C 50,107.833 48,107.833 46,110.5C 45.6667,110.167 45.3333,109.833 45,109.5C 42.5314,111.645 40.5314,110.979 39,107.5C 38.3333,110.167 37.6667,110.167 37,107.5C 34.0964,109.598 31.2631,109.931 28.5,108.5C 27.3044,108.846 27.3044,109.346 28.5,110C 23.9771,111.149 21.6438,113.982 21.5,118.5C 20.9635,92.5722 31.2968,72.2388 52.5,57.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#f7f9f8" d="M 89.5,88.5 C 93.0517,91.5562 93.3851,95.0562 90.5,99C 83.5079,99.4996 76.5079,99.6663 69.5,99.5C 69.5,102.5 69.5,105.5 69.5,108.5C 75.1764,108.334 80.8431,108.501 86.5,109C 88.2785,111.135 88.9452,113.635 88.5,116.5C 87.7109,116.783 87.0442,117.283 86.5,118C 80.8431,118.499 75.1764,118.666 69.5,118.5C 68.5166,122.298 68.1832,126.298 68.5,130.5C 75.8333,130.5 83.1667,130.5 90.5,130.5C 91.9931,131.312 92.6598,132.645 92.5,134.5C 92.2716,136.207 91.9383,137.874 91.5,139.5C 90.5084,139.328 89.8417,139.662 89.5,140.5C 80.1607,140.666 70.8274,140.5 61.5,140C 60.3636,138.855 59.3636,137.688 58.5,136.5C 58.0318,121.07 58.5318,105.737 60,90.5C 60.7504,89.8742 61.5838,89.3742 62.5,89C 71.4938,88.5002 80.4938,88.3336 89.5,88.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#fafbfa" d="M 144.5,89.5 C 145.117,89.6107 145.617,89.944 146,90.5C 146.333,99.8333 146.667,109.167 147,118.5C 151.151,114.335 155.817,111.001 161,108.5C 164.832,109.498 165.999,111.831 164.5,115.5C 161.997,117.833 159.331,119.999 156.5,122C 160.461,126.114 163.794,130.614 166.5,135.5C 166.532,140.213 164.199,141.713 159.5,140C 156,135.833 152.5,131.667 149,127.5C 148.586,127.957 148.086,128.291 147.5,128.5C 146.676,131.785 146.176,135.118 146,138.5C 145.302,139.691 144.469,140.691 143.5,141.5C 139.763,141.759 137.43,140.093 136.5,136.5C 136.333,121.496 136.5,106.496 137,91.5C 139.09,88.8527 141.59,88.1861 144.5,89.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#f4f6f5" d="M 181.5,92.5 C 182.323,97.3394 180.323,99.6728 175.5,99.5C 174.542,99.0472 173.708,98.3805 173,97.5C 171.178,90.6624 173.678,88.1624 180.5,90C 181.252,90.6708 181.586,91.5041 181.5,92.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#79987c" d="M 209.5,83.5 C 214.012,89.7035 216.346,96.7035 216.5,104.5C 216.719,105.675 216.386,106.675 215.5,107.5C 206.806,113.672 199.972,121.006 195,129.5C 193.184,131.441 191.184,132.108 189,131.5C 186.904,132.715 187.071,133.549 189.5,134C 188.747,135.487 187.914,135.654 187,134.5C 185.945,137.056 184.112,138.723 181.5,139.5C 181.5,130.167 181.5,120.833 181.5,111.5C 182.937,110.275 184.604,109.275 186.5,108.5C 194.06,99.9279 201.726,91.5946 209.5,83.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#4e8775" d="M 58.5,136.5 C 59.3636,137.688 60.3636,138.855 61.5,140C 70.8274,140.5 80.1607,140.666 89.5,140.5C 80.676,141.33 71.676,141.83 62.5,142C 63.8333,142.333 65.1667,142.667 66.5,143C 63.7372,146.435 60.4039,149.101 56.5,151C 56.8333,151.333 57.1667,151.667 57.5,152C 56.5,152.333 55.5,152.667 54.5,153C 51.4791,157.018 48.1458,160.684 44.5,164C 45.8333,165 47.1667,166 48.5,167C 48.2716,167.399 47.9382,167.565 47.5,167.5C 31.2433,155.326 22.5767,138.992 21.5,118.5C 21.6438,113.982 23.9771,111.149 28.5,110C 27.3044,109.346 27.3044,108.846 28.5,108.5C 31.2631,109.931 34.0964,109.598 37,107.5C 37.6667,110.167 38.3333,110.167 39,107.5C 40.5314,110.979 42.5314,111.645 45,109.5C 45.3333,109.833 45.6667,110.167 46,110.5C 48,107.833 50,107.833 52,110.5C 52.9277,108.665 54.0944,108.332 55.5,109.5C 56.3078,107.577 56.8078,105.577 57,103.5C 57.1695,114.674 57.6695,125.674 58.5,136.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#f9fafa" d="M 128.5,110.5 C 128.666,117.508 128.5,124.508 128,131.5C 121.85,140.647 113.683,142.981 103.5,138.5C 101.5,136.329 99.6665,133.996 98,131.5C 96.7264,124.897 96.2264,118.23 96.5,111.5C 98.9083,107.987 101.742,107.654 105,110.5C 105.138,116.581 105.804,122.581 107,128.5C 111.399,132.654 115.399,132.321 119,127.5C 119.088,121.39 119.755,115.39 121,109.5C 123.743,108.083 126.243,108.416 128.5,110.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#fafbfa" d="M 181.5,111.5 C 181.5,120.833 181.5,130.167 181.5,139.5C 179.621,140.341 177.621,140.675 175.5,140.5C 174.25,140.423 173.417,139.756 173,138.5C 172.5,129.84 172.334,121.173 172.5,112.5C 172.511,110.983 173.177,109.816 174.5,109C 177.614,107.913 179.947,108.746 181.5,111.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#d3dbd7" d="M 69.5,118.5 C 69.5,122.167 69.5,125.833 69.5,129.5C 76.6866,129.175 83.6866,129.509 90.5,130.5C 83.1667,130.5 75.8333,130.5 68.5,130.5C 68.1832,126.298 68.5166,122.298 69.5,118.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#82987d" d="M 216.5,104.5 C 220.235,128.213 213.235,148.213 195.5,164.5C 194.668,163.671 195.001,162.838 196.5,162C 194.729,159.887 193.229,160.053 192,162.5C 189.792,161.555 187.292,161.555 184.5,162.5C 182.436,160.739 180.269,160.405 178,161.5C 176.266,160.751 174.433,160.251 172.5,160C 173.672,159.581 174.672,158.915 175.5,158C 173.668,157.252 172.001,156.252 170.5,155C 171.951,155.263 173.284,155.096 174.5,154.5C 173.873,153.583 173.539,152.583 173.5,151.5C 173.938,151.565 174.272,151.399 174.5,151C 172.671,149.887 171.837,148.387 172,146.5C 173.637,144.19 175.804,142.69 178.5,142C 177.263,141.768 176.263,141.268 175.5,140.5C 177.621,140.675 179.621,140.341 181.5,139.5C 184.112,138.723 185.945,137.056 187,134.5C 187.914,135.654 188.747,135.487 189.5,134C 187.071,133.549 186.904,132.715 189,131.5C 191.184,132.108 193.184,131.441 195,129.5C 199.972,121.006 206.806,113.672 215.5,107.5C 216.386,106.675 216.719,105.675 216.5,104.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#678d7a" d="M 96.5,111.5 C 96.2264,118.23 96.7264,124.897 98,131.5C 99.6665,133.996 101.5,136.329 103.5,138.5C 100.658,139.172 98.1575,140.506 96,142.5C 95.6667,142.167 95.3333,141.833 95,141.5C 80.3684,150.109 67.5351,160.109 56.5,171.5C 56.8627,172.183 57.1961,172.85 57.5,173.5C 53.4945,172.502 50.1612,170.502 47.5,167.5C 47.9382,167.565 48.2716,167.399 48.5,167C 47.1667,166 45.8333,165 44.5,164C 48.1458,160.684 51.4791,157.018 54.5,153C 55.5,152.667 56.5,152.333 57.5,152C 57.1667,151.667 56.8333,151.333 56.5,151C 60.4039,149.101 63.7372,146.435 66.5,143C 65.1667,142.667 63.8333,142.333 62.5,142C 71.676,141.83 80.676,141.33 89.5,140.5C 89.8417,139.662 90.5084,139.328 91.5,139.5C 93.0428,138.264 94.0428,136.598 94.5,134.5C 93.3231,132.126 93.9898,130.293 96.5,129C 95.2114,123.025 95.2114,117.191 96.5,111.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#728d7b" d="M 128.5,110.5 C 129.328,116.319 129.828,122.319 130,128.5C 130.308,127.692 130.808,127.025 131.5,126.5C 131.833,127.167 132.167,127.833 132.5,128.5C 133.192,127.975 133.692,127.308 134,126.5C 134.996,129.909 135.829,133.242 136.5,136.5C 137.43,140.093 139.763,141.759 143.5,141.5C 141.49,142.693 139.324,142.693 137,141.5C 133.066,141.964 129.066,142.964 125,144.5C 124.667,144.167 124.333,143.833 124,143.5C 115.309,147.301 106.142,150.801 96.5,154C 85.9101,160.916 75.5768,168.249 65.5,176C 66.5707,176.852 67.5707,177.685 68.5,178.5C 64.4179,177.624 60.7512,175.957 57.5,173.5C 57.1961,172.85 56.8627,172.183 56.5,171.5C 67.5351,160.109 80.3684,150.109 95,141.5C 95.3333,141.833 95.6667,142.167 96,142.5C 98.1575,140.506 100.658,139.172 103.5,138.5C 113.683,142.981 121.85,140.647 128,131.5C 128.5,124.508 128.666,117.508 128.5,110.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#7c917c" d="M 172.5,112.5 C 172.334,121.173 172.5,129.84 173,138.5C 173.417,139.756 174.25,140.423 175.5,140.5C 176.263,141.268 177.263,141.768 178.5,142C 175.804,142.69 173.637,144.19 172,146.5C 171.837,148.387 172.671,149.887 174.5,151C 174.272,151.399 173.938,151.565 173.5,151.5C 171.533,151.739 169.699,151.406 168,150.5C 163.467,152.036 158.8,153.036 154,153.5C 149.118,152.871 143.618,152.704 137.5,153C 136.5,152.667 135.5,152.333 134.5,152C 136.623,151.185 138.623,150.185 140.5,149C 139.892,148.13 139.059,147.63 138,147.5C 119.823,150.136 102.323,156.303 85.5,166C 80.2114,169.62 75.2114,173.62 70.5,178C 71.5707,178.852 72.5707,179.685 73.5,180.5C 71.4471,180.598 69.7804,179.931 68.5,178.5C 67.5707,177.685 66.5707,176.852 65.5,176C 75.5768,168.249 85.9101,160.916 96.5,154C 106.142,150.801 115.309,147.301 124,143.5C 124.333,143.833 124.667,144.167 125,144.5C 129.066,142.964 133.066,141.964 137,141.5C 139.324,142.693 141.49,142.693 143.5,141.5C 144.469,140.691 145.302,139.691 146,138.5C 146.176,135.118 146.676,131.785 147.5,128.5C 148.086,128.291 148.586,127.957 149,127.5C 152.5,131.667 156,135.833 159.5,140C 164.199,141.713 166.532,140.213 166.5,135.5C 167.222,135.918 167.722,136.584 168,137.5C 169.423,132.379 170.423,132.379 171,137.5C 171.171,128.99 171.671,120.657 172.5,112.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#86907b" d="M 173.5,151.5 C 173.539,152.583 173.873,153.583 174.5,154.5C 173.284,155.096 171.951,155.263 170.5,155C 172.001,156.252 173.668,157.252 175.5,158C 174.672,158.915 173.672,159.581 172.5,160C 174.433,160.251 176.266,160.751 178,161.5C 180.269,160.405 182.436,160.739 184.5,162.5C 187.292,161.555 189.792,161.555 192,162.5C 193.229,160.053 194.729,159.887 196.5,162C 195.001,162.838 194.668,163.671 195.5,164.5C 189.837,170.006 183.17,174.006 175.5,176.5C 175.146,174.459 175.146,172.626 175.5,171C 174.833,170.333 174.167,169.667 173.5,169C 169.579,168.026 165.746,166.859 162,165.5C 160.984,166.634 160.317,166.301 160,164.5C 158.333,164.5 156.667,164.5 155,164.5C 154.667,163.833 154.333,163.167 154,162.5C 151.667,163.833 150.667,163.167 151,160.5C 152.135,160.273 153.302,159.94 154.5,159.5C 148.863,158.337 143.196,158.17 137.5,159C 134.128,159.134 130.961,159.968 128,161.5C 126.044,161.339 124.044,161.006 122,160.5C 115.047,162.615 108.213,165.115 101.5,168C 94.228,172.274 87.228,176.941 80.5,182C 82.3427,182.159 83.0093,182.659 82.5,183.5C 79.2154,183.072 76.2154,182.072 73.5,180.5C 72.5707,179.685 71.5707,178.852 70.5,178C 75.2114,173.62 80.2114,169.62 85.5,166C 102.323,156.303 119.823,150.136 138,147.5C 139.059,147.63 139.892,148.13 140.5,149C 138.623,150.185 136.623,151.185 134.5,152C 135.5,152.333 136.5,152.667 137.5,153C 143.618,152.704 149.118,152.871 154,153.5C 158.8,153.036 163.467,152.036 168,150.5C 169.699,151.406 171.533,151.739 173.5,151.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#93907b" d="M 175.5,176.5 C 170.618,179.464 165.285,181.464 159.5,182.5C 155.992,179.56 152.158,176.894 148,174.5C 130.584,170.68 114.084,173.847 98.5,184C 97.7476,184.671 97.4142,185.504 97.5,186.5C 92.1059,186.876 87.1059,185.876 82.5,183.5C 83.0093,182.659 82.3427,182.159 80.5,182C 87.228,176.941 94.228,172.274 101.5,168C 108.213,165.115 115.047,162.615 122,160.5C 124.044,161.006 126.044,161.339 128,161.5C 130.961,159.968 134.128,159.134 137.5,159C 143.196,158.17 148.863,158.337 154.5,159.5C 153.302,159.94 152.135,160.273 151,160.5C 150.667,163.167 151.667,163.833 154,162.5C 154.333,163.167 154.667,163.833 155,164.5C 156.667,164.5 158.333,164.5 160,164.5C 160.317,166.301 160.984,166.634 162,165.5C 165.746,166.859 169.579,168.026 173.5,169C 174.167,169.667 174.833,170.333 175.5,171C 175.146,172.626 175.146,174.459 175.5,176.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#a3907b" d="M 159.5,182.5 C 150.977,184.717 142.311,186.717 133.5,188.5C 133.389,187.883 133.056,187.383 132.5,187C 124.54,185.73 117.374,186.897 111,190.5C 110.329,189.748 109.496,189.414 108.5,189.5C 105.009,187.892 101.342,186.892 97.5,186.5C 97.4142,185.504 97.7476,184.671 98.5,184C 114.084,173.847 130.584,170.68 148,174.5C 152.158,176.894 155.992,179.56 159.5,182.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#b88f7b" d="M 133.5,188.5 C 129.88,190.285 127.047,192.952 125,196.5C 124.828,203.013 124.328,209.347 123.5,215.5C 123.666,210.489 123.499,205.489 123,200.5C 121.648,202.432 119.815,203.766 117.5,204.5C 116.808,203.975 116.308,203.308 116,202.5C 115.501,206.821 115.334,211.154 115.5,215.5C 114.672,209.347 114.172,203.013 114,196.5C 112.334,194.004 110.5,191.671 108.5,189.5C 109.496,189.414 110.329,189.748 111,190.5C 117.374,186.897 124.54,185.73 132.5,187C 133.056,187.383 133.389,187.883 133.5,188.5 Z"/></g>
|
||||
<g><path style="opacity:1" fill="#d08a75" d="M 123.5,215.5 C 120.757,218.059 118.09,218.059 115.5,215.5C 115.334,211.154 115.501,206.821 116,202.5C 116.308,203.308 116.808,203.975 117.5,204.5C 119.815,203.766 121.648,202.432 123,200.5C 123.499,205.489 123.666,210.489 123.5,215.5 Z"/></g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 21 KiB |
2
docs/assets/img/messengers/molly.svg
Normal file
2
docs/assets/img/messengers/molly.svg
Normal file
@ -0,0 +1,2 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="127.99" height="128" version="1.1" viewBox="0 0 33.864 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(-48.383 -89.279)"><g transform="matrix(.083544 0 0 .083551 36.799 77.694)"><path d="m220.51 504.06 120.82 39.937 1.2e-4 4e-5 -143.92-5e-5zm323.49-162.73c0 111.93-90.737 202.67-202.67 202.67-111.93-1e-5 -202.67-90.737-202.67-202.67s90.737-202.67 202.67-202.67c111.93 0 202.67 90.737 202.67 202.67z" fill="#7663f0"/><g transform="translate(-5.1601e-6,-4.0973)"><circle cx="341" cy="433.47" r="23.536" fill="#f9f8fe" stroke-width=".64448"/><circle cx="439.19" cy="375.64" r="23.536" fill="#aaa4ce" stroke-width=".64448"/><circle cx="242.81" cy="375.64" r="23.536" fill="#cba1fe" stroke-width=".64447"/><g stroke-width=".64448"><circle cx="439.19" cy="433.47" r="23.536" fill="#f9f8fe"/><circle cx="439.19" cy="317.82" r="23.536" fill="#aacdf4"/><circle cx="242.81" cy="260" r="23.536" fill="#4b0f9f"/></g><circle cx="242.81" cy="317.82" r="23.536" fill="#aaa4ce" stroke-width=".64447"/><g stroke-width=".64448"><circle cx="242.81" cy="433.47" r="23.536" fill="#f9f8fe"/><circle cx="341" cy="317.82" r="23.536" fill="#4b0f9f"/><circle cx="341" cy="375.64" r="23.536" fill="#aacdf4"/></g><circle cx="439.19" cy="260" r="23.536" fill="#4b0f9f" stroke-width=".64447"/></g></g></g></svg>
|
||||
|
After Width: | Height: | Size: 1.3 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 12 KiB |
@ -1,15 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE svg PUBLIC '-//W3C//DTD SVG 1.1//EN' 'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'>
|
||||
<svg clip-rule="evenodd" fill-rule="evenodd" stroke-linejoin="round" stroke-miterlimit="2" version="1.1" viewBox="0 0 33 34" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<path d="m4.581 4.337c-0.113 0.379-0.049 0.822 0.077 1.707l1.604 11.224c0.277 1.939 0.415 2.909 0.782 3.775 0.325 0.768 0.781 1.474 1.346 2.087 0.638 0.691 1.465 1.217 3.117 2.269l2.349 1.495c1.126 0.716 1.69 1.075 2.295 1.214 0.465 0.108 0.947 0.121 1.416 0.042-0.388-0.887-0.603-1.867-0.603-2.897 0-3.996 3.24-7.236 7.236-7.236 1.166 0 2.268 0.276 3.243 0.766 0.069-0.432 0.14-0.929 0.223-1.514v-1e-3l1.604-11.224c0.126-0.885 0.19-1.328 0.077-1.707-0.099-0.334-0.292-0.632-0.557-0.859-0.3-0.257-0.73-0.38-1.59-0.626l-9.441-2.697c-0.296-0.085-0.444-0.127-0.594-0.144-0.134-0.015-0.268-0.015-0.402 0-0.15 0.017-0.298 0.059-0.594 0.144l-9.441 2.697c-0.86 0.246-1.29 0.369-1.59 0.626-0.265 0.227-0.458 0.525-0.557 0.859z" fill="#ffd06f"/>
|
||||
<clipPath id="_clip1">
|
||||
<path d="m4.581 4.337c-0.113 0.379-0.049 0.822 0.077 1.707l1.604 11.224c0.277 1.939 0.415 2.909 0.782 3.775 0.325 0.768 0.781 1.474 1.346 2.087 0.638 0.691 1.465 1.217 3.117 2.269l2.349 1.495c1.126 0.716 1.69 1.075 2.295 1.214 0.465 0.108 0.947 0.121 1.416 0.042-0.388-0.887-0.603-1.867-0.603-2.897 0-3.996 3.24-7.236 7.236-7.236 1.166 0 2.268 0.276 3.243 0.766 0.069-0.432 0.14-0.929 0.223-1.514v-1e-3l1.604-11.224c0.126-0.885 0.19-1.328 0.077-1.707-0.099-0.334-0.292-0.632-0.557-0.859-0.3-0.257-0.73-0.38-1.59-0.626l-9.441-2.697c-0.296-0.085-0.444-0.127-0.594-0.144-0.134-0.015-0.268-0.015-0.402 0-0.15 0.017-0.298 0.059-0.594 0.144l-9.441 2.697c-0.86 0.246-1.29 0.369-1.59 0.626-0.265 0.227-0.458 0.525-0.557 0.859z"/>
|
||||
</clipPath>
|
||||
<g clip-path="url(#_clip1)">
|
||||
<use transform="scale(.99533 .97244)" x="4.544" width="24.883px" height="28.201px" xlink:href="#_Image2"/>
|
||||
</g>
|
||||
<path d="m13.246 2.719c0.066-7e-3 0.134-7e-3 0.201 0 0.057 7e-3 0.122 0.022 0.446 0.114l9.44 2.698c0.444 0.126 0.727 0.208 0.94 0.287 0.202 0.075 0.274 0.124 0.311 0.156 0.132 0.113 0.229 0.262 0.278 0.429 0.014 0.047 0.03 0.133 0.016 0.348-0.015 0.226-0.056 0.518-0.122 0.974l-1.346 9.426c-4.125 0.397-7.351 3.873-7.351 8.102 0 0.835 0.126 1.641 0.36 2.4l-0.451 0.286c-1.183 0.753-1.594 1.001-2.012 1.097-0.401 0.092-0.818 0.092-1.22 0-0.417-0.096-0.829-0.344-2.012-1.097l-2.349-1.494c-1.693-1.078-2.398-1.535-2.938-2.12-0.495-0.536-0.894-1.153-1.178-1.825-0.31-0.733-0.436-1.564-0.72-3.551l-1.603-11.224c-0.066-0.456-0.107-0.748-0.121-0.974-0.015-0.215 1e-3 -0.301 0.015-0.348 0.05-0.167 0.146-0.316 0.279-0.429 0.036-0.032 0.109-0.081 0.31-0.156 0.213-0.079 0.496-0.161 0.94-0.287l9.44-2.698c0.324-0.092 0.389-0.107 0.447-0.114zm13.306 5.231-1.318 9.228c4.007 0.508 7.106 3.93 7.106 8.075 0 4.496-3.644 8.141-8.14 8.141-3.01 0-5.639-1.634-7.048-4.064l-0.212 0.136-0.135 0.085c-0.996 0.634-1.683 1.072-2.443 1.248-0.668 0.154-1.364 0.154-2.032 0-0.76-0.176-1.447-0.614-2.443-1.248l-0.134-0.085-2.466-1.57c-1.541-0.98-2.461-1.565-3.179-2.344-0.637-0.689-1.149-1.483-1.515-2.347-0.413-0.976-0.567-2.054-0.825-3.863l-1.628-11.392c-0.059-0.416-0.111-0.778-0.131-1.081-0.021-0.323-0.012-0.648 0.087-0.98 0.148-0.501 0.439-0.949 0.835-1.289 0.264-0.226 0.557-0.366 0.86-0.478 0.285-0.106 0.636-0.206 1.04-0.322l0.031-9e-3 9.44-2.697 0.05-0.014c0.247-0.071 0.465-0.133 0.693-0.159 0.2-0.022 0.402-0.022 0.603 0 0.227 0.026 0.445 0.088 0.692 0.159l0.05 0.014 9.471 2.706c0.404 0.116 0.755 0.216 1.04 0.322 0.304 0.112 0.596 0.252 0.86 0.478 0.397 0.34 0.687 0.788 0.835 1.289 0.099 0.332 0.108 0.657 0.087 0.98-0.02 0.303-0.072 0.665-0.131 1.08v1e-3zm-2.352 10.972c-3.497 0-6.332 2.835-6.332 6.331 0 3.497 2.835 6.332 6.332 6.332s6.331-2.835 6.331-6.332c0-3.496-2.834-6.331-6.331-6.331zm4.313 4.197c0.319-0.384 0.268-0.954-0.116-1.274s-0.954-0.268-1.274 0.116l-3.888 4.666-2.013-2.013c-0.354-0.353-0.926-0.353-1.28 0-0.353 0.353-0.353 0.926 0 1.279l2.714 2.713c0.18 0.18 0.427 0.276 0.68 0.264 0.254-0.011 0.492-0.129 0.654-0.324l4.523-5.427zm-19.689-10.529c0-2.497 2.024-4.522 4.522-4.522s4.522 2.025 4.522 4.522c0 1.48-0.71 2.794-1.809 3.619v3.617c0 1.499-1.214 2.714-2.713 2.714s-2.713-1.215-2.713-2.714v-3.617c-1.099-0.825-1.809-2.139-1.809-3.619zm5.426 4.523h-1.808v2.713c0 0.5 0.405 0.905 0.904 0.905 0.5 0 0.904-0.405 0.904-0.905v-2.713zm-0.904-1.809c1.499 0 2.713-1.215 2.713-2.714 0-1.498-1.214-2.713-2.713-2.713s-2.713 1.215-2.713 2.713c0 1.499 1.214 2.714 2.713 2.714z" fill="#28323f"/>
|
||||
<defs>
|
||||
<image id="_Image2" width="25px" height="29px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABkAAAAdCAYAAABfeMd1AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAa0lEQVRIiWP8U1b2n4HGgInWFgwvS1gYhOhgCbMp7S0ZPnFCp4gXpYclivSwhA4BNowi/vBzZtpbsuUBK80tGT5xQqcc/y6UDpZ806G5JcMoThj/07xFxMBid+sE7S1h+/ub5pYMn4iniyUAs5sPQ3yZHVsAAAAASUVORK5CYII="/>
|
||||
</defs>
|
||||
</svg>
|
||||
|
Before Width: | Height: | Size: 4.9 KiB |
@ -59,5 +59,3 @@ Even when you are able to delete an account, there is no guarantee that all your
|
||||
## Avoid New Accounts
|
||||
|
||||
As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you!
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -38,7 +38,7 @@ To minimize the potential damage that a malicious piece of software can do, you
|
||||
|
||||
Mobile operating systems are generally safer than desktop operating systems when it comes to application sandboxing. Apps cannot obtain root access and only have access to system resources which you grant them.
|
||||
|
||||
Desktop operating systems generally lag behind on proper sandboxing. Chrome OS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of virtual machines or containers, such as Qubes OS.
|
||||
Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of virtual machines or containers, such as Qubes OS.
|
||||
|
||||
<span class="pg-red">:material-target-account: Targeted Attacks</span>
|
||||
|
||||
|
||||
@ -304,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a
|
||||
It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps.
|
||||
|
||||
This feature does come at a privacy cost, as it tells the DNS server some information about the client's location.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -38,5 +38,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
|
||||
### Why Can't Metadata be E2EE?
|
||||
|
||||
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
title: "Multifactor Authentication"
|
||||
title: "Multi-factor Authentication"
|
||||
icon: 'material/two-factor-authentication'
|
||||
---
|
||||
**Multifactor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
**Multi-factor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
|
||||
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
|
||||
|
||||
@ -40,7 +40,7 @@ Although not perfect, TOTP is secure enough for most people, and when [hardware
|
||||
|
||||
The YubiKey stores data on a tamper-resistant solid-state chip which is [impossible to access](https://security.stackexchange.com/a/245772) non-destructively without an expensive process and a forensics laboratory.
|
||||
|
||||
These keys are generally multifunction and provide a number of methods to authenticate. Below are the most common ones.
|
||||
These keys are generally multi-function and provide a number of methods to authenticate. Below are the most common ones.
|
||||
|
||||
#### Yubico OTP
|
||||
|
||||
@ -116,7 +116,7 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
|
||||
|
||||
## More Places to Set Up MFA
|
||||
|
||||
Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
|
||||
Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
|
||||
|
||||
### Windows
|
||||
|
||||
@ -156,10 +156,8 @@ SSH MFA could be set up using multiple different authentication methods that are
|
||||
|
||||
#### Time-based One-time Password (TOTP)
|
||||
|
||||
SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up MultiFactor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.
|
||||
SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.
|
||||
|
||||
### KeePass (and KeePassXC)
|
||||
|
||||
KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -70,7 +70,7 @@ Though Tor does provide strong privacy guarantees, one must be aware that Tor is
|
||||
|
||||
If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting.
|
||||
|
||||
- [Browsers: Tor Browser :hero-arrow-circle-right-fill:](../browsers.md#tor-browser)
|
||||
- [Browsers: Tor Browser :hero-arrow-circle-right-fill:](../desktop-browsers.md#tor-browser)
|
||||
|
||||
## Additional Resources
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@ By using a VPN with Tor, you're creating essentially a permanent entry node, oft
|
||||
|
||||
VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
|
||||
|
||||
## What about VPN providers that provides Tor nodes?
|
||||
## What about VPN providers that provide Tor nodes?
|
||||
|
||||
Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
|
||||
|
||||
@ -69,5 +69,3 @@ For use cases like these, or if you have another compelling reason, the VPN prov
|
||||
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
|
||||
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
|
||||
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
Submodule docs/blog deleted from a286f2432c
56
docs/blog/2021/09/14/welcome-to-privacy-guides.md
Normal file
56
docs/blog/2021/09/14/welcome-to-privacy-guides.md
Normal file
@ -0,0 +1,56 @@
|
||||
---
|
||||
title: Welcome to Privacy Guides
|
||||
created: "2021-09-14"
|
||||
author: 'Jonah'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.
|
||||
|
||||
As we [announced](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and [growing](http://www.thedarksideof.io/) [issues](https://fortune.com/2020/08/31/crypto-fraud-io-domain-chagos-islands-uk-colonialism-cryptocurrency/) [with the .IO top-level domain](https://github.com/privacytools/privacytools.io/issues/1324). As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to [www.privacyguides.org](https://www.privacyguides.org/), and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
|
||||
|
||||
We chose the name Privacy Guides because it represents two things for us as an organization: An expansion beyond simple recommendation lists, and a goal of acting as the trusted guides to anyone newly learning about protecting their personal data.
|
||||
|
||||
As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more _education_ — rather than _direction_ — surrounding privacy-related topics. You can see the very beginnings of this work in our new page on [threat modeling](https://www.privacyguides.org/basics/threat-modeling/), or our [VPN](https://www.privacyguides.org/vpn) and [Email Provider](https://www.privacyguides.org/email) recommendations, but this is just the start of what we eventually hope to accomplish.
|
||||
|
||||
## Website Development
|
||||
|
||||
Our project has always been community-oriented and open-sourced. The source code for PrivacyTools is currently archived at [https://github.com/privacytools/privacytools.io](https://github.com/privacytools/privacytools.io). This repository will remain online as an archive of everything on PrivacyTools up to this transition.
|
||||
|
||||
The source code for our new website is available at [https://github.com/privacyguides/privacyguides.org](https://github.com/privacyguides/privacyguides.org). All updates from PrivacyTools have been merged into this new repository, and this is where all future work will take place.
|
||||
|
||||
## Services
|
||||
|
||||
PrivacyTools also runs a number of online services in use by many users. Some of these services are federated, namely Mastodon, Matrix, and PeerTube. Due to the technical nature of federation, it is impossible for us to change the domain name on these services, and because we cannot guarantee the future of the privacytools.io domain name we will be shutting down these services in the coming months.
|
||||
|
||||
We strongly urge users of these services to migrate to alternative providers in the near future. We hope that we will be able to provide enough time to make this as seamless of a transition as possible for our users.
|
||||
|
||||
At this time we do not plan on launching public Matrix, Mastodon, or PeerTube instances under the Privacy Guides domain. Any users affected by this transition can get in touch with [@jonah:aragon.sh](https://matrix.to/#/@jonah:aragon.sh) on Matrix if any assistance is needed.
|
||||
|
||||
Other services being operated by PrivacyTools currently will be discontinued. This includes Searx, WriteFreely, and GhostBin.
|
||||
|
||||
Our future direction for online services is uncertain, but will be a longer-term discussion within our community after our work is complete on this initial transition. We are very aware that whatever direction we move from here will have to be done in a way that is sustainable in the very long term.
|
||||
|
||||
## r/PrivacyGuides
|
||||
|
||||
PrivacyTools has a sizable community on Reddit, but to ensure a unified image we have created a new Subreddit at [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/) that we encourage all Reddit users to join.
|
||||
|
||||
In the coming weeks our current plan is to wind down discussions on r/privacytoolsIO. We will be opening r/PrivacyGuides to lots of the discussions most people are used to shortly, but encouraging general “privacy news” or headline-type posts to be posted on [r/Privacy](https://www.reddit.com/r/privacy/) instead. In our eyes, r/Privacy is the “who/what/when/where” of the privacy community on Reddit, the best place to find the latest news and information; while r/PrivacyGuides is the “how”: a place to share and discuss tools, tips, tricks, and other advice. We think focusing on these strong points will serve to strengthen both communities, and we hope the good moderators of r/Privacy agree 🙂
|
||||
|
||||
## Final Thoughts
|
||||
|
||||
The former active team at PrivacyTools universally agrees on this direction towards Privacy Guides, and will be working exclusively on Privacy Guides rather than any “PrivacyTools” related projects. We intend to redirect PriavcyTools to new Privacy Guides properties for as long as possible, and archive existing PrivacyTools work as a pre-transition snapshot.
|
||||
|
||||
Privacy Guides additionally welcomes back PrivacyTools’ former sysadmin [Jonah](https://twitter.com/JonahAragon), who will be joining the project’s leadership team.
|
||||
|
||||
We are not accepting sponsorships or donations at this time, while we work out our financial plan. We will be in touch with existing sponsors on PrivacyTools’ OpenCollective to determine what the best way forward is soon.
|
||||
|
||||
We are all very excited about this new brand and direction, and hope to have your continued support through all of this. If you have any questions, concerns, or suggestions, please reach out to us. We are always happy to receive guidance and input from our community! ❤
|
||||
|
||||
---
|
||||
|
||||
**_Privacy Guides_** _is a socially motivated website that provides information for protecting your data security and privacy._
|
||||
|
||||
- [Join r/PrivacyGuides on Reddit](https://www.reddit.com/r/privacyguides)
|
||||
- [Follow @privacy_guides on Twitter](https://twitter.com/privacy_guides)
|
||||
- [Collaborate with us on GitHub](https://github.com/privacyguides/privacyguides.org)
|
||||
- [Join our chat on Matrix](https://matrix.to/#/#privacyguides:aragon.sh)
|
||||
BIN
docs/blog/2021/11/01/virtual-insanity.jpg
Normal file
BIN
docs/blog/2021/11/01/virtual-insanity.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 440 KiB |
30
docs/blog/2021/11/01/virtual-insanity.md
Normal file
30
docs/blog/2021/11/01/virtual-insanity.md
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
title: Virtual Insanity
|
||||
image: 'blog/2021/11/01/virtual-insanity.jpg'
|
||||
created: "2021-11-01"
|
||||
author: 'Freddy'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
Not so long ago, the world was predicting the end for Facebook. Now it is no more. Gone from the face of the planet – never to be seen again. Except it isn’t.
|
||||
|
||||
Facebook has not disappeared. No, not even the damning ‘Facebook Papers’ can shut it down. Mark Zuckerberg stood up on stage, and announced that it had changed its name to: Meta.
|
||||
|
||||
A key part of this new vision for the company is the idea of the metaverse. If it sounds like something out of a sci-fi movie or novel, that’s because it is. The term was first coined by author Neal Stephenson in his 1992 book _Snow Crash_. Zuckerberg’s only problem is that novel was dystopian. Here’s a brief snippet of Stephenson’s description of the metaverse:
|
||||
|
||||
> “Your avatar can look any way you want it to, up to the limitations of your equipment. If you’re ugly, you can make your avatar beautiful. If you’ve just gotten out of bed, your avatar can still be wearing beautiful clothes and professionally applied makeup. You can look like a gorilla or a dragon or a giant talking penis in the Metaverse. Spend five minutes walking down the Street and you will see all of these.”
|
||||
|
||||
In fairness, that doesn’t seem unlike the sort of content you see on Facebook today. Compare this to what Zuckerberg [wrote](https://about.fb.com/news/2021/10/founders-letter/) in his 2021 Founders Letter:
|
||||
|
||||
> “In this future, you will be able to teleport instantly as a hologram to be at the office without a commute, at a concert with friends, or in your parents’ living room to catch up. This will open up more opportunity no matter where you live. You’ll be able to spend more time on what matters to you, cut down time in traffic, and reduce your carbon footprint.”
|
||||
|
||||
The similarities are uncanny.
|
||||
|
||||
This wouldn’t be the first time that Facebook has been described as dystopian. One _Mashable_ article [called](https://mashable.com/article/facebook-dystopia) the social media giant ‘Orwellian and Huxleyan at the same time.’ Quite a feat.
|
||||
|
||||
The ‘Facebook Papers’ have some pretty shocking - though not entirely surprising - revelations as well. The leaked documents demonstrate the extent to which Facebook values engagement above all else (including a good experience). For instance, we learnt that the algorithm is [optimised](https://www.wired.com/story/facebook-transparency-biggest-sites-pages-links/) for low quality content, [prioritises](https://www.washingtonpost.com/technology/2021/10/26/facebook-angry-emoji-algorithm/) rage over happiness for profit, and [promotes](https://www.theatlantic.com/ideas/archive/2021/10/facebook-papers-democracy-election-zuckerberg/620478/) extremist content. Most alarming was that the firm [failed](https://apnews.com/article/the-facebook-papers-covid-vaccine-misinformation-c8bbc569be7cc2ca583dadb4236a0613) to reduce disinformation during the pandemic even when given the opportunity. Zuckerberg said no to this, presumably because it would reduce engagement and, in turn, Facebook’s advertising revenue.
|
||||
|
||||
Let’s not forget all Facebook’s previous scandals. From the Cambridge Analytica kerfuffle to [conducting](https://www.theregister.com/2014/06/29/researchers_mess_with_facebook_users_emotions/) manipulative social experiments in secret.
|
||||
|
||||
In light of this, the name change makes sense. It deceives you into thinking the company has evolved into a benevolent corporation, when it simply hasn’t. Zuckerberg would much prefer you to think about Meta as a playful universe where you can meet with friends across the globe in virtual reality. Where humans train themselves to sound like heavily discounted robots. Where Facebook is not a Horrid Company.
|
||||
|
||||
Despite all this: Meta _is_ Facebook, just worse. It doesn’t matter about the new name, the company has not changed. It will still be violating our privacy, daily, on an unprecedented scale. It will still be as reliably scandalous as a Carry On film. It will still be terrible. Plus it will have all the added claptrap of a sub-par holographic universe attached.
|
||||
60
docs/blog/2021/12/01/firefox-privacy-2021-update.md
Normal file
60
docs/blog/2021/12/01/firefox-privacy-2021-update.md
Normal file
@ -0,0 +1,60 @@
|
||||
---
|
||||
title: 'Firefox Privacy: 2021 Update'
|
||||
image: 'blog/2021/12/01/firefox-privacy-2021-update.png'
|
||||
created: "2021-12-01"
|
||||
author: 'Daniel'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.
|
||||
|
||||
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/browsers) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
|
||||
|
||||
#### Privacy Tweaks “about:config”
|
||||
|
||||
We’re no longer recommending that users set `about:config` switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki) and we use it ourselves.
|
||||
|
||||
#### LocalCDN and Decentraleyes
|
||||
|
||||
These extensions aren’t required with Total Cookie Protection (TCP), which is enabled if you’ve set Enhanced Tracking Protection (ETP) to **Strict**.
|
||||
|
||||
Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumeration of badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn’t help with most other third-party connections.
|
||||
|
||||
CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely used anyway.
|
||||
|
||||
#### NeatURLs and ClearURLS
|
||||
|
||||
Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origin’s [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam) feature.
|
||||
|
||||
#### HTTPS Everywhere
|
||||
|
||||
The EFF announced back in September they were [deprecating HTTPS-Everywhere](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) as most browsers now have an HTTPS-Only feature. We are pleased to see privacy features built into the browser and Firefox 91 introduced [HTTPS by Default in Private Browsing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/).
|
||||
|
||||
#### Multi Account Containers and Temporary Containers
|
||||
|
||||
Container extensions aren’t as important as they used to be for privacy now that we have [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/).
|
||||
|
||||
Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.
|
||||
|
||||
#### Just-In-Time Compilation (JIT)
|
||||
|
||||
What is “Disable JIT” in Bromite? This option disables the JavaScript performance feature [JIT](https://en.wikipedia.org/wiki/Just-in-time_compilation). It can increase security but at the cost of performance. Those trade-offs vary wildly and are explored in [this](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) publication by Johnathan Norman from the Microsoft Edge team. This option is very much a security vs performance option.
|
||||
|
||||
#### Mozilla browsers on Android
|
||||
|
||||
We don’t recommend any Mozilla based browsers on Android. This is because we don’t feel that [GeckoView](https://mozilla.github.io/geckoview) is quite as secure as it could be as it doesn’t support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture), soon to be coming in desktop browsers or [isolated processes](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
|
||||
|
||||
We also noticed that there isn’t an option for [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218). The only way to get something similar is to install the [deprecated](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) extension [HTTPS Everywhere](https://www.eff.org/https-everywhere).
|
||||
|
||||
There are places which Firefox on Android shines for example browsing news websites where you may want to _partially_ load some JavaScript (but not all) using medium or hard [blocking mode](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The [reader view](https://support.mozilla.org/en-US/kb/view-articles-reader-view-firefox-android) is also pretty cool. We expect things will change in the future, so we’re keeping a close eye on this.
|
||||
|
||||
#### Fingerprinting
|
||||
|
||||
Firefox has the ability to block known third party [fingerprinting resources](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). Mozilla has [advanced protection](https://support.mozilla.org/kb/firefox-protection-against-fingerprinting) against fingerprinting (RFP is enabled with Arkenfox).
|
||||
|
||||
We do not recommend extensions that promise to change your [browser fingerprint](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/). Some of those extensions [are detectable](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) by websites through JavaScript and [CSS](https://hal.archives-ouvertes.fr/hal-03152176/file/style-fingerprinting-usenix.pdf) methods, particularly those which inject anything into the web content.
|
||||
|
||||
This includes **all** extensions that try to change the user agent or other browser behaviour to prevent fingerprinting. We see these often recommended on Reddit and would like to say that they will likely make you more unique and can be circumvented. Arkenfox has [a good list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-%EF%B8%8F-anti-fingerprinting-extensions-fk-no) of extensions you shouldn’t be using. They also have [another list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-dont-bother) of extensions you needn’t bother with either. We also like to say testing sites which show you how unique you are in a set of users are often using hugely tainted results that are not indicative of real-world usage.
|
||||
|
||||
----------
|
||||
|
||||
_Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase.
|
||||
BIN
docs/blog/2021/12/01/firefox-privacy-2021-update.png
Normal file
BIN
docs/blog/2021/12/01/firefox-privacy-2021-update.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.6 MiB |
BIN
docs/blog/2022/04/04/move-fast-and-break-things.jpg
Normal file
BIN
docs/blog/2022/04/04/move-fast-and-break-things.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 358 KiB |
28
docs/blog/2022/04/04/move-fast-and-break-things.md
Normal file
28
docs/blog/2022/04/04/move-fast-and-break-things.md
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
title: '"Move Fast and Break Things"'
|
||||
image: 'blog/2022/04/04/move-fast-and-break-things.jpg'
|
||||
created: "2022-04-04"
|
||||
author: 'Freddy'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
Mark Zuckerberg does not look comfortable on stage. Yet, there he was proclaiming that “the future is private”. If someone has to tell you that they care about your privacy, they probably don’t.
|
||||
|
||||
For someone trying not to appear like a cartoon villain, Zuckerberg doesn’t do a great job. He gives the impression of some strange cyborg algorithmically attempting to impersonate human life. His movements are not quite robotic, but he lacks the charisma you might expect from one of the most powerful people on the planet. A _New Yorker_ [profile](https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy) of him revealed that he had an affinity for Emperor Augustus, an ancient Roman tyrant. ‘Through a really harsh approach, [Augustus] established two hundred years of world peace,’ he said.
|
||||
|
||||
It’s the first part of that sentence that is worrying.
|
||||
|
||||
Is this what Zuckerberg sees himself as: a modern-day emperor hellbent on using any means he can to gain world peace? Probably not, but it would have been reassuring if he just told us he liked doing Sudoku and dad-dancing with his daughter (interestingly named August).
|
||||
|
||||
The Zuck once [joked](https://www.esquire.com/uk/latest-news/a19490586/mark-zuckerberg-called-people-who-handed-over-their-data-dumb-f/) to a friend that he could get them ‘info’ about anyone in Harvard. He had email addresses, pictures, real addresses: the lot. When the friend asked how, this was his riposte: ‘People just submitted it. I don’t know why. They trust me. Dumb f*cks.’ We now live in a reality where Zuckerberg can get ‘info’ about almost anyone in the world.
|
||||
|
||||
Like a depraved tabloid journalist fishing through a minor celebrity’s trash, Facebook collects everything it can about its users. Even if it means sifting through garbage, they want that data. But Facebook is not technically in the data business. It is in what author and professor Carissa Véliz [terms](https://aeon.co/essays/privacy-matters-because-it-empowers-us-all) ‘the business of power’ – which sounds rather more sinister than flogging off mildly irritating adverts.
|
||||
|
||||
Véliz argues that privacy is a form of power. It is the power to influence you, show you adverts and predict your behaviour. In this sense, personal data is being used to make us do things we otherwise would not do: to buy a certain product or to vote a certain way. Filmmaker Laura Poitras [described](https://www.washingtonpost.com/news/the-switch/wp/2014/10/23/snowden-filmmaker-laura-poitras-facebook-is-a-gift-to-intelligence-agencies/) Facebook as ‘a gift to intelligence agencies’. It allows governments to arrest people planning to participate in protests before they have even begun.
|
||||
|
||||
The social media giant is tip-toeing ever closer into our personal lives. When Facebook encountered competition it just bought it, adding Instagram and WhatsApp to its roster. The company even tried to make its own cryptocurrency so that one day the Facebook would control all our purchases too. Earlier this year, the project was [killed](https://www.ft.com/content/a88fb591-72d5-4b6b-bb5d-223adfb893f3) by regulators. It is worth noting that when Zuckerberg purchased WhatsApp and Instagram, they had no revenue. Author Tim Wu notes in his book _The Attention Merchants_ that Facebook is ‘a business with an exceedingly low ratio of invention to success’. Perhaps that is a part of Zuck’s genius.
|
||||
|
||||
‘Move fast and break things’ was the old company motto. When there were a few too many scandals, they moved fast and [rebranded](https://www.privacyguides.org/blog/2021/11/01/virtual-insanity) to Meta. No one expected online privacy to be the ‘thing’ they broke.
|
||||
|
||||
Before it became a global behemoth, Facebook started out as a dorm-room project. Zuckerberg sat at his keyboard after a few drinks and built it mainly because he could. It now has nearly three billion users. In the same way, Facebook [conducted](https://www.theguardian.com/technology/2014/jul/02/facebook-apologises-psychological-experiments-on-users) social experiments seemingly just for fun. Why he did it doesn’t really matter. As John Lanchester [put it](https://www.lrb.co.uk/the-paper/v39/n16/john-lanchester/you-are-the-product): he simply did it _because_.
|
||||
|
||||
It is unfair to say that Zuckerberg does not care about privacy – he does. That’s why he [spared](https://www.theguardian.com/technology/2013/oct/11/mark-zuckerberg-facebook-neighbouring-houses) no expense buying the houses that surrounded his home. Zuckerberg knows the power of privacy, which is painfully ironic given he has built his career on exploiting it. For Zuckerberg, at least, the future is private. It’s the rest of us that should be worried.
|
||||
BIN
docs/blog/2022/06/09/hide-nothing.jpg
Normal file
BIN
docs/blog/2022/06/09/hide-nothing.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 774 KiB |
42
docs/blog/2022/06/09/hide-nothing.md
Normal file
42
docs/blog/2022/06/09/hide-nothing.md
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
title: '"Hide Nothing"'
|
||||
image: 'blog/2022/06/09/hide-nothing.jpg'
|
||||
created: "2022-06-09"
|
||||
author: 'Dan Arel'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
In the wake of the September 11, 2001, attack on the United States, the US government enacted laws that weakened citizen privacy in the name of national emergency. This sent up many red flags for human rights and privacy advocates.
|
||||
|
||||
These concerns were met with “if you have nothing to hide, you have nothing to fear.” The argument goes that if you're not doing anything illegal, then these violations of your privacy shouldn't bother you. If you care about privacy, you clearly can't be up to anything good.
|
||||
|
||||
On the surface, this seems true to many people – but the reality is very different. We may not have had anything to hide in the immediate aftermath of 9/11, but that was not the only information being sought after by governments. Indeed, following the passage of the Patriot Act in the US, the FBI issued 192,499 [National Security Letters](https://www.aclu.org/other/national-security-letters), meaning they collected the records and online activity of nearly 200,000 people.
|
||||
|
||||
In the end it only convicted one person.
|
||||
|
||||
Now, many have argued that stopping one terrorist might be worth giving up some security for, but [according](https://www.aclu.org/issues/national-security/privacy-and-surveillance/surveillance-under-patriot-act) to the ACLU, the conviction would have occurred without the Patriot Act.
|
||||
|
||||
Many legal actions you take today could be deemed illegal by future laws or future government. In the US today there is discussion around the possibility of Roe v. Wade being overturned, allowing states to outlaw abortions. You may not currently feel the need to hide internet searches, menstrual cycle apps, or donations to women's health clinics today because it's not illegal, but tomorrow that information could be used against you.
|
||||
|
||||
In countries were organizing around political dissent is legal, that doesn't mean the government is tracking those taking part and using that information to create informants or infiltrate such groups. Or worse, when or if laws change, using that surveillance to punish those involved.
|
||||
|
||||
And even if you break away from the legal aspects, we all have something to hide. You may not be ready to reveal your sexual or gender identity, but your internet usage could potentially do that for you. You don't want to make your bank account public; you have that information to hide. And you can continue to list things about your life you'd just rather not make public, regardless of potential legality.
|
||||
|
||||
In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the Gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
|
||||
|
||||
> “A mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 —– at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities,” the Pillar reported.
|
||||
|
||||
> “The data obtained and analyzed by The Pillar conveys mobile app date signals during two 26-week periods, the first in 2018 and the second in 2019 and 2020. The data was obtained from a data vendor and authenticated by an independent data consulting firm contracted by The Pillar,” the site reported. It did not identify who the vendor was or if the site bought the information or got it from a third party.
|
||||
|
||||
> The Pillar story says app data “correlated” to Burrill's phone shows the priest visited gay bars, including while traveling for the USCCB.
|
||||
|
||||
While it was not clear who was tracking Burrill's device, the Post went on to say that:
|
||||
|
||||
> Privacy experts have long raised concerns about “anonymized” data collected by apps and sold to or shared with aggregators and marketing companies. While the information is typically stripped of obviously identifying fields, like a user's name or phone number, it can contain everything from age and gender to a device ID. It's possible for experts to de-anonymize some of this data and connect it to real people.
|
||||
|
||||
While Burrill was without a doubt in violation of his works own code of conduct, he did decide on his own to be a priest. However, his personal life was not harming others and was just that, his personal life. While the question looms about who was tracking him to begin with and why, the fact it was so easy to do is alarming.
|
||||
|
||||
What if Burrill wasn't a priest, but just happened to work for someone who held anti-homosexual views who used this data to out him, humiliate him, and fire him under false pretenses? This data, which should be private could (and likely did in the real-life circumstance) ruin his life.
|
||||
|
||||
That is what makes internet privacy so important. It's not hiding nefarious activity, it's that we all have an innate right to our privacy.
|
||||
|
||||
You might not feel today that you have anything to hide, but you might not feel that way tomorrow and once something is public, it cannot be made private again.
|
||||
@ -78,5 +78,3 @@ Calendars and contacts contain some of your most sensitive data; use products th
|
||||
|
||||
!!! warning
|
||||
Proton [does not](https://proton.me/support/proton-contacts#verify) use E2EE for your contact names and email addresses.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -63,8 +63,10 @@ When self-hosting, you should also enable E2EE to protect against your hosting p
|
||||
[:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
|
||||
|
||||
Proton Drive is currently in beta and only is only available through a web client.
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
|
||||
|
||||
Proton Drive is currently in beta and is only available through a web client and an Android app.
|
||||
|
||||
When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](basics/threat-modeling.md), consider using an alternative.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -1,10 +1,8 @@
|
||||
---
|
||||
title: "Web Browsers"
|
||||
title: "Desktop Browsers"
|
||||
icon: octicons/browser-16
|
||||
---
|
||||
These are our currently recommended web browsers and configurations. In general, we recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
|
||||
## General Recommendations
|
||||
These are our currently recommended desktop web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
|
||||
### Tor Browser
|
||||
|
||||
@ -30,15 +28,11 @@ These are our currently recommended web browsers and configurations. In general,
|
||||
- [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
|
||||
|
||||
!!! danger
|
||||
|
||||
You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Nor should you manually enable HTTPS-only mode or edit `about:config` settings. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
|
||||
|
||||
## Desktop Recommendations
|
||||
|
||||
### Firefox
|
||||
|
||||
!!! recommendation
|
||||
@ -125,8 +119,6 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
|
||||
|
||||
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
|
||||
|
||||
We don't recommend Brave's mobile browser offerings as there are better [options](#mobile-recommendations) for mobile platforms.
|
||||
|
||||
[:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
|
||||
[:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
|
||||
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
|
||||
@ -155,6 +147,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
|
||||
|
||||
<div class="annotate" markdown>
|
||||
|
||||
- [x] Select **Prevent sites from fingerprinting me based on my language preferences**
|
||||
- [x] Select **Aggressive** under Trackers & ads blocking
|
||||
|
||||
??? warning "Use default filter lists"
|
||||
@ -216,106 +209,6 @@ Under the *System* menu
|
||||
|
||||
1. This option is not present on all platforms.
|
||||
|
||||
## Mobile Recommendations
|
||||
|
||||
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
|
||||
|
||||
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
|
||||
|
||||
### Bromite
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Bromite** is a Chromium-based browser with privacy and security enhancements, built-in ad blocking, and some fingerprinting randomization.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.bromite.org){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.bromite.org/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://github.com/bromite/bromite/wiki){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/bromite/bromite){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://github.com/bromite/bromite#donate){ .card-link title=Contribute }
|
||||
|
||||
??? downloads annotate
|
||||
|
||||
- [:pg-f-droid: F-Droid](https://www.bromite.org/fdroid) (1)
|
||||
|
||||
1. If you use [Neo Store](/android/#neo-store), you can enable the *Bromite repository* in:<br> :material-dots-vertical: → **Repositories**
|
||||
|
||||
These options can be found in :material-menu: → :gear: **Settings** → **Privacy and security**.
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
##### HTTPS-Only Mode
|
||||
|
||||
- [x] Select **Always use secure connections**
|
||||
|
||||
This prevents you from unintentionally connecting to a website in plain-text HTTP. The HTTP protocol is extremely uncommon nowadays, so this should have little to no impact on your day to day browsing.
|
||||
|
||||
##### Always-on Incognito Mode
|
||||
|
||||
- [x] Select **Always open links in incognito** in the **Incognito mode** menu
|
||||
- [x] Select **Close all open tabs on exit**
|
||||
- [x] Select **Open external links in incognito**
|
||||
|
||||
### Safari
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**.
|
||||
|
||||
##### Cross-Site Tracking Prevention
|
||||
|
||||
- [x] Enable **Prevent Cross-Site Tracking**
|
||||
|
||||
This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
|
||||
|
||||
##### Privacy Report
|
||||
|
||||
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
|
||||
|
||||
Privacy Report is accessible via the Page Settings menu (:pg-textformat-size:).
|
||||
|
||||
##### Privacy Preserving Ad Measurement
|
||||
|
||||
- [ ] Disable **Privacy Preserving Ad Measurement**
|
||||
|
||||
Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
|
||||
|
||||
The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
|
||||
|
||||
##### Apple Pay
|
||||
|
||||
If you do not use Apple Pay, you can toggle off the ability for websites to check for it.
|
||||
|
||||
- [ ] Disable **Allow websites to check for Apple Pay and Apple Card**
|
||||
|
||||
##### Always-on Private Browsing
|
||||
|
||||
Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
|
||||
|
||||
- [x] Select **Private**
|
||||
|
||||
Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
|
||||
|
||||
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
|
||||
|
||||
##### iCloud Sync
|
||||
|
||||
Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
|
||||
|
||||
If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
|
||||
|
||||
## Additional Resources
|
||||
|
||||
We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin or AdGuard may prove useful if you value content blocking functionality.
|
||||
@ -339,28 +232,7 @@ We generally do not recommend installing any extensions as they increase your at
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
|
||||
|
||||
We suggest leaving the extension in its default configuration. Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third-party filter could add malicious rules that can potentially steal user data.
|
||||
|
||||
### AdGuard for iOS
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
|
||||
|
||||
AdGuard for iOS has some premium features, however standard Safari content blocking is free of charge.
|
||||
|
||||
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
|
||||
|
||||
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
|
||||
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third-party filter could add malicious rules that can potentially steal user data.
|
||||
|
||||
### Snowflake
|
||||
|
||||
@ -393,21 +265,4 @@ Additional filter lists do slow things down and may increase your attack surface
|
||||
|
||||
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
|
||||
|
||||
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
|
||||
|
||||
### Terms of Service; Didn't Read
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Terms of Service; Didn't Read** grades websites based on their terms of service agreements and privacy policies. It also gives short summaries of those agreements. The analyses and ratings are published transparently by a community of reviewers.
|
||||
|
||||
[:octicons-globe-16: Website](https://tosdr.org){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://docs.tosdr.org/sp/tosdr.org-Privacy-Policy.89456373.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://docs.tosdr.org/index.html){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://tosdr.org/donate){ .card-link title=Contribute }
|
||||
|
||||
We do not recommend installing ToS;DR as a browser extension; the same information is also provided on their website.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
|
||||
@ -166,5 +166,3 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
|
||||
[:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -188,5 +188,3 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f
|
||||
|
||||
- [:fontawesome-brands-linux: Linux](https://neomutt.org/distro)
|
||||
- [:fontawesome-brands-apple: macOS](https://neomutt.org/distro)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -240,7 +240,7 @@ Using an aliasing service requires trusting both your email provider and your al
|
||||
- [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
|
||||
- [:fontawesome-brands-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
|
||||
|
||||
The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/month plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
|
||||
The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
|
||||
|
||||
Notable free features:
|
||||
|
||||
@ -274,9 +274,11 @@ Notable free features:
|
||||
|
||||
SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf).
|
||||
|
||||
You can link your SimpleLogin account in the settings with your Proton account. If you have Proton Unlimited, Business or Visionary Plan, you will have SimpleLogin Premium for free.
|
||||
|
||||
Notable free features:
|
||||
|
||||
- [x] 15 Shared Aliases
|
||||
- [x] 10 Shared Aliases
|
||||
- [x] Unlimited Replies
|
||||
- [x] 1 Recipient Mailbox
|
||||
|
||||
@ -420,5 +422,3 @@ Must not have any marketing which is irresponsible:
|
||||
### Additional Functionality
|
||||
|
||||
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -326,5 +326,3 @@ When encrypting with PGP, you have the option to configure different options in
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -6,24 +6,6 @@ Discover how to privately share your files between your devices, with your frien
|
||||
|
||||
## File Sharing
|
||||
|
||||
### Magic Wormhole
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Magic Wormhole** is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another.
|
||||
|
||||
[:octicons-repo-16: Repository](https://github.com/magic-wormhole/magic-wormhole){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://magic-wormhole.readthedocs.io/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/magic-wormhole/magic-wormhole){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
|
||||
- [:fontawesome-brands-apple: macOS](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x)
|
||||
- [:fontawesome-brands-linux: Linux](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
|
||||
|
||||
### Bitwarden Send
|
||||
|
||||
!!! recommendation
|
||||
|
||||
110
docs/health-and-fitness.en.md
Normal file
110
docs/health-and-fitness.en.md
Normal file
@ -0,0 +1,110 @@
|
||||
---
|
||||
title: "Health and Fitness"
|
||||
icon: material/heart-pulse
|
||||
---
|
||||
|
||||
Many people use apps and databases to track a variety of data related to their fitness and health, but some apps and services are more privacy respecting than others, and making the wrong choice could have serious consequences.
|
||||
|
||||
## Health Databases
|
||||
|
||||
### Apple Health
|
||||
|
||||
!!! recommendation
|
||||
|
||||
**Apple Health** is a health information management app which organizes and centralizes your health and fitness data securely on your mobile device. Your data can be safely shared with family or your healthcare provider. Apple Health collects data from your device's built-in fitness sensors, many health-related apps, and your healthcare provider's own records system.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.apple.com/ios/health/)
|
||||
|
||||
Unfortunately, when it comes to Android devices an all-in-one alternative to Apple Health does not really exist. There have been various attempts to create a singular health ecosystem in the form of Google Fit and Samsung S Health, both of which are cloud-based solutions which are not privacy-friendly. Android has announced a new "Health Connect" API which allows you to manage data sharing locally on your device, but it has not yet been widely implemented, and data privacy will come down to the privacy policies of the third-party apps which connect with it.
|
||||
|
||||
## Medical Record Storage
|
||||
|
||||
These apps help you collect and manage your personal health data, and share it with health services, organizations, and apps you trust.
|
||||
|
||||
### Apple Health Records
|
||||
|
||||
!!! recommendation
|
||||
|
||||
**Apple Health Records** allows you to aggregate your health records from one or multiple supported institutions and store SMART Health Cards in one place. Your health data is received directly from your medical provider, stored locally on your iOS device with strong encryption, and (optional) iCloud backups are secured with zero-knowledge encryption to ensure Apple never has access to any information stored.
|
||||
|
||||
[:octicons-book-16: Setup Guide](https://support.apple.com/en-us/HT208680){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://www.apple.com/healthcare/health-records/){ .card-link title=Documentation}
|
||||
|
||||
### CommonHealth
|
||||
|
||||
!!! recommendation
|
||||
|
||||
**CommonHealth** was developed as an open source, Android alternative to Apple Health. Currently, CommonHealth only replicates Apple's Health Records feature, but they plan to include more patient-generated fitness/health tracking functionality in the future. CommonHealth implements SMART Health Cards and integrates with thousands of healthcare providers and care facilities to enable you to privately collect and manage your personal health data. Your data stored in CommonHealth is stored only on your device, never with any online service.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.commonhealth.org/){ .md-button .md-button--primary }
|
||||
[:octicons-mark-github-16:](https://github.com/the-commons-project){ .card-link title='GitHub Directory'}
|
||||
|
||||
## Medication Tracking
|
||||
|
||||
iOS 16+ users should consider using Apple Health's native medication tracking feature, which has automatic reminders, medication logging, and drug interaction warnings built in. Using native, locally-based solutions instead of third-party apps reduces your attack surface by limiting the number of parties that may have access to or be responsible for protecting your data.
|
||||
|
||||
## Sexual Health
|
||||
|
||||
If you need to keep track of menstrual cycles or any other sexual-health-related data, privacy is of the utmost importance. However, many popular cycle tracking apps integrate a number of tracking networks, cloud/internet integrations, and advertisements which can compromise that privacy. The apps we recommend here operate exclusively on your mobile device to ensure only you have access to that data.
|
||||
|
||||
iOS users should consider using Apple Health's built-in [Cycle Tracking](https://support.apple.com/en-us/HT210407) feature, which lets you log your period, record symptoms like cramps, and track cycle factors like lactation in your Apple Health app, rather than relying on one of these third party solutions. Using native, locally-based solutions instead of third-party apps reduces your attack surface by limiting the number of parties that may have access to or be responsible for protecting your data.
|
||||
|
||||
### Drip (Android & iOS)
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Drip** is a minimal, open-source period tracker app. All data is stored locally on your device. It features data import and export, and a pin to lock the app.
|
||||
|
||||
[:octicons-home-16: Homepage](https://bloodyhealth.gitlab.io/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://bloodyhealth.gitlab.io/privacy-policy.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://gitlab.com/bloodyhealth/drip/-/blob/main/README.md){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://gitlab.com/bloodyhealth/drip){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://gitlab.com/bloodyhealth/drip/-/blob/main/CONTRIBUTING.md){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/drip./id1584564949)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.drip)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.drip/)
|
||||
|
||||
|
||||
### Euki (Android & iOS)
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Euki** is a free period tracker app that features comprehensive sexual and reproductive health information. It can be locked with a pin.
|
||||
|
||||
[:octicons-home-16: Homepage](https://eukiapp.com/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://eukiapp.com/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/euki/id1469213846)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.kollectivemobile.euki)
|
||||
|
||||
|
||||
### Periodical
|
||||
|
||||
## Sleep Tracking
|
||||
|
||||
Apple Watch users should consider using watchOS' native sleep tracking functionality. Using native, locally-based solutions instead of third-party apps reduces your attack surface by limiting the number of parties that may have access to or be responsible for protecting your data.
|
||||
|
||||
### AutoSleep
|
||||
|
||||
!!! recommendation
|
||||
|
||||
**AutoSleep** is an iOS app which uses your Apple Watch to track your sleep. AutoSleep operates entirely on your device, with no advertising, tracking, or cloud integrations.
|
||||
|
||||
### Sleep as Android
|
||||
|
||||
!!! recommendation
|
||||
|
||||
**Sleep as Android** is an advanced sleep phase tracking and alarm app for Android devices.
|
||||
|
||||
## Workouts/Exercise Tracking
|
||||
|
||||
### Apple Fitness
|
||||
@ -54,7 +54,7 @@ Tumbleweed follows a rolling release model where each update is released as a sn
|
||||
|
||||
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
|
||||
|
||||
Being a DIY distribution, you are [expected to set up and maintain](#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
|
||||
Being a DIY distribution, you are [expected to set up and maintain](linux-desktop/overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
|
||||
|
||||
A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
|
||||
|
||||
@ -116,13 +116,13 @@ Nix is a source-based package manager; if there’s no pre-built available in th
|
||||
[:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=Contribute }
|
||||
|
||||
Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation has to go through the Tor gateway and will be routed through the Tor Network.
|
||||
Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden.
|
||||
|
||||
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator.
|
||||
|
||||
Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
|
||||
|
||||
Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers).
|
||||
Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has various [disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.
|
||||
|
||||
### Tails
|
||||
|
||||
@ -140,4 +140,4 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
|
||||
|
||||
By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html) can be configured to store some data.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
|
||||
|
||||
@ -10,9 +10,14 @@ A [firewall](https://en.wikipedia.org/wiki/Firewall_(computing)) may be used to
|
||||
|
||||
Red Hat distributions (such as Fedora) are typically configured through [firewalld](https://en.wikipedia.org/wiki/Firewalld). Red Hat has plenty of [documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking) regarding this topic. There is also the [Uncomplicated Firewall](https://en.wikipedia.org/wiki/Uncomplicated_Firewall) which can be used as an alternative.
|
||||
|
||||
Consider blocking all ports which are **not** [well-known](https://en.wikipedia.org/wiki/Well-known_port#Well-known_ports) or “privileged ports.” That is, ports from 1025 up to 65535. Block both [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) and [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) after the operating system is installed.
|
||||
You could also set your default firewall zone to drop packets. If you're on a Redhat based distribution, such as Fedora this can be done with the following commands:
|
||||
|
||||
If you use Fedora, consider removing the whitelist for [smb](https://en.wikipedia.org/wiki/Server_Message_Block)-client and [mdns](https://en.wikipedia.org/wiki/Multicast_DNS) services if you do not use them.
|
||||
!!! Example
|
||||
```
|
||||
firewall-cmd --set-default-zone=drop;
|
||||
firewall-cmd --add-protocol=ipv6-icmp --permanent;
|
||||
firewall-cmd --add-service=dhcpv6-client --permanent;
|
||||
```
|
||||
|
||||
All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter) framework and therefore cannot protect against malicious programs running on the system. A malicious program could insert its own rules.
|
||||
|
||||
@ -22,13 +27,14 @@ If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_
|
||||
|
||||
## Kernel hardening
|
||||
|
||||
There are some additional kernel hardening options such as configuring [sysctl](https://en.wikipedia.org/wiki/Sysctl#Linux) keys and [kernel command-line parameters](https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html) which are described in the following pages. We don’t recommend you change these options unless you learn about what they do.
|
||||
Kernel hardening options such as configuring [sysctl](https://en.wikipedia.org/wiki/Sysctl#Linux) keys and [kernel command-line parameters](https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html) can help harden your system. We suggest looking at the following [sysctl settings](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl) and [boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters).
|
||||
|
||||
- [Recommended sysctl settings](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl)
|
||||
- [Recommended boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters)
|
||||
- [Additional recommendations to reduce the kernel's attack surface](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction)
|
||||
We **strongly** recommend that you learn what these options do before applying them. There are also some methods of [kernel attack surface reduction](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction) and [access restrictions to sysfs](https://madaidans-insecurities.github.io/guides/linux-hardening.html#restricting-sysfs) that can further improve security.
|
||||
|
||||
Do **not** disable unprivileged user namespaces if you use software that relies on it, like: Podman, Docker and LXC containers. The option will prevent this software from working.
|
||||
!!! Note
|
||||
Unprivileged [user namespaces](https://madaidans-insecurities.github.io/linux.html#kernel) can be disabled, due to it being responsible for various privileged escalation vulnerabilities. Some software such as Docker, Podman, and LXC require unprivileged user namespaces to function. If you use these tools you should not disable `kernel.unprivileged_userns_clone`.
|
||||
|
||||
Disabling access to `/sys` without a proper whitelist will lead to various applications breaking. This will unfortunately be an extremely tedious process for most users. Kicksecure, and by extension, Whonix, has an experimental [hide hardware info service](https://github.com/Kicksecure/security-misc/blob/master/lib/systemd/system/hide-hardware-info.service) which does just this. From our testing, these work perfectly fine on minimal Kicksecure installations and both Qubes-Whonix Workstation and Gateway. If you are using Kicksecure or Whonix, we recommend that you follow the [Kicksecure Wiki](https://www.kicksecure.com/wiki/Security-misc) to enable hide hardware info service.
|
||||
|
||||
## Linux-Hardened
|
||||
|
||||
@ -38,11 +44,13 @@ Some distributions like Arch Linux have the [linux-hardened](https://github.com/
|
||||
|
||||
LKRG is a kernel module that performs runtime integrity check on the kernel to help detect exploits against the kernel. LKRG works in a *post*-detect fashion, attempting to respond to unauthorized modifications to the running Linux kernel. While it is [bypassable by design](https://lkrg.org/), it does stop off-the-shelf malware that does not specifically target LKRG itself. This may make exploits harder to develop and execute on vulnerable systems.
|
||||
|
||||
If you can get LKRG and maintain module updates it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions on how this can be achieved. There is no LKRG package for Fedora yet, however the Qubes OS project has a COPR repository which [may become](https://github.com/QubesOS/qubes-issues/issues/5461) part of the main distribution in the future. Archlinux based systems provide LKRG DKMS modules via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
|
||||
If you can get LKRG and maintain module updates, it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS package from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions.
|
||||
|
||||
On Fedora, [fepitre](https://github.com/fepitre), a QubesOS developer has a [COPR repository](https://copr.fedorainfracloud.org/coprs/fepitre/lkrg/) where you can install it. Arch based systems can obtain the LKRG DKMS package via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
|
||||
|
||||
## GRSecurity
|
||||
|
||||
GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access](https://github.com/QubesOS/qubes-issues/issues/5461) the code.
|
||||
GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access](https://grsecurity.net/purchase) the code and is worth using if you have a subscription.
|
||||
|
||||
## Simultaneous multithreading (SMT)
|
||||
|
||||
@ -66,9 +74,25 @@ These flags could also be applied to `/home` and `/root` as well, however, `noex
|
||||
|
||||
If you use [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/), `/var/log/journal` must not have any of those options. If you are on Arch Linux, do not apply `noexec` to `/var/tmp`.
|
||||
|
||||
## Disabling SUID
|
||||
|
||||
SUID allows a user to execute an application as the owner of that application, which in many cases, would be the `root` user. Vulnerable SUID executables could lead to privilege escalation vulnerabilities.
|
||||
|
||||
It is desirable to remove SUID from as many binaries as possible; however, this takes substantial effort and trial and error on the user's part, as some applications require SUID to function.
|
||||
|
||||
Kicksecure, and by extension, Whonix has an experimental [permission hardening service](https://github.com/Kicksecure/security-misc/blob/master/lib/systemd/system/permission-hardening.service) and [application whitelist](https://github.com/Kicksecure/security-misc/tree/master/etc/permission-hardening.d) to automate SUID removal from most binaries and libraries on the system. From our testing, these work perfectly fine on a minimal Kicksecure installation and both Qubes-Whonix Workstation and Gateway.
|
||||
|
||||
If you are using Kicksecure or Whonix, we recommend that you follow the [Kicksecure Wiki](https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener) to enable the permission hardener.
|
||||
|
||||
Users of other distributions can adapt the permission hardener to their own system based on the source code linked above.
|
||||
|
||||
## Secure Time Synchronization
|
||||
|
||||
Most Linux distributions by default (especially Arch based distributions with `systemd-timesyncd`) use un-encrypted NTP for time synchronization. Securing NTP can be achieved by [configuring NTS with chronyd](https://fedoramagazine.org/secure-ntp-with-nts/) or by using [swdate](https://github.com/Kicksecure/sdwdate) on Debian based distributions.
|
||||
|
||||
## Linux Pluggable Authentication Modules (PAM)
|
||||
|
||||
There is also further hardening to [PAM](https://en.wikipedia.org/wiki/Linux_PAM) to secure authentication to your system. [This guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) has some tips on this.
|
||||
The security of [PAM](https://en.wikipedia.org/wiki/Linux_PAM) can be [hardened](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) to allow secure authentication to your system.
|
||||
|
||||
On Red Hat distributions you can use [`authselect`](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_authentication_and_authorization_in_rhel/configuring-user-authentication-using-authselect_configuring-authentication-and-authorization-in-rhel) to configure this e.g.:
|
||||
|
||||
@ -86,27 +110,25 @@ Another alternative option if you’re using the [linux-hardened](#linux-hardene
|
||||
|
||||
## Secure Boot
|
||||
|
||||
[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader). Some guidance for this is provided in [this physical security guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#physical-security) and [this verified boot guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#verified-boot).
|
||||
[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader).
|
||||
|
||||
For further resources on Secure Boot, we suggest taking a look at the following for instructional advice:
|
||||
One of the problems with Secure Boot, particularly on Linux is, that only the [chainloader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [boot loader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that's where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. The firmware on most devices is also configured to trust Microsoft's keys for Windows and its partners, leading to a large attacks surface.
|
||||
|
||||
- The Archwiki’s [Secure Boot](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot) article. There are two main methods, the first is to use a [shim](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#shim), the second more complete way is to [use your own keys](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys).
|
||||
To eliminate the need to trust Microsoft's keys, follow the "Using your own keys" section on the [Arch Wiki](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot). The important thing that needs to be done here is to replace the OEM's key with your own Platform Key.
|
||||
|
||||
For the background of how Secure Boot works on Linux:
|
||||
There are several ways to work around the unverified initramfs:
|
||||
|
||||
- [The Strange State of Authenticated Boot and Disk Encryption on Generic Linux Distributions](https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html)
|
||||
- [Rod Smith’s Managing EFI Boot Loaders for Linux](https://www.rodsbooks.com/efi-bootloaders/)
|
||||
- [Dealing with Secure Boot](https://www.rodsbooks.com/efi-bootloaders/secureboot.html)
|
||||
- [Controlling Secure Boot](https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html)
|
||||
The first way is to [encrypt the /boot partition](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot). If you are on Fedora Workstation (not Silverblue), you can follow [this guide](https://mutschler.eu/linux/install-guides/fedora-btrfs-33/) to convert the existing installation to encrypted `/boot`. openSUSE comes with this that by default.
|
||||
|
||||
One of the problems with Secure Boot particularly on Linux is that only the [chainloader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [boot loader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that’s where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. There are a few things that can be done to reduce risk such as:
|
||||
Encrypting `/boot` however have its own issues, one being that [GRUB](https://en.wikipedia.org/wiki/GNU_GRUB) only supports [LUKS1](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) and not the newer default LUKS2 scheme. As the bootloader runs in [protected mode](https://en.wikipedia.org/wiki/Protected_mode) and the encryption module lacks [SSE acceleration](https://en.wikipedia.org/wiki/Streaming_SIMD_Extensions) so the boot process will take minutes to complete. Another problem with this is that you have to type the encryption password twice, which could be solved by following the [openSUSE Wiki](https://en.opensuse.org/SDB:Encrypted_root_file_system#Avoiding_to_type_the_passphrase_twice).
|
||||
|
||||
- Creating an [EFI Boot Stub](https://docs.kernel.org/admin-guide/efi-stub.html) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option.
|
||||
- [Encrypting the boot partition](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot). However, this has its own issues, the first being that [GRUB](https://en.wikipedia.org/wiki/GNU_GRUB) only supports [LUKS1](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) and not the newer default LUKS2 scheme. As the bootloader runs in [protected mode](https://en.wikipedia.org/wiki/Protected_mode) and the encryption module lacks [SSE acceleration](https://en.wikipedia.org/wiki/Streaming_SIMD_Extensions) the boot process will take minutes to complete.
|
||||
- Using TPM to perform a [measured boot](https://www.krose.org/~krose/measured_boot).
|
||||
There are a few options depending on your configuration:
|
||||
|
||||
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
|
||||
- If you enroll your own keys as described above, and your distribution supports Secure Boot by default, you can add your distribution's EFI Key into the list of trusted keys (db keys). It can then be enrolled into the firmware. Then, you should move all of your keys off your local storage device.
|
||||
- If you enroll your own keys as described above, and your distribution does **not** support Secure Boot out of the box (like Arch Linux), you have to leave the keys on the disk and setup automatic signing of the [kernel](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_the_kernel_with_a_pacman_hook) and bootloader. If you are using Grub, you can install it with the `--no-shim-lock` option and remove the need for the chainloader.
|
||||
|
||||
The second option is to creating an [EFI Boot Stub](https://wiki.archlinux.org/title/Unified_kernel_image) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk), and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option. This option also requires you to leave the keys on the disk to setup automatic signing, which weakens the security model.
|
||||
|
||||
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password”, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
|
||||
|
||||
These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Linux Overview
|
||||
icon: fontawesome/brands/linux
|
||||
---
|
||||
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/2022/02/02/floss-security.html). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
|
||||
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
|
||||
|
||||
At the moment, desktop GNU/Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.:
|
||||
|
||||
@ -56,7 +56,7 @@ There is often some confusion about “security-focused” distributions and “
|
||||
|
||||
### Arch-based distributions
|
||||
|
||||
Arch based distributions are not recommended for those new to Linux, regardless of the distribution. Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
|
||||
Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
|
||||
|
||||
For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).
|
||||
|
||||
@ -67,6 +67,10 @@ If you are experienced with Linux and wish to use an Arch-based distribution, we
|
||||
- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories.
|
||||
- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks.
|
||||
|
||||
### Kicksecure
|
||||
|
||||
While we strongly recommend against using outdated distributions like Debian, if you decide to use it, we suggest that you [convert](https://www.kicksecure.com/wiki/Debian) it into [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default.
|
||||
|
||||
### Linux-libre kernel and “Libre” distributions
|
||||
|
||||
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
|
||||
@ -126,5 +130,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co
|
||||
This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
|
||||
|
||||
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -62,5 +62,3 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
|
||||
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
|
||||
|
||||
The above container technologies can be useful if you want to run certain web app software on your local network, such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [LinuxServer.io](https://www.linuxserver.io), to increase privacy by decreasing dependence on various web services. A guide on [hardening Docker and OCI](https://wonderfall.dev/docker-hardening) has been written by the author "Wonderfall."
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -128,5 +128,3 @@ The app offers multiple ways to erase metadata from images. Namely:
|
||||
```bash
|
||||
exiftool -all= *.file_extension
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
173
docs/mobile-browsers.en.md
Normal file
173
docs/mobile-browsers.en.md
Normal file
@ -0,0 +1,173 @@
|
||||
---
|
||||
title: "Mobile Browsers"
|
||||
icon: octicons/device-mobile-16
|
||||
---
|
||||
These are our currently recommended mobile web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
|
||||
## Android
|
||||
|
||||
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
|
||||
|
||||
### Tor Browser
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
|
||||
|
||||
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
|
||||
[:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
|
||||
[:octicons-info-16:](https://tb-manual.torproject.org/mobile-tor/){ .card-link title=Documentation }
|
||||
[:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/fenix){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
|
||||
|
||||
### Brave
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default.
|
||||
|
||||
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
|
||||
|
||||
[:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
|
||||
[:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
|
||||
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads annotate
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser)
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
|
||||
|
||||
These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy**
|
||||
|
||||
##### Shields
|
||||
|
||||
Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
|
||||
|
||||
Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:
|
||||
|
||||
<div class="annotate" markdown>
|
||||
|
||||
- [x] Select **Aggressive** under Block trackers & ads
|
||||
|
||||
??? warning "Use default filter lists"
|
||||
Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
|
||||
|
||||
- [x] (Optional) Select **Block Scripts** (1)
|
||||
- [x] Select **Strict, may break sites** under Block fingerprinting
|
||||
|
||||
</div>
|
||||
|
||||
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
|
||||
|
||||
##### Social Media Blocking
|
||||
|
||||
- [ ] Uncheck all social media components
|
||||
|
||||
##### IPFS
|
||||
|
||||
InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
|
||||
|
||||
- [ ] Uncheck **IPFS Gateway**
|
||||
|
||||
##### Other privacy settings
|
||||
|
||||
- [x] Select **Disable Non-Proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
|
||||
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
|
||||
- [ ] Uncheck **Automatically send daily usage ping to Brave**
|
||||
- [ ] Uncheck **Automatically send diagnostic reports**
|
||||
- [x] Select **Always use secure connections**
|
||||
- [x] Select **Close tabs on exit**
|
||||
- [x] Select **Clear data on exit**
|
||||
|
||||
## iOS
|
||||
|
||||
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
|
||||
|
||||
### Safari
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**.
|
||||
|
||||
##### Cross-Site Tracking Prevention
|
||||
|
||||
- [x] Enable **Prevent Cross-Site Tracking**
|
||||
|
||||
This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
|
||||
|
||||
##### Privacy Report
|
||||
|
||||
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
|
||||
|
||||
Privacy Report is accessible via the Page Settings menu (:pg-textformat-size:).
|
||||
|
||||
##### Privacy Preserving Ad Measurement
|
||||
|
||||
- [ ] Disable **Privacy Preserving Ad Measurement**
|
||||
|
||||
Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
|
||||
|
||||
The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
|
||||
|
||||
##### Always-on Private Browsing
|
||||
|
||||
Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
|
||||
|
||||
- [x] Select **Private**
|
||||
|
||||
Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
|
||||
|
||||
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
|
||||
|
||||
##### iCloud Sync
|
||||
|
||||
Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
|
||||
|
||||
If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
|
||||
|
||||
### AdGuard
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
|
||||
|
||||
AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
|
||||
|
||||
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
|
||||
|
||||
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
|
||||
@ -104,5 +104,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/us/app/raivo-otp/id1498497896)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -31,7 +31,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports it supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) and [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
|
||||
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
|
||||
|
||||
[:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
|
||||
[:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }
|
||||
|
||||
@ -96,5 +96,3 @@ Joplin does not support password/pin protection for the [application itself or i
|
||||
[:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -146,5 +146,3 @@ These products are minimal password managers that can be used within scripting a
|
||||
- [:fontawesome-brands-apple: macOS](https://www.gopass.pw/#install-macos)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.gopass.pw/#install-linux)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -90,5 +90,3 @@ For other platforms, consider below:
|
||||
[:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
|
||||
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -12,7 +12,7 @@ icon: material/chat-processing
|
||||
|
||||
**Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling.
|
||||
|
||||
All communications are E2EE. Contact lists are encrypted using your login PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts who add you.
|
||||
All communications are E2EE. Contact lists are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with.
|
||||
|
||||
[:octicons-home-16: Homepage](https://signal.org/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
@ -28,14 +28,24 @@ icon: material/chat-processing
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id874139669)
|
||||
|
||||
Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server.
|
||||
|
||||
Signal requires your phone number as a personal identifier.
|
||||
|
||||
[Sealed Sender](https://signal.org/blog/sealed-sender/) is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.
|
||||
Signal supports [private groups](https://signal.org/blog/signal-private-group-system/). The server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam. Signal requires your phone number as a personal identifier.
|
||||
|
||||
The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
|
||||
|
||||
We also suggest Molly as an alternative to the official Signal app.
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Molly** is a Signal fork for Android that provides additional hardening and security features to Signal.
|
||||
|
||||
[:octicons-home-16: Homepage](https://molly.im/){ .md-button }
|
||||
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://github.com/mollyim/mollyim-android#readme){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title=Contribute }
|
||||
|
||||
[Signal Configuration and Hardening :hero-arrow-circle-right-fill:](./advanced/signal-configuration-hardening.md)
|
||||
|
||||
### Element
|
||||
|
||||
!!! recommendation
|
||||
@ -228,5 +238,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster
|
||||
- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
|
||||
- More complex to get started as the creation and secured backup of a cryptographic private key is required.
|
||||
- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform, hence features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -33,5 +33,3 @@ You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to
|
||||
[:octicons-info-16:](https://docs.netgate.com/pfsense/en/latest/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/pfsense/pfsense){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.pfsense.org/get-involved/){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -25,7 +25,7 @@ Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your thr
|
||||
[:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
|
||||
|
||||
Brave Search is based in the :flag_us: United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
|
||||
Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
|
||||
|
||||
## DuckDuckGo
|
||||
|
||||
@ -42,7 +42,7 @@ Brave Search is based in the :flag_us: United States. Their [privacy policy](htt
|
||||
[:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://help.duckduckgo.com/){ .card-link title=Documentation}
|
||||
|
||||
DuckDuckGo is based in the :flag_us: United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
|
||||
DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
|
||||
|
||||
DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
|
||||
|
||||
@ -71,7 +71,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](browsers.md#tor-browser) instead.
|
||||
**Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](desktop-browsers.md#tor-browser) instead.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
@ -81,8 +81,6 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
|
||||
|
||||
Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider.
|
||||
|
||||
Startpage is based in the :flag_nl: Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
|
||||
Startpage is based in the Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
|
||||
|
||||
Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -77,5 +77,3 @@ These networks are designed to keep your traffic anonymous.
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://support.torproject.org/tormobile/tormobile-7/)
|
||||
- [:fontawesome-brands-android: Android](https://www.torproject.org/download/#android)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -11,35 +11,52 @@ If you want assistance figuring out the best privacy tools and alternative progr
|
||||
|
||||
For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page.
|
||||
|
||||
## Web Browsers
|
||||
## Desktop Web Browsers
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Tor Browser](browsers.md#tor-browser)
|
||||
- { .twemoji } [Firefox (Desktop)](browsers.md#firefox)
|
||||
- { .twemoji } [Brave (Desktop)](browsers.md#brave)
|
||||
- { .twemoji } [Bromite (Android)](browsers.md#bromite)
|
||||
- { .twemoji } [Safari (iOS)](browsers.md#safari)
|
||||
- { .twemoji } [Tor Browser](desktop-browsers.md#tor-browser)
|
||||
- { .twemoji } [Firefox](desktop-browsers.md#firefox)
|
||||
- { .twemoji } [Brave](desktop-browsers.md#brave)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](browsers.md)
|
||||
[Learn more :hero-arrow-circle-right-fill:](desktop-browsers.md)
|
||||
|
||||
**Additional Resources:**
|
||||
### Additional Resources
|
||||
|
||||
<div class="grid cards annotate" markdown>
|
||||
|
||||
- { .twemoji } [uBlock Origin](browsers.md#ublock-origin)
|
||||
- { .twemoji } [AdGuard for iOS](browsers.md#adguard-for-ios)
|
||||
- { .twemoji }{ .twemoji } [Snowflake](browsers.md#snowflake) (1)
|
||||
- { .twemoji } [Terms of Service; Didn't Read](browsers.md#terms-of-service-didnt-read) (2)
|
||||
- { .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
|
||||
- { .twemoji }{ .twemoji } [Snowflake](desktop-browsers.md#snowflake) (1)
|
||||
|
||||
</div>
|
||||
|
||||
1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
|
||||
2. We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website.
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](browsers.md#additional-resources)
|
||||
[Learn more :hero-arrow-circle-right-fill:](desktop-browsers.md#additional-resources)
|
||||
|
||||
## Mobile Web Browsers
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Tor Browser (Android)](mobile-browsers.md#tor-browser)
|
||||
- { .twemoji } [Brave (Android)](mobile-browsers.md#brave)
|
||||
- { .twemoji } [Safari (iOS)](mobile-browsers.md#safari)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](mobile-browsers.md)
|
||||
|
||||
### Additional Resources
|
||||
|
||||
<div class="grid cards annotate" markdown>
|
||||
|
||||
- { .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](mobile-browsers.md#adguard)
|
||||
|
||||
## Operating Systems
|
||||
|
||||
@ -49,13 +66,12 @@ For more details about each project, why they were chosen, and additional tips o
|
||||
|
||||
- { .twemoji }{ .twemoji } [GrapheneOS](android.md#grapheneos)
|
||||
- { .twemoji } [DivestOS](android.md#divestos)
|
||||
- { .twemoji } [CalyxOS](android.md#calyxos)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](android.md)
|
||||
|
||||
**Android Apps:**
|
||||
### Android Apps
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -117,13 +133,13 @@ For more details about each project, why they were chosen, and additional tips o
|
||||
|
||||
### DNS
|
||||
|
||||
**DNS Providers:**
|
||||
#### DNS Providers
|
||||
|
||||
We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended.
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](dns.md)
|
||||
|
||||
**Encrypted DNS Proxies:**
|
||||
#### Encrypted DNS Proxies
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -135,7 +151,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](dns.md#encrypted-dns-proxies)
|
||||
|
||||
**Self-hosted Solutions:**
|
||||
#### Self-hosted Solutions
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -150,7 +166,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Proton Mail](email.md#protonmail)
|
||||
- { .twemoji } [Proton Mail](email.md#proton-mail)
|
||||
- { .twemoji } [Mailbox.org](email.md#mailboxorg)
|
||||
- { .twemoji }{ .twemoji } [StartMail](email.md#startmail)
|
||||
- { .twemoji } [Tutanota](email.md#tutanota)
|
||||
@ -159,7 +175,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](email.md)
|
||||
|
||||
**Email Aliasing Services:**
|
||||
#### Email Aliasing Services
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -170,7 +186,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](email.md#email-aliasing-services)
|
||||
|
||||
**Self-Hosting Email:**
|
||||
#### Self-Hosting Email
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -208,7 +224,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Proton VPN](vpn.md#protonvpn)
|
||||
- { .twemoji } [Proton VPN](vpn.md#proton-vpn)
|
||||
- { .twemoji } [IVPN](vpn.md#ivpn)
|
||||
- { .twemoji } [Mullvad](vpn.md#mullvad)
|
||||
|
||||
@ -248,14 +264,14 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Thunderbird](email-clients.md#thunderbird)
|
||||
- { .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail)
|
||||
- { .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail)
|
||||
- { .twemoji } [FairEmail (Android)](email-clients.md#fairemail)
|
||||
- { .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution)
|
||||
- { .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail)
|
||||
- { .twemoji } [Kontact (Linux)](email-clients.md#kontact)
|
||||
- { .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope)
|
||||
- { .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt)
|
||||
- { .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail-macos)
|
||||
- { .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail-ios)
|
||||
- { .twemoji } [FairEmail (Android)](email-clients.md#fairemail-android)
|
||||
- { .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome)
|
||||
- { .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android)
|
||||
- { .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde)
|
||||
- { .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser)
|
||||
- { .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli)
|
||||
|
||||
</div>
|
||||
|
||||
@ -271,9 +287,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Cryptomator](encryption.md#cryptomator)
|
||||
- { .twemoji } [Picocrypt](encryption.md#picocrypt)
|
||||
- { .twemoji }{ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt)
|
||||
- { .twemoji } [Cryptomator](encryption.md#cryptomator-cloud)
|
||||
- { .twemoji } [Picocrypt](encryption.md#picocrypt-file)
|
||||
- { .twemoji }{ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt-disk)
|
||||
- { .twemoji }{ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh)
|
||||
- { .twemoji } [Kryptor](encryption.md#kryptor)
|
||||
- { .twemoji } [Tomb](encryption.md#tomb)
|
||||
@ -282,7 +298,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](encryption.md)
|
||||
|
||||
**OpenPGP Clients:**
|
||||
#### OpenPGP Clients
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -299,7 +315,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Magic Wormhole](file-sharing.md#magic-wormhole)
|
||||
- { .twemoji } [Bitwarden](file-sharing.md#bitwarden-send)
|
||||
- { .twemoji } [OnionShare](file-sharing.md#onionshare)
|
||||
- { .twemoji } [FreedomBox](file-sharing.md#freedombox)
|
||||
@ -316,7 +331,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
- { .twemoji } [ExifCleaner](metadata-removal-tools.md#exifcleaner)
|
||||
- { .twemoji } [MAT2](metadata-removal-tools.md#mat2)
|
||||
- { .twemoji } [ExifEraser (Android)](metadata-removal-tools.md#exiferaser-android)
|
||||
- { .twemoji } [Metapho (iOS)](metadata-removal-tools.md#metapho)
|
||||
- { .twemoji } [Metapho (iOS)](metadata-removal-tools.md#metapho-ios)
|
||||
- { .twemoji } [ExifTool (CLI)](metadata-removal-tools.md#exiftool)
|
||||
|
||||
</div>
|
||||
@ -369,9 +384,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Signal](real-time-communication.md#signal)
|
||||
- { .twemoji } [Molly (Hardened Signal fork for Android)](/advanced/signal-configuration-hardening/#hardening-signal-with-molly-on-android)
|
||||
- { .twemoji } [Element](real-time-communication.md#element)
|
||||
- { .twemoji } [Session](real-time-communication.md#session)
|
||||
- { .twemoji } [Briar (Android)](real-time-communication.md#briar)
|
||||
- { .twemoji } [Briar (Android)](real-time-communication.md#briar-android)
|
||||
|
||||
</div>
|
||||
|
||||
@ -397,7 +413,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Freenet](self-contained-networks.md#the-freenet-project)
|
||||
- { .twemoji } [Freenet](self-contained-networks.md#freenet)
|
||||
- { .twemoji } { .twemoji } [I2P](self-contained-networks.md#invisible-internet-project)
|
||||
- { .twemoji } [Tor](self-contained-networks.md#tor)
|
||||
|
||||
@ -419,5 +435,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](video-streaming.md)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -187,5 +187,3 @@ When you are using a Librarian instance, make sure to read the privacy policy of
|
||||
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
|
||||
|
||||
When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -44,9 +44,9 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
1. A further 10% is discounted with a 2-year subscription ($119.76).
|
||||
|
||||
??? check annotate "63 Countries"
|
||||
??? check annotate "64 Countries"
|
||||
|
||||
Proton VPN has [servers in 63 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
Proton VPN has [servers in 64 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
@ -80,7 +80,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
|
||||
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
|
||||
|
||||
### IVPN
|
||||
|
||||
@ -133,7 +133,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
IVPN clients support two factor authentication (Mullvad and Proton VPN clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
|
||||
### Mullvad
|
||||
|
||||
@ -199,7 +199,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/en/index.html) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
|
||||
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
|
||||
|
||||
## Our Criteria
|
||||
|
||||
@ -298,5 +298,3 @@ Responsible marketing that is both educational and useful to the consumer could
|
||||
### Additional Functionality
|
||||
|
||||
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
*[EEA]: European Economic Area
|
||||
*[EOL]: End-of-Life
|
||||
*[Exif]: Exchangeable image file format
|
||||
*[FCM]: Firebase Cloud Messaging
|
||||
*[FDE]: Full Disk Encryption
|
||||
*[FIDO]: Fast IDentity Online
|
||||
*[GDPR]: General Data Protection Regulation
|
||||
@ -44,6 +45,7 @@
|
||||
*[MEID]: Mobile Equipment Identifier
|
||||
*[MFA]: Multi-Factor Authentication
|
||||
*[NVMe]: Nonvolatile Memory Express
|
||||
*[NTP]: Network Time Protocol
|
||||
*[OCI]: Open Container Initiative
|
||||
*[OCSP]: Online Certificate Status Protocol
|
||||
*[OEM]: Original Equipment Manufacturer
|
||||
@ -53,6 +55,7 @@
|
||||
*[OTPs]: One-Time Passwords
|
||||
*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
|
||||
*[P2P]: Peer-to-Peer
|
||||
*[PAM]: Linux Pluggable Authentication Modules
|
||||
*[PGP]: Pretty Good Privacy (see OpenPGP)
|
||||
*[PII]: Personally Identifiable Information
|
||||
*[QNAME]: Qualified Name
|
||||
@ -64,6 +67,7 @@
|
||||
*[SNI]: Server Name Indication
|
||||
*[SSD]: Solid-State Drive
|
||||
*[SSH]: Secure Shell
|
||||
*[SUID]: Set Owner User ID
|
||||
*[SaaS]: Software as a Service (cloud software)
|
||||
*[SoC]: System on Chip
|
||||
*[TCP]: Transmission Control Protocol
|
||||
@ -72,6 +76,7 @@
|
||||
*[TOTP]: Time-based One-Time Password
|
||||
*[TPM]: Trusted Platform Module
|
||||
*[U2F]: Universal 2nd Factor
|
||||
*[UEFI]: Unified Extensible Firmware Interface
|
||||
*[UDP]: User Datagram Protocol
|
||||
*[VPN]: Virtual Private Network
|
||||
*[VoIP]: Voice over IP (Internet Protocol)
|
||||
@ -80,5 +85,6 @@
|
||||
*[attack surface]: The attack surface of software or hardware is the sum of the different places an attacker can try to enter data to or extract data from.
|
||||
*[cgroups]: Control Groups
|
||||
*[fork]: In software development, a fork is created when developers take a copy of source code from one software package and start independent development on it, creating a distinct and separate piece of software.
|
||||
*[hypervisor]: A hypervisor is computer software, firmware, or hardware that allows partitioning the resource of a CPU among multiple operating systems or independent programs.
|
||||
*[rolling release]: An update release cycle in which updates are released very frequently, instead of at set intervals.
|
||||
*[walled garden]: A walled garden (or closed platform) is one in which the service provider has control over applications, content, and/or media, and restricts convenient access to non-approved applicants or content.
|
||||
|
||||
Submodule mkdocs-material updated: 4f7b5f1946...4257d4ca2a
70
mkdocs.production.yml
Normal file
70
mkdocs.production.yml
Normal file
@ -0,0 +1,70 @@
|
||||
INHERIT: mkdocs.yml
|
||||
plugins:
|
||||
minify:
|
||||
minify_html: true
|
||||
htmlmin_opts:
|
||||
remove_comments: true
|
||||
privacy:
|
||||
externals_exclude:
|
||||
- cdn.jsdelivr.net/npm/mathjax@3/*
|
||||
- api.privacyguides.net/*
|
||||
- giscus.app/*
|
||||
git-committers:
|
||||
repository: privacyguides/privacyguides.org
|
||||
branch: main
|
||||
token: !ENV GH_TOKEN
|
||||
git-revision-date-localized:
|
||||
exclude:
|
||||
- index.en.md
|
||||
rss:
|
||||
match_path: "blog/.*"
|
||||
pretty_print: true
|
||||
date_from_meta:
|
||||
as_creation: "created"
|
||||
datetime_format: "%Y-%m-%d"
|
||||
|
||||
extra:
|
||||
generator: false
|
||||
analytics:
|
||||
provider: plausible
|
||||
property: privacyguides.org
|
||||
feedback:
|
||||
title: Was this page helpful?
|
||||
ratings:
|
||||
- icon: hero/emoji-happy
|
||||
name: This page was helpful
|
||||
data: Helpful
|
||||
note: Thanks for your feedback!
|
||||
- icon: hero/emoji-sad
|
||||
name: This page could be improved
|
||||
data: Needs Improvement
|
||||
note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/orgs/privacyguides/discussions" target=_blank>discusson on GitHub</a>.
|
||||
|
||||
theme:
|
||||
features:
|
||||
- navigation.tracking
|
||||
- navigation.tabs
|
||||
- navigation.sections
|
||||
- content.tooltips
|
||||
palette:
|
||||
- media: "(prefers-color-scheme)"
|
||||
toggle:
|
||||
icon: hero/sparkles
|
||||
name: Switch to light mode
|
||||
- media: "(prefers-color-scheme: dark)"
|
||||
scheme: slate
|
||||
accent: amber
|
||||
toggle:
|
||||
icon: hero/moon
|
||||
name: Switch to system theme
|
||||
- media: "(prefers-color-scheme: light)"
|
||||
scheme: default
|
||||
accent: deep purple
|
||||
toggle:
|
||||
icon: hero/sun
|
||||
name: Switch to dark mode
|
||||
|
||||
watch:
|
||||
- theme
|
||||
- includes
|
||||
- mkdocs.yml
|
||||
143
mkdocs.yml
143
mkdocs.yml
@ -11,21 +11,6 @@ copyright: |
|
||||
This content was made available by the Privacy Guides team and contributors. <a href="https://github.com/privacyguides/privacyguides">Get involved</a>!
|
||||
|
||||
extra:
|
||||
generator: false
|
||||
analytics:
|
||||
provider: plausible
|
||||
property: privacyguides.org
|
||||
feedback:
|
||||
title: Was this page helpful?
|
||||
ratings:
|
||||
- icon: hero/emoji-happy
|
||||
name: This page was helpful
|
||||
data: Helpful
|
||||
note: Thanks for your feedback!
|
||||
- icon: hero/emoji-sad
|
||||
name: This page could be improved
|
||||
data: Needs Improvement
|
||||
note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/orgs/privacyguides/discussions" target=_blank>discusson on GitHub</a>.
|
||||
social:
|
||||
- icon: pg/matrix
|
||||
link: https://matrix.to/#/#privacyguides:matrix.org
|
||||
@ -57,91 +42,74 @@ theme:
|
||||
- navigation.tracking
|
||||
- navigation.tabs
|
||||
- navigation.sections
|
||||
- content.tooltips
|
||||
palette:
|
||||
- media: "(prefers-color-scheme: light)"
|
||||
scheme: default
|
||||
- scheme: default
|
||||
accent: deep purple
|
||||
toggle:
|
||||
icon: hero/sun
|
||||
name: Switch to dark mode
|
||||
- media: "(prefers-color-scheme: dark)"
|
||||
scheme: slate
|
||||
- scheme: slate
|
||||
accent: amber
|
||||
toggle:
|
||||
icon: hero/moon
|
||||
name: Switch to light mode
|
||||
|
||||
watch:
|
||||
- theme
|
||||
- includes
|
||||
|
||||
plugins:
|
||||
- minify:
|
||||
minify_html: true
|
||||
htmlmin_opts:
|
||||
remove_comments: true
|
||||
- i18n:
|
||||
default_language: en
|
||||
material_alternate: true
|
||||
languages:
|
||||
en:
|
||||
name: English
|
||||
build: false
|
||||
- tags
|
||||
- search
|
||||
- git-revision-date-localized:
|
||||
exclude:
|
||||
- index.en.md
|
||||
- rss:
|
||||
match_path: "blog/.*"
|
||||
pretty_print: true
|
||||
date_from_meta:
|
||||
as_creation: "created"
|
||||
datetime_format: "%Y-%m-%d"
|
||||
- privacy:
|
||||
externals_exclude:
|
||||
- cdn.jsdelivr.net/npm/mathjax@3/*
|
||||
- api.privacyguides.net/*
|
||||
- giscus.app/*
|
||||
i18n:
|
||||
default_language: en
|
||||
material_alternate: true
|
||||
languages:
|
||||
en:
|
||||
name: English
|
||||
build: false
|
||||
tags: {}
|
||||
search: {}
|
||||
|
||||
markdown_extensions:
|
||||
admonition: {}
|
||||
pymdownx.details: {}
|
||||
pymdownx.superfences:
|
||||
custom_fences:
|
||||
- name: mermaid
|
||||
class: mermaid
|
||||
format: !!python/name:pymdownx.superfences.fence_code_format
|
||||
pymdownx.tabbed:
|
||||
alternate_style: true
|
||||
pymdownx.arithmatex:
|
||||
generic: true
|
||||
pymdownx.critic: {}
|
||||
pymdownx.caret: {}
|
||||
pymdownx.keys: {}
|
||||
pymdownx.mark: {}
|
||||
pymdownx.tilde: {}
|
||||
pymdownx.snippets:
|
||||
auto_append:
|
||||
- includes/abbreviations.en.md
|
||||
pymdownx.tasklist:
|
||||
custom_checkbox: true
|
||||
attr_list: {}
|
||||
def_list: {}
|
||||
md_in_html: {}
|
||||
meta: {}
|
||||
abbr: {}
|
||||
pymdownx.emoji:
|
||||
emoji_index: !!python/name:materialx.emoji.twemoji
|
||||
emoji_generator: !!python/name:materialx.emoji.to_svg
|
||||
options:
|
||||
custom_icons:
|
||||
- theme/.icons
|
||||
tables: {}
|
||||
footnotes: {}
|
||||
toc:
|
||||
permalink: true
|
||||
toc_depth: 4
|
||||
|
||||
extra_css:
|
||||
- assets/stylesheets/extra.css?v=2.10.0
|
||||
markdown_extensions:
|
||||
- admonition
|
||||
- pymdownx.details
|
||||
- pymdownx.superfences:
|
||||
custom_fences:
|
||||
- name: mermaid
|
||||
class: mermaid
|
||||
format: !!python/name:pymdownx.superfences.fence_code_format
|
||||
- pymdownx.tabbed:
|
||||
alternate_style: true
|
||||
- pymdownx.arithmatex:
|
||||
generic: true
|
||||
- pymdownx.critic
|
||||
- pymdownx.caret
|
||||
- pymdownx.keys
|
||||
- pymdownx.mark
|
||||
- pymdownx.tilde
|
||||
- pymdownx.snippets
|
||||
- pymdownx.tasklist:
|
||||
custom_checkbox: true
|
||||
- attr_list
|
||||
- def_list
|
||||
- md_in_html
|
||||
- meta
|
||||
- abbr
|
||||
- pymdownx.emoji:
|
||||
emoji_index: !!python/name:materialx.emoji.twemoji
|
||||
emoji_generator: !!python/name:materialx.emoji.to_svg
|
||||
options:
|
||||
custom_icons:
|
||||
- theme/.icons
|
||||
- tables
|
||||
- footnotes
|
||||
- toc:
|
||||
permalink: true
|
||||
toc_depth: 4
|
||||
|
||||
extra_javascript:
|
||||
- assets/javascripts/mathjax.js
|
||||
- assets/javascripts/feedback.js
|
||||
@ -168,10 +136,12 @@ nav:
|
||||
- 'Advanced':
|
||||
- 'advanced/integrating-metadata-removal.md'
|
||||
- 'advanced/erasing-data.md'
|
||||
- 'advanced/signal-configuration-hardening.md'
|
||||
- 'Recommendations':
|
||||
- 'tools.md'
|
||||
- 'Browsers':
|
||||
- 'browsers.md'
|
||||
- 'desktop-browsers.md'
|
||||
- 'mobile-browsers.md'
|
||||
- 'Operating Systems':
|
||||
- 'android.md'
|
||||
- 'linux-desktop.md'
|
||||
@ -185,12 +155,13 @@ nav:
|
||||
- 'vpn.md'
|
||||
- 'Software':
|
||||
- 'calendar-contacts.md'
|
||||
- 'notebooks.md'
|
||||
- 'health-and-fitness.md'
|
||||
- 'email-clients.md'
|
||||
- 'encryption.md'
|
||||
- 'file-sharing.md'
|
||||
- 'metadata-removal-tools.md'
|
||||
- 'multi-factor-authentication.md'
|
||||
- 'notebooks.md'
|
||||
- 'passwords.md'
|
||||
- 'productivity.md'
|
||||
- 'real-time-communication.md'
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
<img src="/assets/rainbow-brand/privacy-guides-logo-notext.svg#only-light" alt="logo">
|
||||
<img src="/assets/rainbow-brand/privacy-guides-logo-notext-darkbg.svg#only-dark" alt="logo">
|
||||
<img src="/assets/brand/SVG/Logo/privacy-guides-logo-notext.svg#only-light" alt="logo">
|
||||
<img src="/assets/brand/SVG/Logo/privacy-guides-logo-notext-darkbg.svg#only-dark" alt="logo">
|
||||
|
||||
Reference in New Issue
Block a user